admin/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-02-16 19:33:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
b86e4a4be6eeedbfb04c04a0b99ff7beb5f5f84e
everything-claude-code/docs/zh-CN/commands/python-review.md

321 lines
6.4 KiB
Markdown
Raw Normal View History

docs: Add Chinese (zh-CN) translations for all documentation * docs: add Chinese versions docs * update --------- Co-authored-by: neo <neo.dowithless@gmail.com>
2026-02-05 21:57:54 +08:00
---
description: 全面的Python代码审查确保符合PEP 8标准、类型提示、安全性以及Pythonic惯用法。调用python-reviewer代理。
---
# Python 代码审查
此命令调用 **python-reviewer** 代理进行全面的 Python 专项代码审查。
## 此命令的功能
1. **识别 Python 变更**:通过 `git diff` 查找修改过的 `.py` 文件
2. **运行静态分析**:执行 `ruff``mypy``pylint``black --check`
3. **安全扫描**:检查 SQL 注入、命令注入、不安全的反序列化
4. **类型安全审查**:分析类型提示和 mypy 错误
5. **Pythonic 代码检查**:验证代码是否遵循 PEP 8 和 Python 最佳实践
6. **生成报告**:按严重程度对问题进行归类
## 使用时机
在以下情况使用 `/python-review`
* 编写或修改 Python 代码后
* 提交 Python 变更前
* 审查包含 Python 代码的拉取请求时
* 接手新的 Python 代码库时
* 学习 Pythonic 模式和惯用法时
## 审查类别
### 关键 (必须修复)
* SQL/命令注入漏洞
* 不安全的 eval/exec 使用
* Pickle 不安全反序列化
* 硬编码的凭证
* YAML 不安全加载
* 隐藏错误的裸 except 子句
### 高 (应该修复)
* 公共函数缺少类型提示
* 可变默认参数
* 静默吞掉异常
* 未对资源使用上下文管理器
* 使用 C 风格循环而非推导式
* 使用 type() 而非 isinstance()
* 无锁的竞态条件
### 中 (考虑)
* 违反 PEP 8 格式规范
* 公共函数缺少文档字符串
* 使用 print 语句而非 logging
* 低效的字符串操作
* 未使用命名常量的魔法数字
* 未使用 f-strings 进行格式化
* 不必要的列表创建
## 运行的自动化检查
```bash
# Type checking
mypy .
# Linting and formatting
ruff check .
black --check .
isort --check-only .
# Security scanning
bandit -r .
# Dependency audit
pip-audit
safety check
# Testing
pytest --cov=app --cov-report=term-missing
```
## 使用示例
````text
User: /python-review
Agent:
# Python Code Review Report
## Files Reviewed
- app/routes/user.py (modified)
- app/services/auth.py (modified)
## Static Analysis Results
✓ ruff: No issues
✓ mypy: No errors
⚠️ black: 2 files need reformatting
✓ bandit: No security issues
## Issues Found
[CRITICAL] SQL Injection vulnerability
File: app/routes/user.py:42
Issue: User input directly interpolated into SQL query
```python
query = f"SELECT * FROM users WHERE id = {user_id}" # Bad
````
修复:使用参数化查询
```python
query = "SELECT * FROM users WHERE id = %s" # Good
cursor.execute(query, (user_id,))
```
\[高] 可变默认参数
文件app/services/auth.py:18
问题:可变默认参数导致共享状态
```python
def process_items(items=[]): # Bad
items.append("new")
return items
```
修复:使用 None 作为默认值
```python
def process_items(items=None): # Good
if items is None:
items = []
items.append("new")
return items
```
\[中] 缺少类型提示
文件app/services/auth.py:25
问题:公共函数缺少类型注解
```python
def get_user(user_id): # Bad
return db.find(user_id)
```
修复:添加类型提示
```python
def get_user(user_id: str) -> Optional[User]: # Good
return db.find(user_id)
```
\[中] 未使用上下文管理器
文件app/routes/user.py:55
问题:异常时文件未关闭
```python
f = open("config.json") # Bad
data = f.read()
f.close()
```
修复:使用上下文管理器
```python
with open("config.json") as f: # Good
data = f.read()
```
## 摘要
* 关键1
*1
*2
建议:❌ 在关键问题修复前阻止合并
## 所需的格式化
运行:`black app/routes/user.py app/services/auth.py`
````
## Approval Criteria
| Status | Condition |
|--------|-----------|
| ✅ Approve | No CRITICAL or HIGH issues |
| ⚠️ Warning | Only MEDIUM issues (merge with caution) |
| ❌ Block | CRITICAL or HIGH issues found |
## Integration with Other Commands
- Use `/python-test` first to ensure tests pass
- Use `/code-review` for non-Python specific concerns
- Use `/python-review` before committing
- Use `/build-fix` if static analysis tools fail
## Framework-Specific Reviews
### Django Projects
The reviewer checks for:
- N+1 query issues (use `select_related` and `prefetch_related`)
- Missing migrations for model changes
- Raw SQL usage when ORM could work
- Missing `transaction.atomic()` for multi-step operations
### FastAPI Projects
The reviewer checks for:
- CORS misconfiguration
- Pydantic models for request validation
- Response models correctness
- Proper async/await usage
- Dependency injection patterns
### Flask Projects
The reviewer checks for:
- Context management (app context, request context)
- Proper error handling
- Blueprint organization
- Configuration management
## Related
- Agent: `agents/python-reviewer.md`
- Skills: `skills/python-patterns/`, `skills/python-testing/`
## Common Fixes
### Add Type Hints
```python
# Before
def calculate(x, y):
return x + y
# After
from typing import Union
def calculate(x: Union[int, float], y: Union[int, float]) -> Union[int, float]:
return x + y
````
### 使用上下文管理器
```python
# Before
f = open("file.txt")
data = f.read()
f.close()
# After
with open("file.txt") as f:
data = f.read()
```
### 使用列表推导式
```python
# Before
result = []
for item in items:
if item.active:
result.append(item.name)
# After
result = [item.name for item in items if item.active]
```
### 修复可变默认参数
```python
# Before
def append(value, items=[]):
items.append(value)
return items
# After
def append(value, items=None):
if items is None:
items = []
items.append(value)
return items
```
### 使用 f-strings (Python 3.6+)
```python
# Before
name = "Alice"
greeting = "Hello, " + name + "!"
greeting2 = "Hello, {}".format(name)
# After
greeting = f"Hello, {name}!"
```
### 修复循环中的字符串连接
```python
# Before
result = ""
for item in items:
result += str(item)
# After
result = "".join(str(item) for item in items)
```
## Python 版本兼容性
审查者会指出代码何时使用了新 Python 版本的功能:
| 功能 | 最低 Python 版本 |
|---------|----------------|
| 类型提示 | 3.5+ |
| f-strings | 3.6+ |
| 海象运算符 (`:=`) | 3.8+ |
| 仅限位置参数 | 3.8+ |
| Match 语句 | 3.10+ |
| 类型联合 (\`x | None\`) | 3.10+ |
确保你的项目 `pyproject.toml``setup.py` 指定了正确的最低 Python 版本。
Reference in New Issue Copy Permalink