Sunday, May 17, 2020

Code Review Practices

Code Review Practices:

Hi Friends, In this post I'm sharing the Java Code Review Checklist which should be performed while doing code review.

While doing the code review, multiple factors are taken into account : Clean code, Security, performance, General points etc. 

I'm explaining each one of them below:

Java Code Review Checklist:

Clean Code:

  • Use intention-revealing names
    •  Names should be such that, they reveal the purpose.

  • Use solution-problem domain names
    • Names should be such that they tell about the actual solution or problem.

  • Classes should be small
    • Keep the code in a class as less as possible and create other classes or subclasses for specific purpose.

  • Functions should be small
    • Always break the functions in small. 

  • Functions should do one thing
    • Keep one separate function for each action.

  • Don't repeat yourself (Avoid duplication)
    • Don't write duplicate codes. Check the entire code before writing the same code twice in the project.

  • Explain yourself in code : 
    • Write proper Class level and method level Comments.

  • Use exceptions rather than return codes 

  • Don't return null
    • Never return null values from a function.


Security:

  • Make class final if not being used for inheritance
  • Avoid duplication of code
  • Minimize the accessibility of classes and members
  • Document security related information
  • Input into a system should be checked for valid data size and range
  • Release resources[Streams , Connections] in all cases.
  • Purge sensitive information from exceptions
  • Don't log highly sensitive information
  • Avoid dynamic SQL, use prepared statement
  • Limit the accessibility of packages, classes interfaces, methods and fields.
  • Avoid exposing constructors of sensitive classes.
  • Avoid serialization of sensitive classes
  • Only use JNI when necessary 

Performance:

  • Avoid excessive synchronization
    • Don't use synchronize constructs unneccessarily
  • Keep synchronized sections small
  • Beware the performance of String concatenations
    • Avoid joining strings as much as possible.
  • Avoid creating unnecessary objects.
    • Try to create only local objects and also create them based on actual need.

General:

  • Don't ignore exceptions
  • Return empty Arrays or Collections , not nulls
  • In public classes, use accessor methods not public methods
  • Avoid finalizers
  • Refer to objects by their interfaces
  • Always override toString()
  • Document thread safety
  • Use marker interfaces to define types

Static Code Analysis:

  • Check static code analyzer report for the classes added/modified



That's all for this post.
Thanks for reading!!






at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

CAP Theorem and external configuration in microservices

 Hi friends, In this post, I will explain about CAP Theorem and setting external configurations in microservices. Question 1: What is CAP Th...