Code Review Skill
When reviewing code, follow this systematic approach to ensure thorough evaluation:
Review Checklist
1. Code Quality
- •Readability: Is the code easy to understand?
- •Naming: Are variables, functions, and classes well-named?
- •Structure: Is the code properly organized and modular?
- •Comments: Are complex sections adequately documented?
- •Complexity: Are there overly complex functions that should be simplified?
2. Security Analysis
Check for common vulnerabilities:
- •SQL injection vulnerabilities
- •XSS (Cross-Site Scripting) vulnerabilities
- •Authentication and authorization flaws
- •Insecure data handling (passwords, sensitive data)
- •Input validation and sanitization
- •OWASP Top 10 vulnerabilities
3. Performance Considerations
- •Identify potential bottlenecks
- •Check for inefficient algorithms or data structures
- •Look for unnecessary database queries or API calls
- •Evaluate caching opportunities
- •Assess memory usage patterns
4. Best Practices
- •DRY Principle: Eliminate code duplication
- •SOLID Principles: Verify adherence to design principles
- •Error Handling: Check for proper exception handling
- •Testing: Evaluate test coverage and quality
- •Dependencies: Review external dependencies and their versions
5. Maintainability
- •Is the code easy to modify and extend?
- •Are there proper abstractions?
- •Is the architecture scalable?
- •Are there technical debt concerns?
Review Format
Structure your review as follows:
- •Summary: High-level overview of the changes
- •Critical Issues: Security vulnerabilities or bugs that must be fixed
- •Major Concerns: Significant issues affecting quality or performance
- •Suggestions: Optional improvements and best practices
- •Positive Feedback: Acknowledge good practices and improvements
Guidelines
- •Be constructive and respectful
- •Provide specific examples and suggestions
- •Explain the "why" behind recommendations
- •Prioritize issues by severity (critical, major, minor)
- •Reference documentation or standards when applicable
- •Consider the context and constraints of the project
Example Reviews
Security Issue:
code
CRITICAL: SQL injection vulnerability detected at line 45
Current: f"SELECT * FROM users WHERE id = {user_id}"
Recommendation: Use parameterized queries to prevent SQL injection
Performance Suggestion:
code
SUGGESTION: Consider caching database results at line 123 The same query is executed multiple times in the loop. Cache the results to improve performance by ~80%.