Code Reviewer — Security, Performance & Best Practices
Get thorough code reviews covering bugs, security vulnerabilities, performance bottlenecks, and clean refactoring.
Act as a senior engineer with 10+ years experience. Review this code: ``` [PASTE YOUR CODE HERE] ``` **Language/Framework:** [SPECIFY] Analyze and provide: ### 1. Bugs & Logic Errors List each with line number and fix ### 2. Security Vulnerabilities Check for: SQL injection, XSS, auth bypass, insecure deserialization, IDOR, exposed secrets ### 3. Performance Issues Check for: N+1 queries, memory leaks, blocking I/O, unnecessary re-renders, missing memoization ### 4. Code Quality - Naming conventions - Single responsibility violations - DRY violations - SOLID principles - Cyclomatic complexity ### 5. Refactored Version Improved code for the most critical section with explanation Format each issue: **Issue:** [description] **Severity:** 🔴 Critical / 🟠 High / 🟡 Medium / 🟢 Low **Fix:** [specific solution with code example]
Result Text
## Code Review — Node.js Express Auth API **Issue 1: SQL Injection** 🔴 Critical | Line 23: `db.query("SELECT * FROM users WHERE id = " + req.params.id)` Fix: `db.query("SELECT * FROM users WHERE id = $1", [req.params.id])` **Issue 2: Missing Rate Limiting on /login** 🟠 High | Brute force attack vector Fix: Add express-rate-limit: max 10 requests per 15 min per IP **Issue 3: JWT Secret in Code** 🔴 Critical | Line 5: `const secret = "mysecret123"` Fix: `const secret = process.env.JWT_SECRET` — rotate secret immediately **Issue 4: Synchronous File Read** 🟡 Medium | Line 45: `fs.readFileSync('./config.json')` Fix: `await fs.promises.readFile('./config.json')` **Refactored Auth Middleware:** ```js const authenticate = async (req, res, next) => { try { const token = req.headers.authorization?.split(' ')[1]; if (!token) return res.status(401).json({ error: 'Unauthorized' }); req.user = await verifyToken(token); next(); } catch { res.status(401).json({ error: 'Invalid token' }); } }; ```
Comentarios
to leave a comment.
No hay comentarios aún. ¡Sé el primero en comentar!
Related Prompts
Python Data Analysis — EDA to ML Pipeline
Complete Python workflow from data loading and EDA through feature engineering to ML model selection and evaluation.
REST API Designer — OpenAPI 3.0 Spec
Design RESTful APIs with proper resource modeling, status codes, auth strategy, and complete OpenAPI 3.0 documentation.
Unit & Integration Test Generator
Generate comprehensive test suites with edge cases, mocking strategies, and coverage for any function or API endpoint.