Java Code Review Checklist

Clean Code

Checklist ItemCategory

Use Intention-Revealing NamesMeaningful Names

Pick one word per conceptMeaningful Names

Use Solution/Problem Domain NamesMeaningful Names

Classes should be small!Classes

Functions should be small!Functions

Do one ThingFunctions

Don't Repeat Yourself (Avoid Duplication)Functions

Explain yourself in codeComments

Make sure the code formatting is appliedFormatting

Use Exceptions rather than Return codesExceptions

Don't return NullExceptions

1

* Reference: http://techbus.safaribooksonline.com/book/software-engineering-and-development/agile-development/9780136083238

Security

Checklist ItemCategory

Make class final if not being used for inheritanceFundamentals

Avoid duplication of codeFundamentals

Restrict privileges: Application to run with the least privilege mode required for functioningFundamentals

Minimize the accessibility of classes and membersFundamentals

Document security related informationFundamentals

Input into a system should be checked for valid data size and rangeDenial of Service

Avoid excessive logs for unusual behaviorDenial of Service

Release resources (Streams, Connections, etc) in all casesDenial of Service

Purge sensitive information from exceptions (exposing file path, internals of the system, configuration)Confidential Information

Do not log highly sensitive informationConfidential Information

Consider purging highly sensitive from memory after use Confidential Information

Avoid dynamic SQL, use prepared statementInjection Inclusion

Limit the accessibility of packages,classes, interfaces, methods, and fieldsAccessibility Extensibility

Limit the extensibility of classes and methods (by making it final)Accessibility Extensibility

Validate inputs (for valid data, size, range, boundary conditions, etc)Input Validation

Validate output from untrusted objects as inputInput Validation

Define wrappers around native methods (not declare a native method public)Input Validation

Treat output from untrusted object as inputMutability

Make public static fields final (to avoid caller changing the value)Mutability

Avoid exposing constructors of sensitive classesObject Construction

Avoid serialization for security-sensitive classesSerialization Deserialization

Guard sensitive data during serializationSerialization Deserialization

Be careful caching results of potentially privileged operationsSerialization Deserialization

Only use JNI when necessaryAccess Control

1

* Reference: http://www.oracle.com/technetwork/java/seccodeguide-139067.html

Performance

Checklist ItemCategory

Avoid excessive synchronizationConcurrency

Keep Synchronized Sections SmallConcurrency

Beware the performance of string concatenationGeneral Programming

Avoid creating unnecessary objectsCreating and Destroying Objects

1

* Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021

General

CategoryChecklist Item

Use checked exceptions for recoverable conditions and runtime exceptions for programming errorsExceptions

Favor the use of standard exceptionsExceptions

Don't ignore exceptionsExceptions

Check parameters for validityMethods

Return empty arrays or collections, not nullsMethods

Minimize the accessibility of classes and membersClasses and Interfaces

In public classes, use accessor methods, not public fieldsClasses and Interfaces

Minimize the scope of local variablesGeneral Programming

Refer to objects by their interfacesGeneral Programming

Adhere to generally accepted naming conventionsGeneral Programming

Avoid finalizersCreating and Destroying Objects

Always override hashCode when you override equalsGeneral Programming

Always override toStringGeneral Programming

Use enums instead of int constantsEnums and Annotations

Use marker interfaces to define typesEnums and Annotations

Synchronize access to shared mutable dataConcurrency

Prefer executors to tasks and threadsConcurrency

Document thread safetyConcurrency

Valid JUnit / JBehave test cases existTesting

1

* Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021

Static Code Analysis

CategoryChecklist Item

Check static code analyzer report for the classes added/modifiedStatic Code Analysis

Topics:

JAVA,ENTERPRISE-INTEGRATION,PATTERNS,SOFTWARE DEVELOPMENT,INTEGRATION,BEST PRACTICES,CLIENT-SIDE,CODE REVIEW,JAVA CODE REVIEW