Translate

пʼятниця, 20 червня 2014 р.

Java Code Review Checklist


Clean Code

Checklist Item
Category
Use Intention-Revealing Names
Meaningful Names
Pick one word per concept
Meaningful Names
Use Solution/Problem Domain Names
Meaningful Names
Classes should be small!
Classes
Functions should be small!
Functions
Do one Thing
Functions
Don't Repeat Yourself (Avoid Duplication)
Functions
Explain yourself in code
Comments
Make sure the code formatting is applied
Formatting
Use Exceptions rather than Return codes
Exceptions
Don't return Null
Exceptions
* Reference: http://techbus.safaribooksonline.com/book/software-engineering-and-development/agile-development/9780136083238

Security

Checklist Item
Category
Make class final if not being used for inheritance
Fundamentals
Avoid duplication of code
Fundamentals
Restrict privileges: Application to run with the least privilege mode required for functioning
Fundamentals
Minimize the accessibility of classes and members
Fundamentals
Document security related information
Fundamentals
Input into a system should be checked for valid data size and range
Denial of Service
Avoid excessive logs for unusual behavior
Denial of Service
Release resources (Streams, Connections, etc) in all cases
Denial of Service
Purge sensitive information from exceptions (exposing file path, internals of the system, configuration)
Confidential Information
Do not log highly sensitive information
Confidential Information
Consider purging highly sensitive from memory after use 
Confidential Information
Avoid dynamic SQL, use prepared statement
Injection Inclusion
Limit the accessibility of packages,classes, interfaces, methods, and fields
Accessibility Extensibility
Limit the extensibility of classes and methods (by making it final)
Accessibility Extensibility
Validate inputs (for valid data, size, range, boundary conditions, etc)
Input Validation
Validate output from untrusted objects as input
Input Validation
Define wrappers around native methods (not declare a native method public)
Input Validation
Treat output from untrusted object as input
Mutability
Make public static fields final (to avoid caller changing the value)
Mutability
Avoid exposing constructors of sensitive classes
Object Construction
Avoid serialization for security-sensitive classes
Serialization Deserialization
Guard sensitive data during serialization
Serialization Deserialization
Be careful caching results of potentially privileged operations
Serialization Deserialization
Only use JNI when necessary
Access Control
 * Reference: http://www.oracle.com/technetwork/java/seccodeguide-139067.html 

Performance

Checklist Item
Category
Avoid excessive synchronization
Concurrency
Keep Synchronized Sections Small
Concurrency
Beware the performance of string concatenation
General Programming
Avoid creating unnecessary objects
Creating and Destroying Objects
* Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021

General

Category
Checklist Item
Use checked exceptions for recoverable conditions and runtime exceptions for programming errors
Exceptions
Favor the use of standard exceptions
Exceptions
Don't ignore exceptions
Exceptions
Check parameters for validity
Methods
Return empty arrays or collections, not nulls
Methods
Minimize the accessibility of classes and members
Classes and Interfaces
In public classes, use accessor methods, not public fields
Classes and Interfaces
Minimize the scope of local variables
General Programming
Refer to objects by their interfaces
General Programming
Adhere to generally accepted naming conventions
General Programming
Avoid finalizers
Creating and Destroying Objects
Always override hashCode when you override equals
General Programming
Always override toString
General Programming
Use enums instead of int constants
Enums and Annotations
Use marker interfaces to define types
Enums and Annotations
Synchronize access to shared mutable data
Concurrency
Prefer executors to tasks and threads
Concurrency
Document thread safety
Concurrency
Valid JUnit / JBehave test cases exist
Testing
* Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021

Static Code Analysis

Category
Checklist Item
Check static code analyzer report for the classes added/modified
Static Code Analysis


Source: http://java.dzone.com/articles/java-code-review-checklist