Automated code review/analysis

Stop by to discuss use cases, requirements, information architecture, flow diagraming, unit testing and usability.

Moderators: FourthWorld, Klaus

Post Reply
Gigabit
Posts: 4
Joined: Mon Nov 05, 2018 11:29 pm

Automated code review/analysis

Post by Gigabit » Fri Nov 30, 2018 10:40 pm

Hi
I appreciate Livecode offer a code review service but this is pricey for a sole developer creating free apps.
I need a code review to help satisfy requirements to submit to the NHS apps library.
Is there an automated code review tool available that I can use on my Livecode 9.x application?
Thanks

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9801
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: Automated code review/analysis

Post by FourthWorld » Fri Nov 30, 2018 11:15 pm

URL to the NHS requirements?
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

Gigabit
Posts: 4
Joined: Mon Nov 05, 2018 11:29 pm

Re: Automated code review/analysis

Post by Gigabit » Sat Dec 01, 2018 7:42 pm

Hi
I am advised that this forum does not allow a url to be posted but you can find a link to the questionnaire on the web at the NHS App Library
they may ask an organisation Orcha (which has a website) to review

I am advised my app needs a code level review for L1-R. Does anyone know what that is as I cannot find anything on the internet?
ISO accreditation and Cyber Essentials accreditation also cited
as well as recommended compliance with
WCAG2.0AA
ISO 9241-210
WCAG2.0 on accessibility (although I believe this a web rather thwn app based accessibility standard)
Is there an agreed accessibility standard for mobile apps?
They also cite the need for evidenced functional, non-functional and regression testing through documented recordng. Anyone point me to a source for how to best undertake this or otherwise advise as.
Many thanks

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9801
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: Automated code review/analysis

Post by FourthWorld » Sat Dec 01, 2018 10:18 pm

If they do not define L1-R it would seem a bit unfair to expect app devs to comply with it.

I understand NHS had a problem with apps leaking patient data, prompting closure of the app repository in 2015.

While I haven't searched in-depth enough to be able to speak authoritatively, I'd guess most of their compliance concerns are related to security and privacy, yes?

I have only a vague and old familiarity with ISO software standards. IMNSHO most of them are garbage, not reflecting much of how software is actually made in any but the largest and least productive organizations. Impairing a supplier further is the onerousness of the certification process. Tons of time and money, for specious benefit to anyone other than certification contractors. Good luck with that part.

As for rest, please consider posting the relevant URLs in a form that won't trigger this forum's URL filters, such as removing the "http://" portion. If that seems problematic feel free to send me the URLs in private message and I'll post them here.

Without those details we cannot advise on how to comply.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

trevordevore
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 1005
Joined: Sat Apr 08, 2006 3:06 pm
Location: Overland Park, Kansas
Contact:

Re: Automated code review/analysis

Post by trevordevore » Sat Dec 01, 2018 11:46 pm

It would be interesting to gather up the specifics of as many of the actual requirements as possible. Just a couple of comments I have after going through some of the materials I found. This questionnaire seems to be relevant and has app development questions near the end:

https://developer.nhs.uk/wp-content/upl ... ta-PDF.pdf

For mobile security there is a link to the OWASP testing guide:

https://www.owasp.org/index.php/OWASP_M ... e#tab=Main

You can download the OWASP checklist to go through here:

https://github.com/OWASP/owasp-mstg/tre ... Checklists

Code review can come in multiple forms. They may require that a 3rd party review the code looking for issues. They may also require that no changes are submitted to the application code base without an internal review policy and process in place. This may require using a version control system where every change generates an entry that can be considered an audit trail and that an auditor could look at.

If you are a small company with only one developer submitting changes to the code base then perhaps they will be more lenient then they would with a company that has a larger team of developers with multiple people submitting changes to the code base.

Accessibility refers to a number of things within an app. The questionnaire specially talks about contrast between text and background:

"Does the colour contrast of the text on your native app comply with WCAG 2.0 AA level
requirements?"

That is easy enough to address in your UI design. If something like VoiceOver support on iOS is required then that will be more difficult with LiveCode. I hear there is an accessibility add-on that LiveCode is working on but I don't know the specifics or how it will be implemented.

When it comes to testing there is no defacto testing suite for LiveCode that I am aware of. In my company's web applications every feature that is added has tests written in one of the popular testing suites for the development platform. These tests ensure that the feature works as expected. All tests for the app get run every time changes are submitted to the app repo to make sure a change doesn't break existing functionality in the app. Testing frameworks exist for both server code as well as our browser UI.

It would be nice if we had a standard testing suite framework as well as an easy way of running the tests when submitting changes to a repo on Github. But we don't so you would need to come up with your own way of creating scripts that test your app functionality.
Trevor DeVore
ScreenSteps - https://www.screensteps.com

LiveCode Repos - https://github.com/search?q=user%3Atrevordevore+topic:livecode
LiveCode Builder Repos - https://github.com/search?q=user%3Atrevordevore+topic:livecode-builder

bogs
Posts: 5435
Joined: Sat Feb 25, 2017 10:45 pm

Re: Automated code review/analysis

Post by bogs » Sun Dec 02, 2018 12:04 am

Gigabit wrote:
Sat Dec 01, 2018 7:42 pm
I am advised that this forum does not allow a url to be posted
FourthWorld wrote:
Sat Dec 01, 2018 10:18 pm
As for rest, please consider posting the relevant URLs in a form that won't trigger this forum's URL filters, such as removing the "http://" portion. If that seems problematic feel free to send me the URLs in private message and I'll post them here.
I'm pretty sure they won't be able to send you a pm, for the same reason they can't post the link, they have 6 or so posts left to go before they are elevated to those priviledges as of the time of my post...
Selection_001.png
10 is the magic number...
Image

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9801
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: Automated code review/analysis

Post by FourthWorld » Sun Dec 02, 2018 1:58 am

bogs wrote:
Sun Dec 02, 2018 12:04 am
I'm pretty sure they won't be able to send you a pm, for the same reason they can't post the link...
Argh. Wish I could change that. The spam countermeasures in place have not stopped Klaus and I from needing to spend considerable time removing bad posts, but they have stopped a good many legitimate users from doing useful things here.

Fortunately Trevor had the time to dig up the links (thanks Trevor).
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

Post Reply

Return to “Software Engineering”