"object calisthenics" checks?

[enygma]

Think about possibly adding "object calisthenics" checks...

• One level of indentation
• Don't use else
• Wrap primitive types (if they contain behavior)
• Only one -> per line
• Do not abbreviate
• Keep you classes small
• Limit your instance variables (dependencies passed into methods)
• Using first class collections
• Use getters and setters
• Document your code

Not really about security but could be useful for checking

[redbeardcreator]

It's an interesting thought. I would probably use it. I have used similar features in other tools.

[enygma]

Yeah, this was more of a passing thought recorded in a conference talk. This probably more relates to code quality and less to security specifically.

[redbeardcreator]

I understand that. It might be something to add later as a plugin-type tool.

[garrettw]

Some of those are already well-covered by other static analysis tools, specifically these, at the very least (I think):

• Don't use else
• Keep your classes small
• Limit your instance variables (dependencies passed into methods)
• Use getters and setters
• Document your code