Fiqare secmotic rules #411
Conversation
lib/bindings/HTTPBindings.js
Outdated
| @@ -44,7 +44,7 @@ var http = require('http'), | |||
| }, | |||
| transport = 'HTTP'; | |||
|
|
|||
| function handleError(error, req, res, next) { | |||
| function handleError(error, req, res) { | |||
There was a problem hiding this comment.
Not sure if the fix for this is removing next from the signature of the function of this change is actually raising another kind of bug in the function: it should call next() upon completion but it is not doing it.
A similar case would be the one with returnCommands() modification, some lines below.
@AlvaroVega what do you think?
There was a problem hiding this comment.
I guess express is expecting always a function with req, res, next) args
There was a problem hiding this comment.
I have been discussing this case with @AlvaroVega and the solution here shouldn't be to remove "next" for the parametrs, but adding the next(); call to the end of the function, i.e. just after L59.
Co-Authored-By: Fermín Galán Márquez <fgalan@users.noreply.github.com>
lib/iotaUtils.js
Outdated
| @@ -155,7 +155,7 @@ function mergeDeviceWithConfiguration(deviceData, configuration, callback) { | |||
| } else if (!deviceData[fields[i]] && (!configuration || !configuration[confField])) { | |||
| deviceData[fields[i]] = defaults[i]; | |||
| } else { | |||
| config.getLogger().error(context, 'There is no possible merge'); | |||
| config.getLogger().debug(context, 'at field %d configuration merging logic did not merge anything', i); | |||
There was a problem hiding this comment.
Is "%d" the right formatter for integer in JavaScript?
There was a problem hiding this comment.
Changing log from error to debug level, sure?
There was a problem hiding this comment.
Probably you are seeing a partical commit... if you clear filters in diff tab the actual change shown is the addition of the a debug line. I mean, there wasn't any error() logging here before.
There was a problem hiding this comment.
Confirmed "%d" is correct. Thus NTC (I guess)
lib/bindings/HTTPBindings.js
Outdated
| @@ -159,7 +159,7 @@ function returnCommands(req, res, next) { | |||
| updates = commandList.map(createCommandUpdate); | |||
| cleanCommands = commandList.map(cleanCommand); | |||
|
|
|||
| async.parallel(updates.concat(cleanCommands), function(error, results) { | |||
There was a problem hiding this comment.
results seems a reminder of a log that was necessary.
There was a problem hiding this comment.
In that case the fix should be to use results to provide a proper log messages based on it.
There was a problem hiding this comment.
In this case we continue to rely on ISO 25010 to improve software quality. Mainly:
Rule 1: Unused function parameters should be removed, based on:
MISRA C++:2008, 0-1-11 - There shall be no unused parameters (named or unnamed) in nonvirtual functions.
MISRA C:2012, 2.7 - There should be no unused parameters in functions
CERT, MSC12-C. - Detect and remove code that has no effect or is never executed
So, this is fixed in a2e11f6
There was a problem hiding this comment.
We agree that unused parameters should be avoided. However, we are proposing a different solution for this case: instead of removing the unused results parameter, let's add a log trace that uses results to print some useful information in the logs for the user.
What do you think?
There was a problem hiding this comment.
Based on the maintainability axis of ISO 25010, I think it is counterproductive to add code to the function to use a variable that is currently deprecated, which makes it less readable. Therefore, before adding code that will not be functional, I prefer to leave the function as it was, with the variable "results".
lib/bindings/HTTPBindings.js
Outdated
| @@ -135,7 +135,7 @@ function checkMandatoryParams(queryPayload) { | |||
| * This middleware checks whether there is any polling command pending to be sent to the device. If there is some, | |||
| * add the command information to the return payload. Otherwise it returns an empty payload. | |||
| */ | |||
| function returnCommands(req, res, next) { | |||
| function returnCommands(req, res) { | |||
There was a problem hiding this comment.
Similarly to handleError() the solution should be to call next(); in the proper place (I guess that just after L205, but not fully sure).
| @@ -115,7 +115,7 @@ function manageConfigurationRequest(apiKey, deviceId, device, objMessage) { | |||
| * @param {Number} index Index of the group in the array. | |||
| * @return {Array} Updated array of functions. | |||
| */ | |||
| function processMeasureGroup(device, apikey, previous, current, index) { | |||
| function processMeasureGroup(device, apikey, previous, current) { | |||
There was a problem hiding this comment.
JavaDoc entry for index (L115) should be removed also.
lib/iotaUtils.js
Outdated
| } else { | ||
| config | ||
| .getLogger() | ||
| .debug(context, 'at field "' + fields[i] + '" configuration merging logic did not merge anything', i); |
There was a problem hiding this comment.
| .debug(context, 'at field "' + fields[i] + '" configuration merging logic did not merge anything', i); | |
| .debug(context, 'at field "' + fields[i] + '" configuration merging logic did not merge anything'); |
not fully sure but I'd say that if you don't use formating (such as "%d") then the i variable should not be included at the end of the statement.
| @@ -57,6 +57,7 @@ function handleError(error, req, res, next) { | |||
| name: error.name, | |||
There was a problem hiding this comment.
I think the PR is almost ready (good work! :). However, you should include an entry in the CHANGES_NEXT_RELEASE file in describing the changes. Maybe something like the following:
- Hardening: software quality improvement based on ISO25010 recommendations
There was a problem hiding this comment.
LGTM (at commit 484e833). Thanks for your contribution!
In order to keep the homogeneity along with all the IOTA suite, we will wait to merge this PR until a similar PR with software improvements based on ISO25010 recommendations could be done in the following repositories:
|
After merging PR #415 I'm afraid some merging conflict have arisen in this PR. Fortunatelly, the solution seems easy, detailed by @jason-fox at telefonicaid/iotagent-manager#171 (comment)
Sorry for the incoveniences |
This pull request contains improvements made by the Secmotic team for iotagent-ul. These improvements are part of the fiQare project, which is based on ISO 25010 to improve software quality. More info: https://fiqare.eu/
There are two rules:
Rule 1: Unused function parameters should be removed, based on:
Rule 2: if.. else if constructs should end with else clauses, based on:
All test in Travis has been passed successfully and the coverage in Coveralls remains the same.