SlideShare ist ein Scribd-Unternehmen logo

Java Code Review Checklist

‱
‱
Mahesh Chopker
Mahesh Chopker

There exist many code review checklist blogs/articles in the net telling standard Java best practices/guidelines; And I have come up with a checklist accommodating best practices from some of the recent popular books (reference given) and guidelines from Oracle (on Security).

SoftwareTechnologie
1 von 3
Downloaden Sie, um offline zu lesen
Code Review Checklist Static Code Analysis Checklist Item Category Notes Check static code analyzer report for the classes added/modified Static Code Analysis There must be automated Code Analysis for the project you are working on, do not forget to check the report for the modified/added classes. If no automated Code Analysis is setup for your project, you can use Eclipse 'FindBug' plugin to manully run and see the report. Clean Code Checklist Item Category Use Intention-Revealing Names Meaningful Names Pick one word per concept Meaningful Names Use Solution/Problem Domain Names Meaningful Names Classes should be small! Classes Functions should be small! Functions Do one Thing Functions Don't Repeat Yourself (Avoid Duplication) Functions Explain yourself in code Comments Make sure the code formatting is applied Formatting Use Exceptions rather than Return codes Exceptions Don't return Null Exceptions * Reference: http://techbus.safaribooksonline.com/book/software-engineering-and-development/agile-developme nt/9780136083238 Security Checklist Item Category Make class final if not being used for inheritance Fundamentals Avoid duplication of code Fundamentals Restrict privileges: Application to run with the least privilege mode required for functioning Fundamentals Minimize the accessibility of classes and members Fundamentals Document security related information Fundamentals Input into a system should be checked for valid data size and range Denial of Service
Avoid excessive logs for unusual behavior Denial of Service Release resources (Streams, Connections, etc) in all cases Denial of Service Purge sensitive information from exceptions (exposing file path, internals of the system, configuration) Confidential Information Do not log highly sensitive information Confidential Information Consider purging highly sensitive from memory after use Confidential Information Avoid dynamic SQL, use prepared statement Injection Inclusion Limit the accessibility of packages,classes, interfaces, methods, and fields Accessibility Extensibility Limit the extensibility of classes and methods (by making it final) Accessibility Extensibility Validate inputs (for valid data, size, range, boundary conditions, etc) Input Validation Validate output from untrusted objects as input Input Validation Define wrappers around native methods (not declare a native method public) Input Validation Treat output from untrusted object as input Mutability Make public static fields final (to avoid caller changing the value) Mutability Avoid exposing constructors of sensitive classes Object Construction Avoid serialization for security-sensitive classes Serialization Deserialization Guard sensitive data during serialization Serialization Deserialization Be careful caching results of potentially privileged operations Serialization Deserialization Only use JNI when necessary Access Control * Reference: http://www.oracle.com/technetwork/java/seccodeguide-139067.html Performance Checklist Item Category Avoid excessive synchronization Concurrency Keep Synchronized Sections Small Concurrency Avoid creating unnecessary objects Creating and Destroying Objects Beware the performance of string concatenation General Programming * Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021 General Category Checklist Item Use checked exceptions for recoverable conditions and runtime exceptions for programming errors Exceptions Favor the use of standard exceptions Exceptions
Don't ignore exceptions Exceptions Check parameters for validity Methods Return empty arrays or collections, not nulls Methods Minimize the accessibility of classes and members Classes and Interfaces In public classes, use accessor methods, not public fields Classes and Interfaces Minimize the scope of local variables General Programming Refer to objects by their interfaces General Programming Adhere to generally accepted naming conventions General Programming Avoid finalizers Creating and Destroying Objects Always override hashCode when you override equals General Programming Always override toString General Programming Use enums instead of int constants Enums and Annotations Use marker interfaces to define types Enums and Annotations Synchronize access to shared mutable data Concurrency Prefer executors to tasks and threads Concurrency Document thread safety Concurrency Avoid cyclic dependency between classes, packages, and modules Modularity * Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021 Unit Test Checklist Item Category Valid JUnit / JBehave test cases exist Testing

Empfohlen

Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best PracticesTrisha Gee
 
Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code AnalysisAnnyce Davis
 
Code review
Code reviewCode review
Code reviewAbhishek Sur
 
SDLC vs STLC
SDLC vs STLCSDLC vs STLC
SDLC vs STLCDavid Tzemach
 
Test-Driven Development
Test-Driven DevelopmentTest-Driven Development
Test-Driven DevelopmentJohn Blum
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven DevelopmentSachithra Gayan
 
Software testing methods, levels and types
Software testing methods, levels and typesSoftware testing methods, levels and types
Software testing methods, levels and typesConfiz
 
TDD - Agile
TDD - Agile TDD - Agile
TDD - Agile harinderpisces
 

Empfohlen

Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best PracticesTrisha Gee
 
Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code AnalysisAnnyce Davis
 
Code review
Code reviewCode review
Code reviewAbhishek Sur
 
SDLC vs STLC
SDLC vs STLCSDLC vs STLC
SDLC vs STLCDavid Tzemach
 
Test-Driven Development
Test-Driven DevelopmentTest-Driven Development
Test-Driven DevelopmentJohn Blum
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven DevelopmentSachithra Gayan
 
Software testing methods, levels and types
Software testing methods, levels and typesSoftware testing methods, levels and types
Software testing methods, levels and typesConfiz
 
TDD - Agile
TDD - Agile TDD - Agile
TDD - Agile harinderpisces
 
Code coverage
Code coverageCode coverage
Code coverageReturn on Intelligence
 
Clean code and Code Smells
Clean code and Code SmellsClean code and Code Smells
Clean code and Code SmellsMario Sangiorgio
 
Writing clean code in C# and .NET
Writing clean code in C# and .NETWriting clean code in C# and .NET
Writing clean code in C# and .NETDror Helper
 
Tdd and bdd
Tdd and bddTdd and bdd
Tdd and bddMohamedSubhiBouchi
 
Clean Code I - Best Practices
Clean Code I - Best PracticesClean Code I - Best Practices
Clean Code I - Best PracticesTheo Jungeblut
 
Istqb foundation level day 1
Istqb foundation level day 1Istqb foundation level day 1
Istqb foundation level day 1Shuchi Singla AKT,SPC4,PMI-ACP,ITIL(F),CP-AAT
 
Clean code presentation
Clean code presentationClean code presentation
Clean code presentationBhavin Gandhi
 
Basic software-testing-concepts
Basic software-testing-conceptsBasic software-testing-concepts
Basic software-testing-conceptsmedsherb
 
Code Quality
Code QualityCode Quality
Code QualityFrançois Camus
 
An Introduction to Test Driven Development
An Introduction to Test Driven Development An Introduction to Test Driven Development
An Introduction to Test Driven Development CodeOps Technologies LLP
 
Test Driven Development (TDD) Preso 360|Flex 2010
Test Driven Development (TDD) Preso 360|Flex 2010Test Driven Development (TDD) Preso 360|Flex 2010
Test Driven Development (TDD) Preso 360|Flex 2010guest5639fa9
 
Introduction to Git and GitHub
Introduction to Git and GitHubIntroduction to Git and GitHub
Introduction to Git and GitHubBioinformatics and Computational Biosciences Branch
 
SDLC - Software Development Life Cycle
SDLC - Software Development Life CycleSDLC - Software Development Life Cycle
SDLC - Software Development Life CycleSaravanan Manoharan
 
Software testing
Software testingSoftware testing
Software testingbalamurugan.k Kalibalamurugan
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven Developmentguestc8093a6
 
Unit and integration Testing
Unit and integration TestingUnit and integration Testing
Unit and integration TestingDavid Berliner
 
S.D.L.C (Software Development Life Cycle.)
S.D.L.C (Software Development Life Cycle.)S.D.L.C (Software Development Life Cycle.)
S.D.L.C (Software Development Life Cycle.)Jayesh Buwa
 
Clean Code III - Software Craftsmanship
Clean Code III - Software CraftsmanshipClean Code III - Software Craftsmanship
Clean Code III - Software CraftsmanshipTheo Jungeblut
 
An introduction to unit testing
An introduction to unit testingAn introduction to unit testing
An introduction to unit testingAdam Stephensen
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven DevelopmentNaresh Jain
 
Code-Review-Principles-Process-and-Tools (1)
Code-Review-Principles-Process-and-Tools (1)Code-Review-Principles-Process-and-Tools (1)
Code-Review-Principles-Process-and-Tools (1)Aditya Bhuyan
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelinesLalit Kale
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Clean code and Code Smells
Clean code and Code SmellsClean code and Code Smells
Clean code and Code SmellsMario Sangiorgio
 
Writing clean code in C# and .NET
Writing clean code in C# and .NETWriting clean code in C# and .NET
Writing clean code in C# and .NETDror Helper
 
Clean Code I - Best Practices
Clean Code I - Best PracticesClean Code I - Best Practices
Clean Code I - Best PracticesTheo Jungeblut
 
Clean code presentation
Clean code presentationClean code presentation
Clean code presentationBhavin Gandhi
 
Basic software-testing-concepts
Basic software-testing-conceptsBasic software-testing-concepts
Basic software-testing-conceptsmedsherb
 
An Introduction to Test Driven Development
An Introduction to Test Driven Development An Introduction to Test Driven Development
An Introduction to Test Driven Development CodeOps Technologies LLP
 
Test Driven Development (TDD) Preso 360|Flex 2010
Test Driven Development (TDD) Preso 360|Flex 2010Test Driven Development (TDD) Preso 360|Flex 2010
Test Driven Development (TDD) Preso 360|Flex 2010guest5639fa9
 
SDLC - Software Development Life Cycle
SDLC - Software Development Life CycleSDLC - Software Development Life Cycle
SDLC - Software Development Life CycleSaravanan Manoharan
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven Developmentguestc8093a6
 
Unit and integration Testing
Unit and integration TestingUnit and integration Testing
Unit and integration TestingDavid Berliner
 
S.D.L.C (Software Development Life Cycle.)
S.D.L.C (Software Development Life Cycle.)S.D.L.C (Software Development Life Cycle.)
S.D.L.C (Software Development Life Cycle.)Jayesh Buwa
 
Clean Code III - Software Craftsmanship
Clean Code III - Software CraftsmanshipClean Code III - Software Craftsmanship
Clean Code III - Software CraftsmanshipTheo Jungeblut
 
An introduction to unit testing
An introduction to unit testingAn introduction to unit testing
An introduction to unit testingAdam Stephensen
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven DevelopmentNaresh Jain
 

Was ist angesagt? (20)

Code coverage
Code coverageCode coverage
Code coverage
 
Clean code and Code Smells
Clean code and Code SmellsClean code and Code Smells
Clean code and Code Smells
 
Writing clean code in C# and .NET
Writing clean code in C# and .NETWriting clean code in C# and .NET
Writing clean code in C# and .NET
 
Tdd and bdd
Tdd and bddTdd and bdd
Tdd and bdd
 
Clean Code I - Best Practices
Clean Code I - Best PracticesClean Code I - Best Practices
Clean Code I - Best Practices
 
Istqb foundation level day 1
Istqb foundation level day 1Istqb foundation level day 1
Istqb foundation level day 1
 
Clean code presentation
Clean code presentationClean code presentation
Clean code presentation
 
Basic software-testing-concepts
Basic software-testing-conceptsBasic software-testing-concepts
Basic software-testing-concepts
 
Code Quality
Code QualityCode Quality
Code Quality
 
An Introduction to Test Driven Development
An Introduction to Test Driven Development An Introduction to Test Driven Development
An Introduction to Test Driven Development
 
Test Driven Development (TDD) Preso 360|Flex 2010
Test Driven Development (TDD) Preso 360|Flex 2010Test Driven Development (TDD) Preso 360|Flex 2010
Test Driven Development (TDD) Preso 360|Flex 2010
 
Introduction to Git and GitHub
Introduction to Git and GitHubIntroduction to Git and GitHub
Introduction to Git and GitHub
 
SDLC - Software Development Life Cycle
SDLC - Software Development Life CycleSDLC - Software Development Life Cycle
SDLC - Software Development Life Cycle
 
Software testing
Software testingSoftware testing
Software testing
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven Development
 
Unit and integration Testing
Unit and integration TestingUnit and integration Testing
Unit and integration Testing
 
S.D.L.C (Software Development Life Cycle.)
S.D.L.C (Software Development Life Cycle.)S.D.L.C (Software Development Life Cycle.)
S.D.L.C (Software Development Life Cycle.)
 
Clean Code III - Software Craftsmanship
Clean Code III - Software CraftsmanshipClean Code III - Software Craftsmanship
Clean Code III - Software Craftsmanship
 
An introduction to unit testing
An introduction to unit testingAn introduction to unit testing
An introduction to unit testing
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven Development
 

Andere mochten auch

Code-Review-Principles-Process-and-Tools (1)
Code-Review-Principles-Process-and-Tools (1)Code-Review-Principles-Process-and-Tools (1)
Code-Review-Principles-Process-and-Tools (1)Aditya Bhuyan
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelinesLalit Kale
 
Project audit & review checklist
Project audit & review checklistProject audit & review checklist
Project audit & review checklistRam Srivastava
 
Eventschklist
EventschklistEventschklist
EventschklistCarlos Serra
 
Function checklist
Function checklistFunction checklist
Function checklistCarlos Serra
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviewsSebastian Marek
 
Agile Development for FDA Regulated Medical Software
Agile Development for FDA Regulated Medical SoftwareAgile Development for FDA Regulated Medical Software
Agile Development for FDA Regulated Medical SoftwareOrthogonal
 
Do-It-Yourself Website Audit
Do-It-Yourself Website AuditDo-It-Yourself Website Audit
Do-It-Yourself Website AuditRebecca Gill
 
Which test cases to automate
Which test cases to automateWhich test cases to automate
Which test cases to automatesachxn1
 

Andere mochten auch (10)

Code-Review-Principles-Process-and-Tools (1)
Code-Review-Principles-Process-and-Tools (1)Code-Review-Principles-Process-and-Tools (1)
Code-Review-Principles-Process-and-Tools (1)
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelines
 
Project audit & review checklist
Project audit & review checklistProject audit & review checklist
Project audit & review checklist
 
Eventschklist
EventschklistEventschklist
Eventschklist
 
Function checklist
Function checklistFunction checklist
Function checklist
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
 
Agile Development for FDA Regulated Medical Software
Agile Development for FDA Regulated Medical SoftwareAgile Development for FDA Regulated Medical Software
Agile Development for FDA Regulated Medical Software
 
Weekly air compressor check list
Weekly air compressor check listWeekly air compressor check list
Weekly air compressor check list
 
Do-It-Yourself Website Audit
Do-It-Yourself Website AuditDo-It-Yourself Website Audit
Do-It-Yourself Website Audit
 
Which test cases to automate
Which test cases to automateWhich test cases to automate
Which test cases to automate
 

Ähnlich wie Java Code Review Checklist

Back-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real WorldBack-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real WorldDavid McCarter
 
Back-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real WorldBack-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real WorldDavid McCarter
 
Best practices in enterprise applications
Best practices in enterprise applicationsBest practices in enterprise applications
Best practices in enterprise applicationsChandra Sekhar Saripaka
 
Back-2-Basics: .NET Coding Standards For The Real World (2011)
Back-2-Basics: .NET Coding Standards For The Real World (2011)Back-2-Basics: .NET Coding Standards For The Real World (2011)
Back-2-Basics: .NET Coding Standards For The Real World (2011)David McCarter
 
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...Erika Barron
 
Code Quality Management iOS
Code Quality Management iOSCode Quality Management iOS
Code Quality Management iOSArpit Kulsreshtha
 
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...DicodingEvent
 
Most Useful Design Patterns
Most Useful Design PatternsMost Useful Design Patterns
Most Useful Design PatternsSteven Smith
 
Enterprise Library 2.0
Enterprise Library 2.0Enterprise Library 2.0
Enterprise Library 2.0Raju Permandla
 
How to ace your .NET technical interview :: .Net Technical Check Tuneup
How to ace your .NET technical interview :: .Net Technical Check TuneupHow to ace your .NET technical interview :: .Net Technical Check Tuneup
How to ace your .NET technical interview :: .Net Technical Check TuneupBala Subra
 
Best Coding Practices For Android Application Development
Best Coding Practices For Android Application DevelopmentBest Coding Practices For Android Application Development
Best Coding Practices For Android Application DevelopmentKetan Raval
 
Automation testing
Automation testingAutomation testing
Automation testingTomy Rhymond
 
Optimize and maintain your project in Xcode.
Optimize and maintain your project in Xcode.Optimize and maintain your project in Xcode.
Optimize and maintain your project in Xcode.Bryn Bodayle
 
Unit testing (Exploring the other side as a tester)
Unit testing (Exploring the other side as a tester)Unit testing (Exploring the other side as a tester)
Unit testing (Exploring the other side as a tester)Abhijeet Vaikar
 
cf.Objective() 2017 - Design patterns - Brad Wood
cf.Objective() 2017 - Design patterns - Brad Woodcf.Objective() 2017 - Design patterns - Brad Wood
cf.Objective() 2017 - Design patterns - Brad WoodOrtus Solutions, Corp
 

Ähnlich wie Java Code Review Checklist (20)

Back-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real WorldBack-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real World
 
Back-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real WorldBack-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real World
 
Best practices in enterprise applications
Best practices in enterprise applicationsBest practices in enterprise applications
Best practices in enterprise applications
 
Back-2-Basics: .NET Coding Standards For The Real World (2011)
Back-2-Basics: .NET Coding Standards For The Real World (2011)Back-2-Basics: .NET Coding Standards For The Real World (2011)
Back-2-Basics: .NET Coding Standards For The Real World (2011)
 
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...
 
Code Quality Management iOS
Code Quality Management iOSCode Quality Management iOS
Code Quality Management iOS
 
Exception handling in .net
Exception handling in .netException handling in .net
Exception handling in .net
 
Exception handling in ASP .NET
Exception handling in ASP .NETException handling in ASP .NET
Exception handling in ASP .NET
 
Unit testing
Unit testingUnit testing
Unit testing
 
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
 
Most Useful Design Patterns
Most Useful Design PatternsMost Useful Design Patterns
Most Useful Design Patterns
 
Code Quality
Code QualityCode Quality
Code Quality
 
Code quality
Code qualityCode quality
Code quality
 
Enterprise Library 2.0
Enterprise Library 2.0Enterprise Library 2.0
Enterprise Library 2.0
 
How to ace your .NET technical interview :: .Net Technical Check Tuneup
How to ace your .NET technical interview :: .Net Technical Check TuneupHow to ace your .NET technical interview :: .Net Technical Check Tuneup
How to ace your .NET technical interview :: .Net Technical Check Tuneup
 
Best Coding Practices For Android Application Development
Best Coding Practices For Android Application DevelopmentBest Coding Practices For Android Application Development
Best Coding Practices For Android Application Development
 
Automation testing
Automation testingAutomation testing
Automation testing
 
Optimize and maintain your project in Xcode.
Optimize and maintain your project in Xcode.Optimize and maintain your project in Xcode.
Optimize and maintain your project in Xcode.
 
Unit testing (Exploring the other side as a tester)
Unit testing (Exploring the other side as a tester)Unit testing (Exploring the other side as a tester)
Unit testing (Exploring the other side as a tester)
 
cf.Objective() 2017 - Design patterns - Brad Wood
cf.Objective() 2017 - Design patterns - Brad Woodcf.Objective() 2017 - Design patterns - Brad Wood
cf.Objective() 2017 - Design patterns - Brad Wood
 

KĂŒrzlich hochgeladen

Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy LĂłpez
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Call Us🔝>àŒ’+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>àŒ’+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>àŒ’+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>àŒ’+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesƁukasz Chruƛciel
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
How To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROHow To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROmotivationalword821
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 

KĂŒrzlich hochgeladen (20)

Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Call Us🔝>àŒ’+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>àŒ’+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>àŒ’+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>àŒ’+91-9711147426⇛Call In girls karol bagh (Delhi)
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
How To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROHow To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTRO
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 

Java Code Review Checklist

  • 1. Code Review Checklist Static Code Analysis Checklist Item Category Notes Check static code analyzer report for the classes added/modified Static Code Analysis There must be automated Code Analysis for the project you are working on, do not forget to check the report for the modified/added classes. If no automated Code Analysis is setup for your project, you can use Eclipse 'FindBug' plugin to manully run and see the report. Clean Code Checklist Item Category Use Intention-Revealing Names Meaningful Names Pick one word per concept Meaningful Names Use Solution/Problem Domain Names Meaningful Names Classes should be small! Classes Functions should be small! Functions Do one Thing Functions Don't Repeat Yourself (Avoid Duplication) Functions Explain yourself in code Comments Make sure the code formatting is applied Formatting Use Exceptions rather than Return codes Exceptions Don't return Null Exceptions * Reference: http://techbus.safaribooksonline.com/book/software-engineering-and-development/agile-developme nt/9780136083238 Security Checklist Item Category Make class final if not being used for inheritance Fundamentals Avoid duplication of code Fundamentals Restrict privileges: Application to run with the least privilege mode required for functioning Fundamentals Minimize the accessibility of classes and members Fundamentals Document security related information Fundamentals Input into a system should be checked for valid data size and range Denial of Service
  • 2. Avoid excessive logs for unusual behavior Denial of Service Release resources (Streams, Connections, etc) in all cases Denial of Service Purge sensitive information from exceptions (exposing file path, internals of the system, configuration) Confidential Information Do not log highly sensitive information Confidential Information Consider purging highly sensitive from memory after use Confidential Information Avoid dynamic SQL, use prepared statement Injection Inclusion Limit the accessibility of packages,classes, interfaces, methods, and fields Accessibility Extensibility Limit the extensibility of classes and methods (by making it final) Accessibility Extensibility Validate inputs (for valid data, size, range, boundary conditions, etc) Input Validation Validate output from untrusted objects as input Input Validation Define wrappers around native methods (not declare a native method public) Input Validation Treat output from untrusted object as input Mutability Make public static fields final (to avoid caller changing the value) Mutability Avoid exposing constructors of sensitive classes Object Construction Avoid serialization for security-sensitive classes Serialization Deserialization Guard sensitive data during serialization Serialization Deserialization Be careful caching results of potentially privileged operations Serialization Deserialization Only use JNI when necessary Access Control * Reference: http://www.oracle.com/technetwork/java/seccodeguide-139067.html Performance Checklist Item Category Avoid excessive synchronization Concurrency Keep Synchronized Sections Small Concurrency Avoid creating unnecessary objects Creating and Destroying Objects Beware the performance of string concatenation General Programming * Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021 General Category Checklist Item Use checked exceptions for recoverable conditions and runtime exceptions for programming errors Exceptions Favor the use of standard exceptions Exceptions
  • 3. Don't ignore exceptions Exceptions Check parameters for validity Methods Return empty arrays or collections, not nulls Methods Minimize the accessibility of classes and members Classes and Interfaces In public classes, use accessor methods, not public fields Classes and Interfaces Minimize the scope of local variables General Programming Refer to objects by their interfaces General Programming Adhere to generally accepted naming conventions General Programming Avoid finalizers Creating and Destroying Objects Always override hashCode when you override equals General Programming Always override toString General Programming Use enums instead of int constants Enums and Annotations Use marker interfaces to define types Enums and Annotations Synchronize access to shared mutable data Concurrency Prefer executors to tasks and threads Concurrency Document thread safety Concurrency Avoid cyclic dependency between classes, packages, and modules Modularity * Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021 Unit Test Checklist Item Category Valid JUnit / JBehave test cases exist Testing