46 lines
1.1 KiB
Markdown
46 lines
1.1 KiB
Markdown
# Code Review
|
|
|
|
Security and quality review of uncommitted changes.
|
|
|
|
## Workflow
|
|
|
|
1. Get changed files: `git diff --name-only HEAD` and `git diff --staged --name-only`
|
|
2. Review each file for issues (see checklist below)
|
|
3. Run automated checks: `mypy src/`, `ruff check src/`, `pytest -x`
|
|
4. Generate report with severity, location, description, suggested fix
|
|
5. Block commit if CRITICAL or HIGH issues found
|
|
|
|
## Checklist
|
|
|
|
### CRITICAL (Block)
|
|
|
|
- Hardcoded credentials, API keys, tokens, passwords
|
|
- SQL injection (must use parameterized queries)
|
|
- Path traversal risks
|
|
- Missing input validation on API endpoints
|
|
- Missing authentication/authorization
|
|
|
|
### HIGH (Block)
|
|
|
|
- Functions > 50 lines, files > 800 lines
|
|
- Nesting depth > 4 levels
|
|
- Missing error handling or bare `except:`
|
|
- `print()` in production code (use logging)
|
|
- Mutable default arguments
|
|
|
|
### MEDIUM (Warn)
|
|
|
|
- Missing type hints on public functions
|
|
- Missing tests for new code
|
|
- Duplicate code, magic numbers
|
|
- Unused imports/variables
|
|
- TODO/FIXME comments
|
|
|
|
## Report Format
|
|
|
|
```
|
|
[SEVERITY] file:line - Issue description
|
|
Suggested fix: ...
|
|
```
|
|
|
|
## Never Approve Code With Security Vulnerabilities! |