paint-brush
I Used an AI Code Review Tool to Analyze an E-commerce App (Javascript): Here's How It Wentby@axellos162
910 reads
910 reads

I Used an AI Code Review Tool to Analyze an E-commerce App (Javascript): Here's How It Went

by Axel LoennforsSeptember 29th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Metabob is an AI code review tool that analyzes JavaScript code. I used it to analyze an e-commerce app written in JavaScript. Metabob was able to find some problems that were interesting. For example, it found an incorrect argument order in a function defined to send a JSON Web Token. This can potentially expose the code to security vulnerabilities.
featured image - I Used an AI Code Review Tool to Analyze an E-commerce App (Javascript): Here's How It Went
Axel Loennfors HackerNoon profile picture

Today, I tested out an AI code review tool, Metabob, to analyze an e-commerce app written in JavaScript. To analyze different files in the repository, I used Metabob's VS Code extension which recently started supporting JavaScript.


To test the tool, I chose a random repository related to e-commerce from GitHub and just made sure that the repo had enough JS files to analyze. The repository I chose is called API-e-commerce-webapp which I forked to my own account.


This repository was nicely organized, easy to understand, and the code in it was mostly well-written - kudos to the original developers!


However, Metabob was able to find some problems that were interesting.

So, Let’s Take a Look at What It Found...

NOTE: The screenshots are always related to the text above them


The first problem that I chose as an example was related to logic within an if condition. In this example, Metabob discovered that the user is raising an error with the message “Please provide all the fields.” However, this is contradicting the actual code logic in the if statement.


The if statement checks if the firstName field is missing by checking if it’s falsy (using !firstName) but then actually checks if the fields lastName, email, and phone are truthy.


Metabob suggests that the logical NOT operator ‘!’ should be also placed in front of all the fields (namely lastName, email, and phone) to check that they have been provided.



The next finding is mostly related to making the output of the code as clear and easy to understand as possible using appropriate HTTP status codes. Here, Metabob detects that the function used to delete a user is using the status code 204, which is used when the server has successfully fulfilled the request and there is no additional content to send in the response.


Metabob recommends that, in this case, given that it is about user deletion, a status code of 200 or 202 would be more appropriate.



Next, Metabob detected an incorrect argument order in a function defined to send a JSON Web Token. It communicated that this can lead to unexpected behavior or errors when running the code. Additionally, this can potentially expose the code to security vulnerabilities as well.



Further, Metabob detects a logical mistake where the condition in the isChanged method checks for a property called this.updateAt for the last time a user password was changed to update the timestamp. However, it should actually check for this.passwordChangedAt because earlier in the code, this is the name of the property used to store the timestamp of a password change.


Additionally, in this detection, Metabob (as it is an AI) shows a bit of an attitude and tells the developer that even if the updateAt was the correct property to check for, it should be updatedAt (check the parentheses in the description :D).


This example showcases the ability of AI code review to analyze the whole file and analyze the logic within it, as the passwordChangedAt is used earlier in the file than the lines that this detection relates to. This is an ability that traditional, rules-based, static code analysis tools lack.




In the next example, the detection is about an unhandled edge case. In this example, the function itself does the correct thing and checks that the user’s role is included in the provided roles before granting permission to perform the given action.


However, Metabob detects that the code does not handle cases where the user’s role is not defined or is invalid and communicates that this could potentially lead to unauthorized access to certain actions. Therefore, the developer should handle the edge case.




All in all, the tool made a good amount of valuable detections from the repository. It can help to ensure sound code logic, readability, and security, and avoid other fatal mistakes. Link to the tool: https://marketplace.visualstudio.com/items?itemName=Metabob.metabob.