Category Archives: Code Review
Checklist for Effective Code Review
Are you involved in day-to-day code reviews? Would you like to suggest to your team members a checklist that can be used for code reviews? In this blog post, you will learn about key areas to focus on when doing code reviews. Following is a checklist that one could use while doing code review: Functional Suitability: Understand the requirement/use case/user story and ask whether the code you are reviewing meets the requirement or not. This includes the alternate and exception use case flows to be considered for review. Functional suitability is one aspect of code quality that refers to how well the code meets the needs of the user. In …
Why consider using Guava-like Libraries for API Contract Conditions Checks
This article represents a perspective on why one should consider using Pre/Post condition checks libraries rather than writing it down time and again in their code. While doing code reviews, many a times, I have found people using preconditions checks such as “Not Null” in a casual manner rather than based on API contracts requiring pre and post conditions checks. Such checks, at times, do make code difficult to read, learn or understand. One may want to rather use home-grown or external (proven ones) libraries for doing such checks. Not only does it enhance code readability and learn-ability but also, it does make you aware of contracts you put in the code thereby including only necessary checks and, …
Top 6 Refactoring Patterns to Help You Score 80% in Code Quality
This blog lists down top code smells and code refactoring patterns which would help you write good quality code. Top 5 Code Smells Have done several code reviews in past and found following top 5 code smells common across most of these code having code quality issues: Large Class: The classes were found larger enough due to lack of developers’ understanding on one of the primary coding principles which is “Single Responsibility Principle” (SRP). These classes use to get larger due to various methods serving unrelated functionality in the same class. Long Method: The methods have been found longer due to several reasons such as following: Several block of code …
Top 5 Bad Application Security Practices
We all come across good security practices and make ourselves familiar with them to develop secured code. However, it may also be good idea at times to know about some of the bad security practices such that we, for sure, try and avoid them. [adsenseyu2] Following are top 5 bad practices you may want to know about: Do NOT interact with un-trusted programs: Make sure that the external programs that your program is invoking for reasons such as data or functionality, must have got reviewed and tested for security compliance. One of the common entry points into secured applications are these unsecured applications and hackers just love them. Hackers, …
Security Code Review Tips for Application Developers
One of the key aspects of secured application development practice is Security code review. Security code review, as like normal code review, could be done either in automated fashion using one or more tools, or in manual fashion where one or more developers are involved in doing code review. Unlike application normal code review where one needs the knowledge of business functionality and programming language & related technologies’ knowledge, Security code review requires knowledge on different aspects of security including some of the following: Common threats (STRIDE can be a great place to start understanding threats) Vulnerabilities (OWASP Top 10 describes most common vulnerabilities) Remediation techniques recommended in that programming …
Refactoring 3000 Lines of Code
Have you come across a class file (object-oriented programming languages) which spanned across 3000 lines of code or more? Or, even, a class of 1000 lines or more. I do have seen many such code in my career and trust me, every time I have come across such instances, I have a painful time working with any changes required to be made in the code. Honestly, the changes was made without much assurance that everything would work fine with this change in now and future. Lets try and understand what’s the problem with long classes (1000 lines code or more)? Low Maintainability: Such classes score very low in maintainability aspect of …
PHP Code Smells and Best Practices
As application in PHP can be written in object oriented manner, most of the code smells found in the world of object-oriented programming also stay valid for PHP. Recently, I happened to do a code review of a PHP project and wanted to share some of the areas which one would want to pay attention to: Naming methods using Camel Case: It is always helpful to write method names in camel case as it is easily readable. For example, instead of writing method names such as “searchurlAction”, one could write “searchUrlAction”. Software quality characteristic impacted in “Usability“. Long Methods: One may want to avoid large method as these methods become …
I found it very helpful. However the differences are not too understandable for me