SlideShare ist ein Scribd-Unternehmen logo

Java Code Review Checklist

‱
‱
Mahesh Chopker
Mahesh Chopker

There exist many code review checklist blogs/articles in the net telling standard Java best practices/guidelines; And I have come up with a checklist accommodating best practices from some of the recent popular books (reference given) and guidelines from Oracle (on Security).

SoftwareTechnologie
1 von 3
Downloaden Sie, um offline zu lesen
Code Review Checklist Static Code Analysis Checklist Item Category Notes Check static code analyzer report for the classes added/modified Static Code Analysis There must be automated Code Analysis for the project you are working on, do not forget to check the report for the modified/added classes. If no automated Code Analysis is setup for your project, you can use Eclipse 'FindBug' plugin to manully run and see the report. Clean Code Checklist Item Category Use Intention-Revealing Names Meaningful Names Pick one word per concept Meaningful Names Use Solution/Problem Domain Names Meaningful Names Classes should be small! Classes Functions should be small! Functions Do one Thing Functions Don't Repeat Yourself (Avoid Duplication) Functions Explain yourself in code Comments Make sure the code formatting is applied Formatting Use Exceptions rather than Return codes Exceptions Don't return Null Exceptions * Reference: http://techbus.safaribooksonline.com/book/software-engineering-and-development/agile-developme nt/9780136083238 Security Checklist Item Category Make class final if not being used for inheritance Fundamentals Avoid duplication of code Fundamentals Restrict privileges: Application to run with the least privilege mode required for functioning Fundamentals Minimize the accessibility of classes and members Fundamentals Document security related information Fundamentals Input into a system should be checked for valid data size and range Denial of Service
Avoid excessive logs for unusual behavior Denial of Service Release resources (Streams, Connections, etc) in all cases Denial of Service Purge sensitive information from exceptions (exposing file path, internals of the system, configuration) Confidential Information Do not log highly sensitive information Confidential Information Consider purging highly sensitive from memory after use Confidential Information Avoid dynamic SQL, use prepared statement Injection Inclusion Limit the accessibility of packages,classes, interfaces, methods, and fields Accessibility Extensibility Limit the extensibility of classes and methods (by making it final) Accessibility Extensibility Validate inputs (for valid data, size, range, boundary conditions, etc) Input Validation Validate output from untrusted objects as input Input Validation Define wrappers around native methods (not declare a native method public) Input Validation Treat output from untrusted object as input Mutability Make public static fields final (to avoid caller changing the value) Mutability Avoid exposing constructors of sensitive classes Object Construction Avoid serialization for security-sensitive classes Serialization Deserialization Guard sensitive data during serialization Serialization Deserialization Be careful caching results of potentially privileged operations Serialization Deserialization Only use JNI when necessary Access Control * Reference: http://www.oracle.com/technetwork/java/seccodeguide-139067.html Performance Checklist Item Category Avoid excessive synchronization Concurrency Keep Synchronized Sections Small Concurrency Avoid creating unnecessary objects Creating and Destroying Objects Beware the performance of string concatenation General Programming * Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021 General Category Checklist Item Use checked exceptions for recoverable conditions and runtime exceptions for programming errors Exceptions Favor the use of standard exceptions Exceptions
Don't ignore exceptions Exceptions Check parameters for validity Methods Return empty arrays or collections, not nulls Methods Minimize the accessibility of classes and members Classes and Interfaces In public classes, use accessor methods, not public fields Classes and Interfaces Minimize the scope of local variables General Programming Refer to objects by their interfaces General Programming Adhere to generally accepted naming conventions General Programming Avoid finalizers Creating and Destroying Objects Always override hashCode when you override equals General Programming Always override toString General Programming Use enums instead of int constants Enums and Annotations Use marker interfaces to define types Enums and Annotations Synchronize access to shared mutable data Concurrency Prefer executors to tasks and threads Concurrency Document thread safety Concurrency Avoid cyclic dependency between classes, packages, and modules Modularity * Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021 Unit Test Checklist Item Category Valid JUnit / JBehave test cases exist Testing

Empfohlen

Deep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKDeep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKJosé Paumard
 
Test-Driven Development
Test-Driven DevelopmentTest-Driven Development
Test-Driven DevelopmentJohn Blum
 
Java programming course for beginners
Java programming course for beginnersJava programming course for beginners
Java programming course for beginnersEduonix Learning Solutions
 
Java logging
Java loggingJava logging
Java loggingJumping Bean
 
Code Coverage
Code CoverageCode Coverage
Code CoverageErnani Omar Cruz
 
Spring Batch 2.0
Spring Batch 2.0Spring Batch 2.0
Spring Batch 2.0Guido Schmutz
 
How to go about testing in React?
How to go about testing in React? How to go about testing in React?
How to go about testing in React? Lisa Gagarina
 
Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best PracticesTrisha Gee
 

Empfohlen

Deep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKDeep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKJosé Paumard
 
Test-Driven Development
Test-Driven DevelopmentTest-Driven Development
Test-Driven DevelopmentJohn Blum
 
Java programming course for beginners
Java programming course for beginnersJava programming course for beginners
Java programming course for beginnersEduonix Learning Solutions
 
Java logging
Java loggingJava logging
Java loggingJumping Bean
 
Code Coverage
Code CoverageCode Coverage
Code CoverageErnani Omar Cruz
 
Spring Batch 2.0
Spring Batch 2.0Spring Batch 2.0
Spring Batch 2.0Guido Schmutz
 
How to go about testing in React?
How to go about testing in React? How to go about testing in React?
How to go about testing in React? Lisa Gagarina
 
Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best PracticesTrisha Gee
 
Spring boot introduction
Spring boot introductionSpring boot introduction
Spring boot introductionRasheed Waraich
 
Introduction to JMeter
Introduction to JMeterIntroduction to JMeter
Introduction to JMeterGalih Lasahido
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelinesLalit Kale
 
Spring Framework
Spring Framework Spring Framework
Spring Framework tola99
 
Spring batch
Spring batchSpring batch
Spring batchnishasowdri
 
Risk-based Testing
Risk-based TestingRisk-based Testing
Risk-based TestingJohan Hoberg
 
Spring Boot
Spring BootSpring Boot
Spring BootJaran Flaath
 
RESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and JenkinsRESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and JenkinsQASymphony
 
Java notes
Java notesJava notes
Java notesChaitanya Rajkumar Limmala
 
Introduction to jest
Introduction to jestIntroduction to jest
Introduction to jestpksjce
 
Svn Basic Tutorial
Svn Basic TutorialSvn Basic Tutorial
Svn Basic TutorialMarco Pivetta
 
Code review
Code reviewCode review
Code reviewAbhishek Sur
 
Testing with JUnit 5 and Spring - Spring I/O 2022
Testing with JUnit 5 and Spring - Spring I/O 2022Testing with JUnit 5 and Spring - Spring I/O 2022
Testing with JUnit 5 and Spring - Spring I/O 2022Sam Brannen
 
SOFTWARE TESTING
SOFTWARE TESTINGSOFTWARE TESTING
SOFTWARE TESTINGPriyanka Karancy
 
Java Performance Monitoring & Tuning
Java Performance Monitoring & TuningJava Performance Monitoring & Tuning
Java Performance Monitoring & TuningMuhammed Shakir
 
Performance testing and reporting with JMeter
Performance testing and reporting with JMeterPerformance testing and reporting with JMeter
Performance testing and reporting with JMeterjvSlideshare
 
Java virtual machine
Java virtual machineJava virtual machine
Java virtual machinebaabtra.com - No. 1 supplier of quality freshers
 
Code Review
Code ReviewCode Review
Code ReviewMikalai Alimenkou
 
Reactive programming
Reactive programmingReactive programming
Reactive programmingSUDIP GHOSH
 
Spring Boot
Spring BootSpring Boot
Spring BootHongSeong Jeon
 
Code-Review-Principles-Process-and-Tools (1)
Code-Review-Principles-Process-and-Tools (1)Code-Review-Principles-Process-and-Tools (1)
Code-Review-Principles-Process-and-Tools (1)Aditya Bhuyan
 
Project audit & review checklist
Project audit & review checklistProject audit & review checklist
Project audit & review checklistRam Srivastava
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Spring boot introduction
Spring boot introductionSpring boot introduction
Spring boot introductionRasheed Waraich
 
Introduction to JMeter
Introduction to JMeterIntroduction to JMeter
Introduction to JMeterGalih Lasahido
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelinesLalit Kale
 
Spring Framework
Spring Framework Spring Framework
Spring Framework tola99
 
Spring batch
Spring batchSpring batch
Spring batchnishasowdri
 
Risk-based Testing
Risk-based TestingRisk-based Testing
Risk-based TestingJohan Hoberg
 
RESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and JenkinsRESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and JenkinsQASymphony
 
Introduction to jest
Introduction to jestIntroduction to jest
Introduction to jestpksjce
 
Svn Basic Tutorial
Svn Basic TutorialSvn Basic Tutorial
Svn Basic TutorialMarco Pivetta
 
Testing with JUnit 5 and Spring - Spring I/O 2022
Testing with JUnit 5 and Spring - Spring I/O 2022Testing with JUnit 5 and Spring - Spring I/O 2022
Testing with JUnit 5 and Spring - Spring I/O 2022Sam Brannen
 
Java Performance Monitoring & Tuning
Java Performance Monitoring & TuningJava Performance Monitoring & Tuning
Java Performance Monitoring & TuningMuhammed Shakir
 
Performance testing and reporting with JMeter
Performance testing and reporting with JMeterPerformance testing and reporting with JMeter
Performance testing and reporting with JMeterjvSlideshare
 
Reactive programming
Reactive programmingReactive programming
Reactive programmingSUDIP GHOSH
 

Was ist angesagt? (20)

Spring boot introduction
Spring boot introductionSpring boot introduction
Spring boot introduction
 
Introduction to JMeter
Introduction to JMeterIntroduction to JMeter
Introduction to JMeter
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelines
 
Spring Framework
Spring Framework Spring Framework
Spring Framework
 
Spring batch
Spring batchSpring batch
Spring batch
 
Risk-based Testing
Risk-based TestingRisk-based Testing
Risk-based Testing
 
Spring Boot
Spring BootSpring Boot
Spring Boot
 
RESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and JenkinsRESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and Jenkins
 
Java notes
Java notesJava notes
Java notes
 
Introduction to jest
Introduction to jestIntroduction to jest
Introduction to jest
 
Svn Basic Tutorial
Svn Basic TutorialSvn Basic Tutorial
Svn Basic Tutorial
 
Code review
Code reviewCode review
Code review
 
Testing with JUnit 5 and Spring - Spring I/O 2022
Testing with JUnit 5 and Spring - Spring I/O 2022Testing with JUnit 5 and Spring - Spring I/O 2022
Testing with JUnit 5 and Spring - Spring I/O 2022
 
SOFTWARE TESTING
SOFTWARE TESTINGSOFTWARE TESTING
SOFTWARE TESTING
 
Java Performance Monitoring & Tuning
Java Performance Monitoring & TuningJava Performance Monitoring & Tuning
Java Performance Monitoring & Tuning
 
Performance testing and reporting with JMeter
Performance testing and reporting with JMeterPerformance testing and reporting with JMeter
Performance testing and reporting with JMeter
 
Java virtual machine
Java virtual machineJava virtual machine
Java virtual machine
 
Code Review
Code ReviewCode Review
Code Review
 
Reactive programming
Reactive programmingReactive programming
Reactive programming
 
Spring Boot
Spring BootSpring Boot
Spring Boot
 

Andere mochten auch

Code-Review-Principles-Process-and-Tools (1)
Code-Review-Principles-Process-and-Tools (1)Code-Review-Principles-Process-and-Tools (1)
Code-Review-Principles-Process-and-Tools (1)Aditya Bhuyan
 
Project audit & review checklist
Project audit & review checklistProject audit & review checklist
Project audit & review checklistRam Srivastava
 
Eventschklist
EventschklistEventschklist
EventschklistCarlos Serra
 
Function checklist
Function checklistFunction checklist
Function checklistCarlos Serra
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviewsSebastian Marek
 
Agile Development for FDA Regulated Medical Software
Agile Development for FDA Regulated Medical SoftwareAgile Development for FDA Regulated Medical Software
Agile Development for FDA Regulated Medical SoftwareOrthogonal
 
Do-It-Yourself Website Audit
Do-It-Yourself Website AuditDo-It-Yourself Website Audit
Do-It-Yourself Website AuditRebecca Gill
 
Which test cases to automate
Which test cases to automateWhich test cases to automate
Which test cases to automatesachxn1
 

Andere mochten auch (9)

Code-Review-Principles-Process-and-Tools (1)
Code-Review-Principles-Process-and-Tools (1)Code-Review-Principles-Process-and-Tools (1)
Code-Review-Principles-Process-and-Tools (1)
 
Project audit & review checklist
Project audit & review checklistProject audit & review checklist
Project audit & review checklist
 
Eventschklist
EventschklistEventschklist
Eventschklist
 
Function checklist
Function checklistFunction checklist
Function checklist
 
Effective code reviews
Effective code reviewsEffective code reviews
Effective code reviews
 
Agile Development for FDA Regulated Medical Software
Agile Development for FDA Regulated Medical SoftwareAgile Development for FDA Regulated Medical Software
Agile Development for FDA Regulated Medical Software
 
Weekly air compressor check list
Weekly air compressor check listWeekly air compressor check list
Weekly air compressor check list
 
Do-It-Yourself Website Audit
Do-It-Yourself Website AuditDo-It-Yourself Website Audit
Do-It-Yourself Website Audit
 
Which test cases to automate
Which test cases to automateWhich test cases to automate
Which test cases to automate
 

Ähnlich wie Java Code Review Checklist

Back-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real WorldBack-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real WorldDavid McCarter
 
Back-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real WorldBack-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real WorldDavid McCarter
 
Best practices in enterprise applications
Best practices in enterprise applicationsBest practices in enterprise applications
Best practices in enterprise applicationsChandra Sekhar Saripaka
 
Back-2-Basics: .NET Coding Standards For The Real World (2011)
Back-2-Basics: .NET Coding Standards For The Real World (2011)Back-2-Basics: .NET Coding Standards For The Real World (2011)
Back-2-Basics: .NET Coding Standards For The Real World (2011)David McCarter
 
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...Erika Barron
 
Code Quality Management iOS
Code Quality Management iOSCode Quality Management iOS
Code Quality Management iOSArpit Kulsreshtha
 
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...DicodingEvent
 
Most Useful Design Patterns
Most Useful Design PatternsMost Useful Design Patterns
Most Useful Design PatternsSteven Smith
 
Enterprise Library 2.0
Enterprise Library 2.0Enterprise Library 2.0
Enterprise Library 2.0Raju Permandla
 
How to ace your .NET technical interview :: .Net Technical Check Tuneup
How to ace your .NET technical interview :: .Net Technical Check TuneupHow to ace your .NET technical interview :: .Net Technical Check Tuneup
How to ace your .NET technical interview :: .Net Technical Check TuneupBala Subra
 
Best Coding Practices For Android Application Development
Best Coding Practices For Android Application DevelopmentBest Coding Practices For Android Application Development
Best Coding Practices For Android Application DevelopmentKetan Raval
 
Automation testing
Automation testingAutomation testing
Automation testingTomy Rhymond
 
Optimize and maintain your project in Xcode.
Optimize and maintain your project in Xcode.Optimize and maintain your project in Xcode.
Optimize and maintain your project in Xcode.Bryn Bodayle
 
Unit testing (Exploring the other side as a tester)
Unit testing (Exploring the other side as a tester)Unit testing (Exploring the other side as a tester)
Unit testing (Exploring the other side as a tester)Abhijeet Vaikar
 
cf.Objective() 2017 - Design patterns - Brad Wood
cf.Objective() 2017 - Design patterns - Brad Woodcf.Objective() 2017 - Design patterns - Brad Wood
cf.Objective() 2017 - Design patterns - Brad WoodOrtus Solutions, Corp
 

Ähnlich wie Java Code Review Checklist (20)

Back-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real WorldBack-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real World
 
Back-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real WorldBack-2-Basics: .NET Coding Standards For The Real World
Back-2-Basics: .NET Coding Standards For The Real World
 
Best practices in enterprise applications
Best practices in enterprise applicationsBest practices in enterprise applications
Best practices in enterprise applications
 
Back-2-Basics: .NET Coding Standards For The Real World (2011)
Back-2-Basics: .NET Coding Standards For The Real World (2011)Back-2-Basics: .NET Coding Standards For The Real World (2011)
Back-2-Basics: .NET Coding Standards For The Real World (2011)
 
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...
 
Code Quality Management iOS
Code Quality Management iOSCode Quality Management iOS
Code Quality Management iOS
 
Exception handling in .net
Exception handling in .netException handling in .net
Exception handling in .net
 
Exception handling in ASP .NET
Exception handling in ASP .NETException handling in ASP .NET
Exception handling in ASP .NET
 
Unit testing
Unit testingUnit testing
Unit testing
 
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
Play with Testing on Android - Gilang Ramadhan (Academy Content Writer at Dic...
 
Most Useful Design Patterns
Most Useful Design PatternsMost Useful Design Patterns
Most Useful Design Patterns
 
Code Quality
Code QualityCode Quality
Code Quality
 
Code quality
Code qualityCode quality
Code quality
 
Enterprise Library 2.0
Enterprise Library 2.0Enterprise Library 2.0
Enterprise Library 2.0
 
How to ace your .NET technical interview :: .Net Technical Check Tuneup
How to ace your .NET technical interview :: .Net Technical Check TuneupHow to ace your .NET technical interview :: .Net Technical Check Tuneup
How to ace your .NET technical interview :: .Net Technical Check Tuneup
 
Best Coding Practices For Android Application Development
Best Coding Practices For Android Application DevelopmentBest Coding Practices For Android Application Development
Best Coding Practices For Android Application Development
 
Automation testing
Automation testingAutomation testing
Automation testing
 
Optimize and maintain your project in Xcode.
Optimize and maintain your project in Xcode.Optimize and maintain your project in Xcode.
Optimize and maintain your project in Xcode.
 
Unit testing (Exploring the other side as a tester)
Unit testing (Exploring the other side as a tester)Unit testing (Exploring the other side as a tester)
Unit testing (Exploring the other side as a tester)
 
cf.Objective() 2017 - Design patterns - Brad Wood
cf.Objective() 2017 - Design patterns - Brad Woodcf.Objective() 2017 - Design patterns - Brad Wood
cf.Objective() 2017 - Design patterns - Brad Wood
 

KĂŒrzlich hochgeladen

(Genuine) Escort Service Lucknow | Starting â‚č,5K To @25k with A/C đŸ§‘đŸœâ€â€ïžâ€đŸ§‘đŸ» 89...
(Genuine) Escort Service Lucknow | Starting â‚č,5K To @25k with A/C đŸ§‘đŸœâ€â€ïžâ€đŸ§‘đŸ» 89...(Genuine) Escort Service Lucknow | Starting â‚č,5K To @25k with A/C đŸ§‘đŸœâ€â€ïžâ€đŸ§‘đŸ» 89...
(Genuine) Escort Service Lucknow | Starting â‚č,5K To @25k with A/C đŸ§‘đŸœâ€â€ïžâ€đŸ§‘đŸ» 89...gurkirankumar98700
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Russian Call Girls in Karol Bagh Aasnvi âžĄïž 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi âžĄïž 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi âžĄïž 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi âžĄïž 8264348440 💋📞 Independent Escort S...soniya singh
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto GonzĂĄlez Trastoy
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
CALL ON ➄8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂
CALL ON ➄8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂CALL ON ➄8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂
CALL ON ➄8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂anilsa9823
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 

KĂŒrzlich hochgeladen (20)

(Genuine) Escort Service Lucknow | Starting â‚č,5K To @25k with A/C đŸ§‘đŸœâ€â€ïžâ€đŸ§‘đŸ» 89...
(Genuine) Escort Service Lucknow | Starting â‚č,5K To @25k with A/C đŸ§‘đŸœâ€â€ïžâ€đŸ§‘đŸ» 89...(Genuine) Escort Service Lucknow | Starting â‚č,5K To @25k with A/C đŸ§‘đŸœâ€â€ïžâ€đŸ§‘đŸ» 89...
(Genuine) Escort Service Lucknow | Starting â‚č,5K To @25k with A/C đŸ§‘đŸœâ€â€ïžâ€đŸ§‘đŸ» 89...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Russian Call Girls in Karol Bagh Aasnvi âžĄïž 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi âžĄïž 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi âžĄïž 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi âžĄïž 8264348440 💋📞 Independent Escort S...
 
Call Girls In Mukherjee Nagar đŸ“± 9999965857 đŸ€© Delhi đŸ«Š HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar đŸ“± 9999965857 đŸ€© Delhi đŸ«Š HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar đŸ“± 9999965857 đŸ€© Delhi đŸ«Š HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar đŸ“± 9999965857 đŸ€© Delhi đŸ«Š HOT AND SEXY VVIP 🍎 SE...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
CALL ON ➄8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂
CALL ON ➄8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂CALL ON ➄8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂
CALL ON ➄8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 

Java Code Review Checklist

  • 1. Code Review Checklist Static Code Analysis Checklist Item Category Notes Check static code analyzer report for the classes added/modified Static Code Analysis There must be automated Code Analysis for the project you are working on, do not forget to check the report for the modified/added classes. If no automated Code Analysis is setup for your project, you can use Eclipse 'FindBug' plugin to manully run and see the report. Clean Code Checklist Item Category Use Intention-Revealing Names Meaningful Names Pick one word per concept Meaningful Names Use Solution/Problem Domain Names Meaningful Names Classes should be small! Classes Functions should be small! Functions Do one Thing Functions Don't Repeat Yourself (Avoid Duplication) Functions Explain yourself in code Comments Make sure the code formatting is applied Formatting Use Exceptions rather than Return codes Exceptions Don't return Null Exceptions * Reference: http://techbus.safaribooksonline.com/book/software-engineering-and-development/agile-developme nt/9780136083238 Security Checklist Item Category Make class final if not being used for inheritance Fundamentals Avoid duplication of code Fundamentals Restrict privileges: Application to run with the least privilege mode required for functioning Fundamentals Minimize the accessibility of classes and members Fundamentals Document security related information Fundamentals Input into a system should be checked for valid data size and range Denial of Service
  • 2. Avoid excessive logs for unusual behavior Denial of Service Release resources (Streams, Connections, etc) in all cases Denial of Service Purge sensitive information from exceptions (exposing file path, internals of the system, configuration) Confidential Information Do not log highly sensitive information Confidential Information Consider purging highly sensitive from memory after use Confidential Information Avoid dynamic SQL, use prepared statement Injection Inclusion Limit the accessibility of packages,classes, interfaces, methods, and fields Accessibility Extensibility Limit the extensibility of classes and methods (by making it final) Accessibility Extensibility Validate inputs (for valid data, size, range, boundary conditions, etc) Input Validation Validate output from untrusted objects as input Input Validation Define wrappers around native methods (not declare a native method public) Input Validation Treat output from untrusted object as input Mutability Make public static fields final (to avoid caller changing the value) Mutability Avoid exposing constructors of sensitive classes Object Construction Avoid serialization for security-sensitive classes Serialization Deserialization Guard sensitive data during serialization Serialization Deserialization Be careful caching results of potentially privileged operations Serialization Deserialization Only use JNI when necessary Access Control * Reference: http://www.oracle.com/technetwork/java/seccodeguide-139067.html Performance Checklist Item Category Avoid excessive synchronization Concurrency Keep Synchronized Sections Small Concurrency Avoid creating unnecessary objects Creating and Destroying Objects Beware the performance of string concatenation General Programming * Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021 General Category Checklist Item Use checked exceptions for recoverable conditions and runtime exceptions for programming errors Exceptions Favor the use of standard exceptions Exceptions
  • 3. Don't ignore exceptions Exceptions Check parameters for validity Methods Return empty arrays or collections, not nulls Methods Minimize the accessibility of classes and members Classes and Interfaces In public classes, use accessor methods, not public fields Classes and Interfaces Minimize the scope of local variables General Programming Refer to objects by their interfaces General Programming Adhere to generally accepted naming conventions General Programming Avoid finalizers Creating and Destroying Objects Always override hashCode when you override equals General Programming Always override toString General Programming Use enums instead of int constants Enums and Annotations Use marker interfaces to define types Enums and Annotations Synchronize access to shared mutable data Concurrency Prefer executors to tasks and threads Concurrency Document thread safety Concurrency Avoid cyclic dependency between classes, packages, and modules Modularity * Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021 Unit Test Checklist Item Category Valid JUnit / JBehave test cases exist Testing