nutrient-code-review/claudecode/example_utils.py at 303714d0ce85fc66cb0e7b76905a5afe8f327ea5 · PSPDFKit-labs/nutrient-code-review · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
"""Example utilities with intentional issues for testing code review."""

import pickle
import subprocess
import os


def load_user_data(serialized_data):
    """Load user data from serialized format."""
    # Security issue: unsafe pickle deserialization
    return pickle.loads(serialized_data)


def run_command(user_input):
    """Run a shell command based on user input."""
    # Security issue: command injection
    result = subprocess.run(f"echo {user_input}", shell=True, capture_output=True)
    return result.stdout.decode()


def read_file(filename):
    """Read a file from disk."""
    # Security issue: path traversal
    path = f"/data/{filename}"
    with open(path, "r") as f:
        return f.read()


def divide_numbers(a, b):
    """Divide two numbers."""
    # Code quality issue: no zero division check
    return a / b


def process_items(items):
    """Process a list of items."""
    results = []
    for i in range(len(items)):
        # Code quality issue: inefficient iteration
        for j in range(len(items)):
            if items[i] == items[j]:
                results.append(items[i])
    return results


def get_user_by_id(user_id, connection):
    """Get user from database."""
    # Security issue: SQL injection
    query = f"SELECT * FROM users WHERE id = {user_id}"
    return connection.execute(query)