DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Last call! Secure your stack and shape the future! Help dev teams across the globe navigate their software supply chain security challenges.

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Releasing software shouldn't be stressful or risky. Learn how to leverage progressive delivery techniques to ensure safer deployments.

Avoid machine learning mistakes and boost model performance! Discover key ML patterns, anti-patterns, data strategies, and more.

Related

  • Java Code Review Solution
  • Leverage Lambdas for Cleaner Code
  • Getting Started With JMS-ActiveMQ: Explained in a Simple Way
  • Binary Code Verification in Open Source World

Trending

  • Beyond ChatGPT, AI Reasoning 2.0: Engineering AI Models With Human-Like Reasoning
  • Power BI Embedded Analytics — Part 2: Power BI Embedded Overview
  • Infrastructure as Code (IaC) Beyond the Basics
  • A Modern Stack for Building Scalable Systems
  1. DZone
  2. Coding
  3. Java
  4. Java Code Review Checklist

Java Code Review Checklist

Utilize this checklist to review the quality of your Java code, including security, performance, and static code analysis.

By 
Mahesh Chopker user avatar
Mahesh Chopker
·
Jun. 20, 14 · Tutorial
Likes (22)
Comment
Save
Tweet
Share
209.6K Views

Join the DZone community and get the full member experience.

Join For Free


Clean Code

Checklist Item

Category

Use Intention-Revealing Names

Meaningful Names

Pick one word per concept

Meaningful Names

Use Solution/Problem Domain Names

Meaningful Names

Classes should be small!

Classes

Functions should be small!

Functions

Do one Thing

Functions

Don't Repeat Yourself (Avoid Duplication)

Functions

Explain yourself in code

Comments

Make sure the code formatting is applied

Formatting

Use Exceptions rather than Return codes

Exceptions

Don't return Null

Exceptions

* Reference: http://techbus.safaribooksonline.com/book/software-engineering-and-development/agile-development/9780136083238

Security

Checklist Item

Category

Make class final if not being used for inheritance

Fundamentals

Avoid duplication of code

Fundamentals

Restrict privileges: Application to run with the least privilege mode required for functioning

Fundamentals

Minimize the accessibility of classes and members

Fundamentals

Document security related information

Fundamentals

Input into a system should be checked for valid data size and range

Denial of Service

Avoid excessive logs for unusual behavior

Denial of Service

Release resources (Streams, Connections, etc) in all cases

Denial of Service

Purge sensitive information from exceptions (exposing file path, internals of the system, configuration)

Confidential Information

Do not log highly sensitive information

Confidential Information

Consider purging highly sensitive from memory after use 

Confidential Information

Avoid dynamic SQL, use prepared statement

Injection Inclusion

Limit the accessibility of packages,classes, interfaces, methods, and fields

Accessibility Extensibility

Limit the extensibility of classes and methods (by making it final)

Accessibility Extensibility

Validate inputs (for valid data, size, range, boundary conditions, etc)

Input Validation

Validate output from untrusted objects as input

Input Validation

Define wrappers around native methods (not declare a native method public)

Input Validation

Treat output from untrusted object as input

Mutability

Make public static fields final (to avoid caller changing the value)

Mutability

Avoid exposing constructors of sensitive classes

Object Construction

Avoid serialization for security-sensitive classes

Serialization Deserialization

Guard sensitive data during serialization

Serialization Deserialization

Be careful caching results of potentially privileged operations

Serialization Deserialization

Only use JNI when necessary

Access Control

 * Reference: http://www.oracle.com/technetwork/java/seccodeguide-139067.html

Performance

Checklist Item

Category

Avoid excessive synchronization

Concurrency

Keep Synchronized Sections Small

Concurrency

Beware the performance of string concatenation

General Programming

Avoid creating unnecessary objects

Creating and Destroying Objects

* Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021

General

Category

Checklist Item

Use checked exceptions for recoverable conditions and runtime exceptions for programming errors

Exceptions

Favor the use of standard exceptions

Exceptions

Don't ignore exceptions

Exceptions

Check parameters for validity

Methods

Return empty arrays or collections, not nulls

Methods

Minimize the accessibility of classes and members

Classes and Interfaces

In public classes, use accessor methods, not public fields

Classes and Interfaces

Minimize the scope of local variables

General Programming

Refer to objects by their interfaces

General Programming

Adhere to generally accepted naming conventions

General Programming

Avoid finalizers

Creating and Destroying Objects

Always override hashCode when you override equals

General Programming

Always override toString

General Programming

Use enums instead of int constants

Enums and Annotations

Use marker interfaces to define types

Enums and Annotations

Synchronize access to shared mutable data

Concurrency

Prefer executors to tasks and threads

Concurrency

Document thread safety

Concurrency

Valid JUnit / JBehave test cases exist

Testing

* Reference: http://techbus.safaribooksonline.com/book/programming/java/9780137150021

Static Code Analysis

Category

Checklist Item

Check static code analyzer report for the classes added/modified

Static Code Analysis

code style Java (programming language)

Opinions expressed by DZone contributors are their own.

Related

  • Java Code Review Solution
  • Leverage Lambdas for Cleaner Code
  • Getting Started With JMS-ActiveMQ: Explained in a Simple Way
  • Binary Code Verification in Open Source World

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!