Familiar with existing code in current project.
Familiar with common libraries or related projects in your company.
Look around before you make change
When you add field or function into a class which is extended or inherit from other classes, check whether it already existed in the class hierarchy, if so, reuse it and refactor the code.
Continuously refactor the code.
At least run every path in the changed code.
-- During dev, we may have to use debugger to change value or force throw exception.
More test.
Automate stuff.
Design data schema first
We can always refactor code but it's hard to change existing data and maintain data compatibility.
- Use ID(not name) as reference(in no-sql or solr).
- If there is some data is in-compatible(schema changed etc) in the query response, log it(and fix it later), but still return other data to client.
Readability
From Clean Code
Meaningful Names
Small function, classes.
Avoid long parameter lists.
Don’t add random check - only add a check if it may happen
Don't use boolean as parameter - never use three-state booleans
- use enum or split to different methods for constructor
- use static factory method
Don't return null
- Return Optional
- Or provide methods like getOrDefault()
Don't change input parameters
Put related code together
Don't swallow exceptions
Exceptions should be exceptional.
Always provide timeout
Use NPE-safe utils
- such as Objects.equals, apache commons
Use advanced data structures
- Use Multimap<K, V> instead of Map<K, List<V>>
Robust
Ask: What else?
Notice missing else or default in switch.
Ask: What may go wrong?
Be conservative or be liberal ?
Throw exception and reject the request or hide it and still service the request?
-- Depend on application and business, but be sure to think about it.
Security
Always validate input, set max length of input.
OWASP Top Ten Project
What should every programmer know about security?
A Guide to Building Secure Web Applications
Logging
Log what may help you trouble shoot the issue.
Logging for audit.
Practice
For example, to implement the function to upload image to CDN.
At first, build the basic version that works.
Then check the code to improve it.
What may go wrong?
Check uploaded file size.
Use Jersey @HeaderParam("Content-Length") and reject big file.
Use limitinputstream and throw exception when read more than max bytes.
Normalize file name and extension by replacing special character.
Limit length of file name.
Whitelist file types allowed
-- Use Tika to check file type.
Design Principles
S.O.L.I.D
Robustness Principle
Be conservative in what you send, be liberal in what you accept
Be conservative in what you do, be liberal in what you accept from others
Familiar with common libraries or related projects in your company.
Look around before you make change
When you add field or function into a class which is extended or inherit from other classes, check whether it already existed in the class hierarchy, if so, reuse it and refactor the code.
Continuously refactor the code.
At least run every path in the changed code.
-- During dev, we may have to use debugger to change value or force throw exception.
More test.
Automate stuff.
Design data schema first
We can always refactor code but it's hard to change existing data and maintain data compatibility.
- Use ID(not name) as reference(in no-sql or solr).
- If there is some data is in-compatible(schema changed etc) in the query response, log it(and fix it later), but still return other data to client.
Readability
From Clean Code
Meaningful Names
Small function, classes.
Avoid long parameter lists.
Don’t add random check - only add a check if it may happen
Don't use boolean as parameter - never use three-state booleans
- use enum or split to different methods for constructor
- use static factory method
Don't return null
- Return Optional
- Or provide methods like getOrDefault()
Don't change input parameters
Put related code together
Don't swallow exceptions
Exceptions should be exceptional.
Always provide timeout
Use NPE-safe utils
- such as Objects.equals, apache commons
Use advanced data structures
- Use Multimap<K, V> instead of Map<K, List<V>>
Robust
Ask: What else?
Notice missing else or default in switch.
Ask: What may go wrong?
Be conservative or be liberal ?
Throw exception and reject the request or hide it and still service the request?
-- Depend on application and business, but be sure to think about it.
Security
Always validate input, set max length of input.
OWASP Top Ten Project
What should every programmer know about security?
A Guide to Building Secure Web Applications
Logging
Log what may help you trouble shoot the issue.
Logging for audit.
Practice
For example, to implement the function to upload image to CDN.
At first, build the basic version that works.
Then check the code to improve it.
What may go wrong?
Check uploaded file size.
Use Jersey @HeaderParam("Content-Length") and reject big file.
Use limitinputstream and throw exception when read more than max bytes.
Normalize file name and extension by replacing special character.
Limit length of file name.
Whitelist file types allowed
-- Use Tika to check file type.
Design Principles
S.O.L.I.D
Robustness Principle
Be conservative in what you send, be liberal in what you accept
Be conservative in what you do, be liberal in what you accept from others
