book

Clean Code Cookbook

Name: Clean Code Cookbook
Author: Maximiliano Contieri
ISBN: 9781098144722

by Maximiliano Contieri

September 2023

Intermediate to advanced

430 pages

8h 6m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Includes

Quizzes

Foreword
Preface
Who This Book Is ForHow This Book Is OrganizedWhat You Need to Use This BookAccess This Book in Digital FormatConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
1. Clean Code
1.1. What Is a Code Smell?1.2. What Is Refactoring?1.3. What Is a Recipe?1.4. Why Clean Code?1.5. Readability, Performance, or Both1.6. Software Types1.7. Machine-Generated Code1.8. Naming Considerations Throughout the Book1.9. Design Patterns1.10. Programming Language Paradigms1.11. Objects Versus Classes1.12. Changeability
2. Setting Up the Axioms
2.0. Introduction2.1. Why Is It a Model?2.2. Why Is It Abstract?2.3. Why Is It Programmable?2.4. Why Is It Partial?2.5. Why Is It Explanatory?2.6. Why Is It About Reality?2.7. Inferring the Rules2.8. The One and Only Software Design Principle
3. Anemic Models
3.0. Introduction3.1. Converting Anemic Objects to Rich Objects3.2. Identifying the Essence of Your Objects3.3. Removing Setters from Objects3.4. Removing Anemic Code Generators3.5. Removing Automatic Properties3.6. Removing DTOs3.7. Completing Empty Constructors3.8. Removing Getters3.9. Preventing Object Orgy3.10. Removing Dynamic Properties
4. Primitive Obsession
4.0. Introduction4.1. Creating Small Objects4.2. Reifying Primitive Data4.3. Reifying Associative Arrays4.4. Removing String Abuses4.5. Reifying Timestamps4.6. Reifying Subsets as Objects4.7. Reifying String Validations4.8. Removing Unnecessary Properties4.9. Creating Date Intervals
5. Mutability
5.0. Introduction5.1. Changing var to const5.2. Declaring Variables to Be Variable5.3. Forbidding Changes in the Essence5.4. Avoiding Mutable const Arrays5.5. Removing Lazy Initialization5.6. Freezing Mutable Constants5.7. Removing Side Effects5.8. Preventing Hoisting
6. Declarative Code
6.0. Introduction6.1. Narrowing Reused Variables6.2. Removing Empty Lines6.3. Removing Versioned Methods6.4. Removing Double Negatives6.5. Changing Misplaced Responsibilities6.6. Replacing Explicit Iterations6.7. Documenting Design Decisions6.8. Replacing Magic Numbers with Constants6.9. Separating “What” and “How”6.10. Documenting Regular Expressions6.11. Rewriting Yoda Conditions6.12. Removing Comedian Methods6.13. Avoiding Callback Hell6.14. Generating Good Error Messages6.15. Avoiding Magic Corrections
7. Naming
7.0. Introduction7.1. Expanding Abbreviations7.2. Renaming and Breaking Helpers and Utils7.3. Renaming MyObjects7.4. Renaming Result Variables7.5. Renaming Variables Named After Types7.6. Renaming Long Names7.7. Renaming Abstract Names7.8. Correcting Spelling Mistakes7.9. Removing Class Names from Attributes7.10. Removing the First Letter from Classes and Interfaces7.11. Renaming Basic / Do Functions7.12. Converting Plural Classes to Singular7.13. Removing “Collection” from Names7.14. Removing “Impl” Prefix/Suffix from Class Names7.15. Renaming Arguments According to Role7.16. Removing Redundant Parameter Names7.17. Removing Gratuitous Context from Names7.18. Avoiding Data Naming
8. Comments
8.0. Introduction8.1. Removing Commented Code8.2. Removing Obsolete Comments8.3. Removing Logical Comments8.4. Removing Getter Comments8.5. Converting Comments to Function Names8.6. Removing Comments Inside Methods8.7. Replacing Comments with Tests

9. Standards
9.0. Introduction9.1. Following Code Standards9.2. Standardizing Indentations9.3. Unifying Case Conventions9.4. Writing Code in English9.5. Unifying Parameter Order9.6. Fixing Broken Windows
10. Complexity
10.0. Introduction10.1. Removing Repeated Code10.2. Removing Settings/Configs and Feature Toggles10.3. Changing State as Properties10.4. Removing Cleverness from Code10.5. Breaking Multiple Promises10.6. Breaking Long Chains of Collaborations10.7. Extracting a Method to an Object10.8. Looking After Array Constructors10.9. Removing Poltergeist Objects
11. Bloaters
11.0. Introduction11.1. Breaking Too Long Methods11.2. Reducing Excess Arguments11.3. Reducing Excess Variables11.4. Removing Excessive Parentheses11.5. Removing Excess Methods11.6. Breaking Too Many Attributes11.7. Reducing Import Lists 11.8. Breaking “And” Functions11.9. Breaking Fat Interfaces
12. YAGNI
12.0. Introduction12.1. Removing Dead Code12.2. Using Code Instead of Diagrams12.3. Refactoring Classes with One Subclass12.4. Removing One-Use Interfaces12.5. Removing Design Pattern Abuses12.6. Replacing Business Collections
13. Fail Fast
13.0. Introduction13.1. Refactoring Reassignment of Variables13.2. Enforcing Preconditions13.3. Using Stricter Parameters13.4. Removing Default from Switches13.5. Avoiding Modifying Collections While Traversing13.6. Redefining Hash and Equality13.7. Refactoring Without Functional Changes
14. Ifs
14.0. Introduction14.1. Replacing Accidental Ifs with Polymorphism14.2. Renaming Flag Variables for Events14.3. Reifying Boolean Variables14.4. Replacing Switch/Case/Elseif Statements14.5. Replacing Hardcoded If Conditions with Collections14.6. Changing Boolean to Short-Circuit Conditions14.7. Adding Implicit Else14.8. Rewriting Conditional Arrow Code14.9. Avoiding Short-Circuit Hacks14.10. Rewriting Nested Arrow Code14.11. Preventing Return Boolean Values for Condition Checks14.12. Changing Comparison Against Booleans14.13. Extracting from Long Ternaries14.14. Converting Nonpolymorphic Functions to Polymorphic14.15. Changing Equal Comparison14.16. Reifying Hardcoded Business Conditions14.17. Removing Gratuitous Booleans14.18. Rewriting Nested Ternaries
15. Null
15.0. Introduction15.1. Creating Null Objects15.2. Removing Optional Chaining15.3. Converting Optional Attributes to a Collection15.4. Using Real Objects for Null15.5. Representing Unknown Locations Without Using Null
16. Premature Optimization
16.0. Introduction16.1. Avoiding IDs on Objects16.2. Removing Premature Optimization16.3. Removing Bitwise Premature Optimizations16.4. Reducing Overgeneralization16.5. Changing Structural Optimizations16.6. Removing Anchor Boats16.7. Extracting Caches from Domain Objects16.8. Removing Callback Events Based on Implementation16.9. Removing Queries from Constructors16.10. Removing Code from Destructors
17. Coupling
17.0. Introduction17.1. Making Hidden Assumptions Explicit17.2. Replacing Singletons17.3. Breaking God Objects17.4. Breaking Divergent Change17.5. Converting 9999 Special Flag Values to Normal17.6. Removing Shotgun Surgery17.7. Removing Optional Arguments17.8. Preventing Feature Envy17.9. Removing the Middleman17.10. Moving Default Arguments to the End17.11. Avoiding the Ripple Effect17.12. Removing Accidental Methods on Business Objects17.13. Removing Business Code from the User Interface17.14. Changing Coupling to Classes17.15. Refactoring Data Clumps17.16. Breaking Inappropriate Intimacy17.17. Converting Fungible Objects
18. Globals
18.0. Introduction18.1. Reifying Global Functions18.2. Reifying Static Functions18.3. Replacing GoTo with Structured Code18.4. Removing Global Classes18.5. Changing Global Date Creation
19. Hierarchies
19.0. Introduction19.1. Breaking Deep Inheritance19.2. Breaking Yo-Yo Hierarchies19.3. Breaking Subclassification for Code Reuse19.4. Replacing “is-a” Relationship with Behavior19.5. Removing Nested Classes19.6. Renaming Isolated Classes19.7. Making Concrete Classes Final19.8. Defining Class Inheritance Explicitly19.9. Migrating Empty Classes19.10. Delaying Premature Classification19.11. Removing Protected Attributes19.12. Completing Empty Implementations
20. Testing
20.0. Introduction20.1. Testing Private Methods20.2. Adding Descriptions to Assertions20.3. Migrating assertTrue to Specific Assertions20.4. Replacing Mocks with Real Objects20.5. Refining Generic Assertions20.6. Removing Flaky Tests20.7. Changing Float Number Assertions20.8. Changing Test Data to Realistic Data20.9. Protecting Tests Violating Encapsulation20.10. Removing Irrelevant Test Information20.11. Adding Coverage for Every Merge Request20.12. Rewriting Tests Depending on Dates20.13. Learning a New Programming Language
21. Technical Debt
21.0. Introduction21.1. Removing Production-Dependent Code21.2. Removing Defect Trackers21.3. Removing Warning/Strict Off21.4. Preventing and Removing ToDos and FixMes
22. Exceptions
22.0. Introduction22.1. Removing Empty Exception Blocks22.2. Removing Unnecessary Exceptions22.3. Rewriting Exceptions for Expected Cases22.4. Rewriting Nested Try/Catches22.5. Replacing Return Codes with Exceptions22.6. Rewriting Exception Arrow Code22.7. Hiding Low-Level Errors from End Users22.8. Narrowing Exception Tries
23. Metaprogramming
23.0. Introduction23.1. Removing Metaprogramming Usage23.2. Reifying Anonymous Functions23.3. Removing Preprocessors23.4. Removing Dynamic Methods
24. Types
24.0. Introduction24.1. Removing Type Checking24.2. Dealing with Truthy Values24.3. Changing Float Numbers to Decimals
25. Security
25.0. Introduction25.1. Sanitizing Inputs25.2. Changing Sequential IDs25.3. Removing Package Dependencies25.4. Replacing Evil Regular Expressions25.5. Protecting Object Deserialization
Glossary of Terms
Index
About the Author

Content preview from Clean Code Cookbook

Chapter 25. Security

Complexity kills. It sucks the life out of developers, it makes products difficult to plan, build and test, it introduces security challenges, and it causes end-user and administrator frustration.

Ray Ozzie

25.0 Introduction

Senior developers must possess the ability to not just create clean and maintainable code, but also construct robust solutions that take into account various software quality attributes, such as performance, resource usage, and security. It is imperative for you to adopt a security-oriented approach while writing code, as you serve as the initial line of defense against potential security vulnerabilities.

25.1 Sanitizing Inputs

Problem

You have code that doesn’t sanitize user inputs.

Solution

Sanitize everything that comes from outside your control.

Discussion

Input Sanitization

Input sanitization involves validating and cleaning user input to ensure that it is safe and conforms to expected formats before you process it. This is important to prevent various security vulnerabilities such as SQL injection, cross-site scripting (XSS), and other attacks that can be executed by malicious users.

Bad actors are always present. You need to be very careful with their input, and you should use sanitization and input filtering techniques. Whenever you get an input from an external resource, you should validate it and check for potentially harmful inputs. SQL injection is a notable example of a threat. You can also add assertions and invariants ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781098144715Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills