美文网首页
Java Code Review Checklist

Java Code Review Checklist

作者: 吃番茄的土拨鼠 | 来源:发表于2020-10-17 19:59 被阅读0次

    Clean Code

    Checklist ItemCategory

    Use Intention-Revealing NamesMeaningful Names

    Pick one word per conceptMeaningful Names

    Use Solution/Problem Domain NamesMeaningful Names

    Classes should be small!Classes

    Functions should be small!Functions

    Do one ThingFunctions

    Don't Repeat Yourself (Avoid Duplication)Functions

    Explain yourself in codeComments

    Make sure the code formatting is appliedFormatting

    Use Exceptions rather than Return codesExceptions

    Don't return NullExceptions

    1

    * Reference: http://techbus.safaribooksonline.com/book/software-engineering-and-development/agile-development/9780136083238

    Security

    Checklist ItemCategory

    Make class final if not being used for inheritanceFundamentals

    Avoid duplication of codeFundamentals

    Restrict privileges: Application to run with the least privilege mode required for functioningFundamentals

    Minimize the accessibility of classes and membersFundamentals

    Document security related informationFundamentals

    Input into a system should be checked for valid data size and rangeDenial of Service

    Avoid excessive logs for unusual behaviorDenial of Service

    Release resources (Streams, Connections, etc) in all casesDenial of Service

    Purge sensitive information from exceptions (exposing file path, internals of the system, configuration)Confidential Information

    Do not log highly sensitive informationConfidential Information

    Consider purging highly sensitive from memory after use Confidential Information

    Avoid dynamic SQL, use prepared statementInjection Inclusion

    Limit the accessibility of packages,classes, interfaces, methods, and fieldsAccessibility Extensibility

    Limit the extensibility of classes and methods (by making it final)Accessibility Extensibility

    Validate inputs (for valid data, size, range, boundary conditions, etc)Input Validation

    Validate output from untrusted objects as inputInput Validation

    Define wrappers around native methods (not declare a native method public)Input Validation

    Treat output from untrusted object as inputMutability

    Make public static fields final (to avoid caller changing the value)Mutability

    Avoid exposing constructors of sensitive classesObject Construction

    Avoid serialization for security-sensitive classesSerialization Deserialization

    Guard sensitive data during serializationSerialization Deserialization

    Be careful caching results of potentially privileged operationsSerialization Deserialization

    Only use JNI when necessaryAccess Control

    1

    * Reference: http://www.oracle.com/technetwork/java/seccodeguide-139067.html

    Performance

    Checklist ItemCategory

    Avoid excessive synchronizationConcurrency

    Keep Synchronized Sections SmallConcurrency

    Beware the performance of string concatenationGeneral Programming

    Avoid creating unnecessary objectsCreating and Destroying Objects

    1

    * Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021

    General

    CategoryChecklist Item

    Use checked exceptions for recoverable conditions and runtime exceptions for programming errorsExceptions

    Favor the use of standard exceptionsExceptions

    Don't ignore exceptionsExceptions

    Check parameters for validityMethods

    Return empty arrays or collections, not nullsMethods

    Minimize the accessibility of classes and membersClasses and Interfaces

    In public classes, use accessor methods, not public fieldsClasses and Interfaces

    Minimize the scope of local variablesGeneral Programming

    Refer to objects by their interfacesGeneral Programming

    Adhere to generally accepted naming conventionsGeneral Programming

    Avoid finalizersCreating and Destroying Objects

    Always override hashCode when you override equalsGeneral Programming

    Always override toStringGeneral Programming

    Use enums instead of int constantsEnums and Annotations

    Use marker interfaces to define typesEnums and Annotations

    Synchronize access to shared mutable dataConcurrency

    Prefer executors to tasks and threadsConcurrency

    Document thread safetyConcurrency

    Valid JUnit / JBehave test cases existTesting

    1

    * Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021

    Static Code Analysis

    CategoryChecklist Item

    Check static code analyzer report for the classes added/modifiedStatic Code Analysis

    Topics:

    JAVA,ENTERPRISE-INTEGRATION,PATTERNS,SOFTWARE DEVELOPMENT,INTEGRATION,BEST PRACTICES,CLIENT-SIDE,CODE REVIEW,JAVA CODE REVIEW

    相关文章

      网友评论

          本文标题:Java Code Review Checklist

          本文链接:https://www.haomeiwen.com/subject/tkpfmktx.html