zhongwei/gh-olino3-forge-forge-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-30 08:45:11 +08:00
commit 42c0b6ee81
16 changed files with 3608 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

391
skills/python-code-review/templates/inline_comment_template.md Normal file
View File

@@ -0,0 +1,391 @@
# Inline Code Review Comments Template
This template provides examples of inline PR-style comments for different types of issues.
---
## Critical Issues
### Security Vulnerability
**File**: `auth.py:45`
```python
# Current code
user = db.execute(f"SELECT * FROM users WHERE username = '{username}'")
```
**Issue**: SQL Injection Vulnerability
**Severity**: 🔴 Critical
**Description**:
User input is directly interpolated into the SQL query, allowing attackers to execute arbitrary SQL commands.
**Attack Vector**:
```python
username = "admin' OR '1'='1"
# Results in: SELECT * FROM users WHERE username = 'admin' OR '1'='1'
```
**Fix**:
```python
# Use parameterized queries
user = db.execute("SELECT * FROM users WHERE username = %s", (username,))
# Or use ORM
user = User.query.filter_by(username=username).first()
```
**Reference**: OWASP A03:2021 - Injection
---
### Data Corruption Risk
**File**: `payment.py:123`
```python
# Current code
order.amount -= discount
order.save()
payment.process(order.amount)
```
**Issue**: Race Condition in Payment Processing
**Severity**: 🔴 Critical
**Description**:
If two requests process the same order simultaneously, the discount could be applied twice, leading to incorrect payment amounts.
**Fix**:
```python
from django.db import transaction
@transaction.atomic
def process_payment(order_id, discount):
order = Order.objects.select_for_update().get(id=order_id)
order.amount -= discount
order.save()
payment.process(order.amount)
```
---
## Important Issues
### Performance Bottleneck
**File**: `views.py:67`
```python
# Current code
posts = Post.objects.all()
for post in posts:
print(post.author.name) # N+1 query problem
```
**Issue**: N+1 Query Problem
**Severity**: 🟡 Important
**Impact**: For 100 posts, this executes 101 database queries instead of 1.
**Performance**: ~1000ms → ~10ms (100x improvement)
**Fix**:
```python
posts = Post.objects.select_related('author').all()
for post in posts:
print(post.author.name) # No additional queries
```
---
### Type Safety Issue
**File**: `utils.py:234`
```python
def calculate_total(prices):
return sum(prices) * 1.1
```
**Issue**: Missing Type Hints
**Severity**: 🟡 Important
**Description**:
Function lacks type hints, making it unclear what types are expected and returned. Could lead to runtime errors.
**Fix**:
```python
def calculate_total(prices: list[float]) -> float:
"""Calculate total with 10% tax.
Args:
prices: List of item prices
Returns:
Total amount including tax
"""
return sum(prices) * 1.1
```
---
### Architectural Concern
**File**: `api.py:89`
```python
@app.route('/process')
def process_data():
# 150 lines of business logic mixed with HTTP handling
data = request.get_json()
# ... lots of processing ...
return jsonify(result)
```
**Issue**: Fat Controller / Missing Service Layer
**Severity**: 🟡 Important
**Impact**:
- Hard to test business logic
- Violates Single Responsibility Principle
- Difficult to reuse logic elsewhere
**Recommendation**:
```python
# services/data_processor.py
class DataProcessor:
def process(self, data: dict) -> dict:
# Business logic here
return result
# api.py
@app.route('/process')
def process_data():
data = request.get_json()
processor = DataProcessor()
result = processor.process(data)
return jsonify(result)
```
---
## Minor Issues
### Code Smell
**File**: `helpers.py:45`
```python
def append_to_list(item, items=[]): # Mutable default argument!
items.append(item)
return items
```
**Issue**: Mutable Default Argument
**Severity**: 🔵 Minor
**Bug**: Default list is shared between all function calls, causing unexpected behavior.
**Example**:
```python
list1 = append_to_list('a') # ['a']
list2 = append_to_list('b') # ['a', 'b'] - UNEXPECTED!
```
**Fix**:
```python
def append_to_list(item, items=None):
if items is None:
items = []
items.append(item)
return items
```
---
### Dead Code
**File**: `old_utils.py:123`
```python
def legacy_function():
# This function is never called
pass
```
**Issue**: Unused Code
**Severity**: 🔵 Minor
**Recommendation**: Remove to improve code maintainability and reduce cognitive load.
---
### Complexity
**File**: `calculator.py:56`
```python
def complex_calculation(x, y, z, mode, options):
# 50 lines with nested if/else
# Cyclomatic complexity: 23 (Rank D)
...
```
**Issue**: High Cyclomatic Complexity
**Severity**: 🔵 Minor
**Impact**: Hard to understand, test, and maintain.
**Recommendation**: Refactor into smaller, focused functions:
```python
def complex_calculation(x, y, z, mode, options):
if mode == 'simple':
return _simple_calc(x, y, z)
elif mode == 'advanced':
return _advanced_calc(x, y, z, options)
else:
return _default_calc(x, y)
def _simple_calc(x, y, z):
...
def _advanced_calc(x, y, z, options):
...
```
---
## Testing Issues
### Missing Test Coverage
**File**: `payment.py:200`
```python
def process_refund(order_id, amount):
# Critical business logic with no tests!
order = Order.objects.get(id=order_id)
order.refund(amount)
send_notification(order.user, f"Refunded ${amount}")
```
**Issue**: Missing Tests for Critical Path
**Severity**: 🟡 Important
**Recommendation**: Add comprehensive tests:
```python
# tests/test_payment.py
def test_process_refund_success():
order = create_test_order(amount=100)
process_refund(order.id, 50)
assert order.amount == 50
assert_notification_sent(order.user)
def test_process_refund_exceeds_amount():
order = create_test_order(amount=100)
with pytest.raises(ValueError):
process_refund(order.id, 150)
def test_process_refund_invalid_order():
with pytest.raises(Order.DoesNotExist):
process_refund(99999, 50)
```
---
## Information / Suggestions
### Opportunity for Optimization
**File**: `data_processor.py:78`
```python
results = []
for item in large_dataset:
results.append(transform(item))
```
**Suggestion**: Use list comprehension or generator for better performance
```python
# List comprehension (if all results needed in memory)
results = [transform(item) for item in large_dataset]
# Generator (if processing one at a time)
results = (transform(item) for item in large_dataset)
```
---
### Modern Python Pattern
**File**: `file_handler.py:34`
```python
f = open('data.txt', 'r')
data = f.read()
f.close() # May not execute if read() raises exception
```
**Suggestion**: Use context manager
```python
with open('data.txt', 'r') as f:
data = f.read()
# File automatically closed, even if exception occurs
# Or use pathlib
from pathlib import Path
data = Path('data.txt').read_text()
```
---
## Comment Format Guidelines
### Structure
```
**File**: path/to/file.py:line_number
[Code snippet if helpful]
**Issue**: Brief title
**Severity**: 🔴 Critical | 🟡 Important | 🔵 Minor | ⚪ Info
**Description**: Detailed explanation
**Impact/Why it matters**: Consequences
**Fix/Recommendation**: Concrete solution with code example
**Reference**: Links to docs, CVEs, etc. (if applicable)
```
### Severity Levels
- 🔴 **Critical**: Security vulnerabilities, data corruption, production failures
- 🟡 **Important**: Performance issues, type safety, architectural problems, missing tests
- 🔵 **Minor**: Code smells, complexity, dead code, minor bugs
-**Info**: Suggestions, optimizations, style (only if blocking automation)
### Tone
- Be specific and actionable
- Explain the "why" not just the "what"
- Provide code examples
- Reference authoritative sources
- Acknowledge good code when present
- Be constructive, not critical

263
skills/python-code-review/templates/report_template.md Normal file
View File

@@ -0,0 +1,263 @@
# Code Review Report: [Project Name]
**Date**: [YYYY-MM-DD]
**Reviewer**: Claude Code
**Scope**: [Brief description of what was reviewed]
---
## Executive Summary
**Overall Assessment**: [Excellent | Good | Fair | Needs Improvement | Critical Issues Found]
**Key Findings**:
- Critical Issues: [N]
- Important Issues: [N]
- Performance Concerns: [N]
- Security Vulnerabilities: [N]
**Recommendation**: [Summary recommendation - e.g., "Address critical security issues before deployment" or "Code is production-ready with minor improvements recommended"]
---
## Critical Issues
### 1. [Issue Title]
**Severity**: Critical
**Category**: [Security | Data Corruption | Production Failure]
**Location**: `file.py:123`
**Description**:
[Detailed description of the issue]
**Impact**:
[What could go wrong if not fixed]
**Recommendation**:
```python
# Before (vulnerable)
[problematic code]
# After (fixed)
[corrected code]
```
**References**:
- [CWE-XXX](link) or [OWASP](link) if applicable
---
### 2. [Next Critical Issue]
...
---
## Important Issues
### Performance Bottleneck: [Description]
**Location**: `file.py:456`
**Impact**: [e.g., "O(n²) complexity causes slowdown with large datasets"]
**Analysis**:
[Explanation of the performance issue]
**Recommendation**:
```python
# Current implementation (slow)
[current code]
# Optimized implementation
[improved code]
```
**Expected Improvement**: [e.g., "100x faster for 10,000 items"]
---
### Security Concern: [Description]
**Location**: `file.py:789`
**Severity**: Important
**Details**:
[Description of security concern]
**Fix**:
```python
[corrected code]
```
---
## Architecture and Design
### Concerns
1. **Tight Coupling**: [Description]
- Location: [files]
- Recommendation: [architectural improvement]
2. **Missing Abstractions**: [Description]
- Impact: [code duplication, hard to test, etc.]
- Recommendation: [refactoring suggestion]
### Positive Patterns
- [Well-implemented pattern 1]
- [Good design choice 2]
---
## Performance Analysis
### CPU Profiling Results
**Top Hotspots**:
1. `function_name()` in `file.py`: [X]ms cumulative ([Y]% of total)
2. [Next hotspot]
### Memory Usage
**Peak Memory**: [X] MB
**Concerns**:
- [Memory leak in function X]
- [Inefficient data structure in Y]
### Recommendations
1. [Specific performance improvement 1]
2. [Specific performance improvement 2]
---
## Code Quality
### Complexity Analysis
**High Complexity Functions**:
- `function_name()` (file.py:123): Complexity 25 (Rank C)
- Recommendation: Refactor into smaller functions
### Dead Code
**Unused Code Found**:
- `unused_function()` in utils.py
- Variable `UNUSED_CONSTANT` in config.py
**Recommendation**: Remove to improve maintainability
---
## Testing
### Coverage Analysis
**Current Coverage**: [X]%
**Missing Critical Tests**:
1. Edge case: [description]
2. Error path: [description]
3. Integration test: [description]
### Test Quality Issues
- [Issue with existing tests]
- [Recommendation for improvement]
---
## Dependencies
### Vulnerable Dependencies
| Package | Current | Vulnerability | Fix |
|---------|---------|---------------|-----|
| package-name | 1.0.0 | CVE-XXXX-XXXX | Upgrade to 1.1.0 |
### Outdated Dependencies
- [List of significantly outdated packages]
---
## Minor Issues and Suggestions
### Style and Conventions
**Note**: These should be handled by automated tools (ruff, isort, basedpyright) in CI/CD.
- [Only list if blocking automated tool adoption]
### Documentation
- Missing docstrings: [list key functions]
- Unclear variable names: [examples]
---
## Positive Highlights
**Well-Implemented Features**:
1. [Good pattern or implementation 1]
2. [Good practice observed 2]
3. [Security measure properly implemented]
---
## Recommendations Priority Matrix
### Immediate (Before Deployment)
1. [ ] Fix SQL injection vulnerability (file.py:123)
2. [ ] Address race condition in payment processing (payment.py:456)
3. [ ] Fix memory leak in upload handler (upload.py:789)
### High Priority (This Sprint)
1. [ ] Optimize N+1 query in user list (views.py:234)
2. [ ] Add missing authentication check (api.py:567)
3. [ ] Implement error handling in critical path (processor.py:890)
### Medium Priority (Next Sprint)
1. [ ] Refactor high complexity functions
2. [ ] Add integration tests for payment flow
3. [ ] Update vulnerable dependencies
### Low Priority (Backlog)
1. [ ] Remove dead code
2. [ ] Improve documentation
3. [ ] Consider architectural refactoring for module X
---
## Automated Tool Results Summary
- **Ruff**: [N] issues found
- **Basedpyright**: [N] type errors
- **Bandit**: [N] security issues
- **Safety**: [N] vulnerable dependencies
- **Performance Profiler**: [Summary of findings]
**Detailed reports**: See `review_results/` directory
---
## Conclusion
[Overall assessment paragraph summarizing the review, key takeaways, and next steps]
**Approval Status**: [Approved | Approved with Conditions | Requires Changes | Blocked]
**Next Steps**:
1. [Action item 1]
2. [Action item 2]
3. [Action item 3]
---
**Review Conducted By**: Claude Code Python Review Skill
**Tools Used**: ruff, basedpyright, isort, bandit, safety, performance_profiler