Category Archives: Code Review

Why consider using Guava-like Libraries for API Contract Conditions Checks

This article represents a perspective on why one should consider using Pre/Post condition checks libraries rather than writing it down time and again in their code. While doing code reviews, many a times, I have found people using preconditions checks such as “Not Null” in a casual manner rather than based on API contracts requiring pre and post conditions checks. Such checks, at times,  do make code difficult to read, learn or understand. One may want to rather use home-grown or external (proven ones) libraries for doing such checks. Not only does it enhance code readability and learn-ability but also, it does make you aware of contracts you put in the code thereby including only necessary checks and, …

Continue reading

Posted in Code Review, Software Quality, Tools. Tagged with , .

Top 6 Refactoring Patterns to Help You Score 80% in Code Quality

refactoring

This blog lists down top code smells and code refactoring patterns which would help you write good quality code. Top 5 Code Smells Have done several code reviews in past and found following top 5 code smells common across most of these code having code quality issues: Large Class: The classes were found larger enough due to lack of developers’ understanding on one of the primary coding principles which is “Single Responsibility Principle” (SRP). These classes use to get larger due to various methods serving unrelated functionality in the same class. Long Method: The methods have been found longer due to several reasons such as following: Several block of code …

Continue reading

Posted in Code Review, Software Quality. Tagged with .

Top 5 Bad Application Security Practices

bad security practices

We all come across good security practices and make ourselves familiar with them to develop secured code. However, it may also be good idea at times to know about some of the bad security practices such that we, for sure, try and avoid them. [adsenseyu2]   Following are top 5 bad practices you may want to know about: Do NOT interact with un-trusted programs: Make sure that the external programs that your program is invoking for reasons such as data or functionality, must have got reviewed and tested for security compliance. One of the common entry points into secured applications are these unsecured applications and hackers just love them. Hackers, …

Continue reading

Posted in Application Security, Code Review. Tagged with , .

Security Code Review Tips for Application Developers

One of the key aspects of secured application development practice is Security code review. Security code review, as like normal code review, could be done either in automated fashion using one or more tools, or in manual fashion where one or more developers are involved in doing code review. Unlike application normal code review where one needs the knowledge of business functionality and programming language & related technologies’ knowledge, Security code review requires knowledge on different aspects of security including some of the following: Common threats (STRIDE can be a great place to start understanding threats) Vulnerabilities (OWASP Top 10 describes most common vulnerabilities) Remediation techniques recommended in that programming …

Continue reading

Posted in Application Security, Code Review. Tagged with .

Refactoring 3000 Lines of Code

Have you come across a class file (object-oriented programming languages) which spanned across 3000 lines of code or more? Or, even, a class of 1000 lines or more. I do have seen many such code in my career and trust me, every time I have come across such instances, I have a painful time working with any changes required to be made in the code. Honestly, the changes was made without much assurance that everything would work fine with this change in now and future. Lets  try and understand what’s the problem with long classes (1000 lines code or more)? Low Maintainability: Such classes score very low in maintainability aspect of …

Continue reading

Posted in Code Review, Software Quality. Tagged with .

PHP Code Smells and Best Practices

As application in PHP can be written in object oriented manner, most of the code smells found in the world of object-oriented programming also stay valid for PHP. Recently, I happened to do a code review of a PHP project and wanted to share some of the areas which one would want to pay attention to: Naming methods using Camel Case: It is always helpful to write method names in camel case as it is easily readable. For example, instead of writing method names such as “searchurlAction”, one could write “searchUrlAction”. Software quality characteristic impacted in “Usability“. Long Methods: One may want to avoid large method as these methods become …

Continue reading

Posted in Code Review, PHP, Software Quality. Tagged with .

Checklist for Effective Code Review

Are you involved in day-to-day code reviews? Would you like to suggest your team members a checklist that can be used for code reviews? Following is a checklist that one could use while doing code review: Functional Suitability: Understand the requirement/use case/user story and ask whether the code you are reviewing meets the requirement or not. This includes the alternate and exception usecase flows to be considered for review. Maintainability: Maintainability comes as a implied need for every customer when they outsource the software development. Following are three key criteria you would want to check for ensuring high maintainability of the code: Testability: There are two ways of checking the …

Continue reading

Posted in Code Review, Software Quality. Tagged with .