forked from usdot-jpo-ode/jpo-ode
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'ode-1093' of https://github.com/usdot-jpo-ode/jpo-ode i…
…nto ode-1093
- Loading branch information
Showing
3 changed files
with
109 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
|
|
||
| # Coding Standards | ||
|
|
||
| [**https://dzone.com/articles/java-code-review-checklist**](https://webmail.bah.com/owa/redir.aspx?REF=ZhArHW04o5Lor_RX2IzYf8QasYy5Ise3e9Otxtmbzud9Pr3PH1DUCAFodHRwczovL2R6b25lLmNvbS9hcnRpY2xlcy9qYXZhLWNvZGUtcmV2aWV3LWNoZWNrbGlzdA..) | ||
|
|
||
| ## Clean Code | ||
|
|
||
| |Checklist Item |Category| | ||
| |--------------------------------------------|--------| | ||
| |Use Intention-Revealing Names |Meaningful Names| | ||
| |Pick one word per concept |Meaningful Names| | ||
| |Use Solution/Problem Domain Names |Meaningful Names| | ||
| |Classes should be small! |Classes| | ||
| |Functions should be small! |Functions| | ||
| |Do one Thing |Functions| | ||
| |Don't Repeat Yourself (Avoid Duplication) |Functions| | ||
| |Explain yourself in code |Comments| | ||
| |Make sure the code formatting is applied |Formatting| | ||
| |Use Exceptions rather than Return codes |Exceptions| | ||
| |Don't return Null |Exceptions| | ||
|
|
||
| ## Security | ||
|
|
||
| |Checklist Item |Category| | ||
| |-----------------------------------------------------------------------------------------------------------|--------| | ||
| |Make class final if not being used for inheritance |Fundamentals| | ||
| |Avoid duplication of code |Fundamentals| | ||
| |Restrict privileges: Application to run with the least privilege mode required for functioning |Fundamentals| | ||
| |Minimize the accessibility of classes and members |Fundamentals| | ||
| |Document security related information |Fundamentals| | ||
| |Input into a system should be checked for valid data size and range |Denial of Service| | ||
| |Avoid excessive logs for unusual behavior |Denial of Service| | ||
| |Release resources (Streams, Connections, etc) in all cases |Denial of Service| | ||
| |Purge sensitive information from exceptions (exposing file path, internals of the system, configuration) |Confidential Information| | ||
| |Do not log highly sensitive information |Confidential Information| | ||
| |Consider purging highly sensitive from memory after use |Confidential Information| | ||
| |Avoid dynamic SQL, use prepared statement |Injection Inclusion| | ||
| |Limit the accessibility of packages,classes, interfaces, methods, and fields |Accessibility Extensibility| | ||
| |Limit the extensibility of classes and methods (by making it final) |Accessibility Extensibility| | ||
| |Validate inputs (for valid data, size, range, boundary conditions, etc) |Input Validation| | ||
| |Validate output from untrusted objects as input |Input Validation| | ||
| |Define wrappers around native methods (not declare a native method public) |Input Validation| | ||
| |Treat output from untrusted object as input |Mutability| | ||
| |Make public static fields final (to avoid caller changing the value) |Mutability| | ||
| |Avoid exposing constructors of sensitive classes |Object Construction| | ||
| |Avoid serialization for security-sensitive classes |Serialization Deserialization| | ||
| |Guard sensitive data during serialization |Serialization Deserialization| | ||
| |Be careful caching results of potentially privileged operations |Serialization Deserialization| | ||
| |Only use JNI when necessary |Access Control| | ||
|
|
||
| ## Performance | ||
|
|
||
| |Checklist Item |Category | | ||
| |-------------------------------------------------|-------------------------------| | ||
| |Avoid excessive synchronization |Concurrency | | ||
| |Keep Synchronized Sections Small |Concurrency | | ||
| |Beware the performance of string concatenation |General Programming | | ||
| |Avoid creating unnecessary objects |Creating and Destroying Objects| | ||
|
|
||
| ## General | ||
|
|
||
| |Category |Checklist Item| | ||
| |-------------------------------------------------------------------------------------------------|--------------| | ||
| |Use checked exceptions for recoverable conditions and runtime exceptions for programming errors |Exceptions| | ||
| |Favor the use of standard exceptions |Exceptions| | ||
| |Don't ignore exceptions |Exceptions| | ||
| |Check parameters for validity |Methods| | ||
| |Return empty arrays or collections, not nulls |Methods| | ||
| |Minimize the accessibility of classes and members |Classes and Interfaces| | ||
| |In public classes, use accessor methods, not public fields |Classes and Interfaces| | ||
| |Minimize the scope of local variables |General Programming| | ||
| |Refer to objects by their interfaces |General Programming| | ||
| |Adhere to generally accepted naming conventions |General Programming| | ||
| |Avoid finalizers |Creating and Destroying Objects| | ||
| |Always override hashCode when you override equals |General Programming| | ||
| |Always override toString |General Programming| | ||
| |Use enums instead of int constants |Enums and Annotations| | ||
| |Use marker interfaces to define types |Enums and Annotations| | ||
| |Synchronize access to shared mutable data |Concurrency| | ||
| |Prefer executors to tasks and threads |Concurrency| | ||
| |Document thread safety |Concurrency| | ||
| |Valid JUnit / JBehave test cases exist |Testing| | ||
|
|
||
| ## Static Code Analysis | ||
|
|
||
| |Category|Checklist Item| | ||
| |--------|--------------| | ||
| |Check static code analyzer report for the classes added/modified|Static Code Analysis| |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,4 @@ | ||
|
|
||
| # Contributing Guide | ||
|
|
||
| Welcome to the JPO ODE contributing guide. Please read this guide to learn about our development process, how to propose pull requests and improvements, and how to build and test your changes to this project. | ||
|
|
@@ -9,7 +10,7 @@ By contributing to the US Department of Transportation Joint Program office (JPO | |
|
|
||
| ## Style Guide | ||
|
|
||
| [Code Standards](https://usdotjpoode.atlassian.net/wiki/display/USDOTJPODE/Code+Standards) | ||
| [Code Standards](https://usdotjpoode.atlassian.net/wiki/spaces/ODTD/pages/8234945/Code+Standards) | ||
|
|
||
|
|
||
| ## Miscellaneous Documentation | ||
|
|
@@ -31,29 +32,32 @@ By contributing to the US Department of Transportation Joint Program office (JPO | |
| ### Issue tracker | ||
| Contributors will utilize Github's issue tracking system to record and manage issues that are reported by users of the ODE in the field. These may include performance requests, found bugs, and new requests. The follow operating procedure highlights how the ODE development team will address and respond to reported issues. | ||
|
|
||
| Issue Repository: [https://github.com/usdot-jpo-ode/jpo-ode/issues](https://github.com/usdot-jpo-ode/jpo-ode/issues) | ||
| Issue Repository: [https://github.com/usdot-jpo-ode/jpo-ode/issues](https://github.com/usdot-jpo-ode/jpo-ode/issues) | ||
|
|
||
| ### Pull requests | ||
|
|
||
| [Jpo-Ode GitHub Pull Request Page](https://github.com/usdot-jpo-ode/jpo-ode/pulls) | ||
| [JPO-ODE GitHub Pull Request Page](https://github.com/usdot-jpo-ode/jpo-ode/pulls) | ||
|
|
||
| All software development teams, regardless of being a member of the repository or external contributor, are required to submit their changes in a Pull Request (PR). The `master` branch is protected against direct commits. All commits to `master` branch would have to be processed through a PR. Changes must be committed to a separate branch, pushed to GitHub and PR created to merge the branch to `master`. The `dev` branch has been set aside for daily updates and will contain the latest commits but does not necessarily contain a `stable` build. The `dev` branch is work in progress until the changes have been reviewed in a PR and approve, at which point, the branch can be merged to `master`. | ||
|
|
||
| All pull requests will be reviewed by the JPO-ODE team. During the review of your pull request the team member will either merge it, request changes to it, or close it with an explanation. For major changes the reviewer may require additional support from the team, which could cause some delay. We'll do our best to provide updates and feedback throughout the process. Feel free to open pull requests, and the ODE team will communicate through it with any comments. | ||
| **Before submitting a pull request**, please make sure the following is done: | ||
| All pull requests will be reviewed by the JPO-ODE team. The team member will either request for additional details, merge it to the baseline, request changes to it, or close it with an explanation. For major changes, the reviewer may require additional support from the team, which could cause some delay. We'll do our best to provide updates and feedback throughout the process. Feel free to open pull requests, and the ODE team will provide feedback. | ||
| **Before submitting a pull request**, please make sure the following is done: | ||
|
|
||
| 1. Fork the repository and create your branch from the develop. | ||
| 2. If you've added code that should be tested, add tests! | ||
| 3. Ensure the tests pass. Our target is 90% coverage | ||
| 4. Update the documentation. | ||
| 1. External contributors must first fork the repository in their own personal or organization. | ||
| 2. All contributors must create a branch from `master`, `dev` or any other branch desired. | ||
| 3. If you've added code that should be tested, add tests! | ||
| 4. Ensure the tests pass. Our target is 90% coverage | ||
| 5. Update the documentation. | ||
| - User QA procedures are documented within the Github Wiki | ||
| - Architecture and user guide documentation should be included in the word document under the `docs/` folder | ||
| - Please contact the ODE with qny questions | ||
| 5. Format your code as outlined in the style guide | ||
| 6. Format your code as outlined in the style guide | ||
|
|
||
| ## Contributor Covenant Code of Conduct | ||
| #### Our Pledge | ||
| ### Our Pledge | ||
| In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. | ||
|
|
||
| #### Our Standards | ||
| ### Our Standards | ||
| Examples of behavior that contributes to creating a positive environment include: | ||
|
|
||
| - Using welcoming and inclusive language | ||
|
|
@@ -70,17 +74,13 @@ Examples of unacceptable behavior by participants include: | |
| - Publishing others' private information, such as a physical or electronic address, without explicit permission | ||
| - Other conduct which could reasonably be considered inappropriate in a professional setting | ||
|
|
||
| #### Our Responsibilities | ||
| ### Our Responsibilities | ||
| Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. | ||
| Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. | ||
|
|
||
| #### Scope | ||
| ### Scope | ||
| This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. | ||
| Enforcement | ||
|
|
||
| Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at [email protected]. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. | ||
| Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. | ||
|
|
||
|
|
||
|
|
||
|
|
||