🎯 Test: Line-Specific Review Comments + Clean Code Example

.github/workflows/code-review.yml

@@ -25,3 +25,5 @@ jobs:
         env:
           GROQ_API_KEY: ${{ secrets.GROQ_API_KEY }}
           GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          GITHUB_EVENT_NUMBER: ${{ github.event.number }}

CODEOWNERS

@@ -0,0 +1,8 @@
+# CodeReviewer.AI Bot - Default Reviewer for All Files
+# This ensures the CodeReviewer.AI bot reviews all changes
+
+* @suhasramanand
+
+# The bot will automatically review all pull requests
+# and provide line-specific feedback on code quality,
+# security vulnerabilities, performance issues, and best practices.

README.md

@@ -1,12 +1,15 @@
 ![Logo](logo.png)
 # CodeReviewer.AI
 
-CodeReviewer.AI is an automated pull request review bot that leverages artificial intelligence to analyze and provide suggestions on code changes. It uses Groq's language model to review and suggest improvements for the code in open pull requests, allowing developers to get feedback on their code changes without manual review.
+CodeReviewer.AI is an **advanced security-focused** automated pull request review bot that leverages artificial intelligence to analyze code changes for vulnerabilities and security issues. It uses Groq's language model combined with pattern-based security scanning to provide comprehensive security reviews.
 
-## Features
-- Automatically fetches open pull requests from a GitHub repository.
-- Analyzes code diffs using Groq's `llama-3.3-70b-versatile` model.
-- Posts review comments directly to the GitHub pull request with suggestions for improvement.
+## 🛡️ Security Features
+- **Automated vulnerability detection** using regex patterns for common security issues
+- **CVE scanning** for dependencies using Safety database
+- **Human-like, concise security reviews** with actionable feedback
+- **Real-time security analysis** of code changes
+- **Pattern-based detection** for SQL injection, XSS, path traversal, hardcoded secrets, and more
+- **Dependency vulnerability scanning** for known CVEs
 
 ## Technologies Used
 - **Groq**: We use Groq’s Llama-based model for code review and suggestions.
@@ -21,6 +24,8 @@ You will need the following dependencies:
 - `groq`: For interacting with Groq's API.
 - `requests`: For making API requests to GitHub.
 - `pygments`: For code syntax highlighting.
+- `safety`: For CVE vulnerability scanning of Python dependencies.
+- `bandit`: For static security analysis (optional).
 
 Install the dependencies by running:
 
@@ -51,5 +56,27 @@ Before running the bot, install the necessary dependencies by running:
 
 ```bash
 pip install -r requirements.txt
+```
+
+## 🔍 Security Scanning Capabilities
+
+The bot automatically scans for the following security vulnerabilities:
+
+### Pattern-Based Detection
+- **SQL Injection**: Detects unsafe SQL query construction
+- **Cross-Site Scripting (XSS)**: Identifies potential XSS vulnerabilities
+- **Path Traversal**: Finds directory traversal attack vectors
+- **Hardcoded Secrets**: Detects exposed passwords, API keys, and tokens
+- **Unsafe Deserialization**: Identifies dangerous deserialization patterns
+- **Command Injection**: Detects shell injection vulnerabilities
+
+### CVE Scanning
+- **Dependency Analysis**: Automatically scans `requirements.txt`, `package.json`, and `Pipfile` changes
+- **Known Vulnerabilities**: Checks against Safety database for active CVEs
+- **Severity Assessment**: Provides severity ratings for identified vulnerabilities
 
+### AI-Powered Reviews
+- **Human-like Feedback**: Generates concise, actionable security reviews
+- **Contextual Analysis**: Understands code context for better vulnerability assessment
+- **Fix Suggestions**: Provides specific recommendations for security improvements
 

clean_example.py

@@ -0,0 +1,112 @@
+#!/usr/bin/env python3
+"""
+Clean code example to test that good code passes the review bot.
+This file follows best practices and should not trigger any critical issues.
+"""
+
+import os
+import sqlite3
+from typing import List, Dict, Optional
+import logging
+
+# Configure logging
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger(__name__)
+
+class DatabaseManager:
+    """Secure database manager with proper error handling."""
+
+    def __init__(self, db_path: str):
+        self.db_path = db_path
+        self.connection = None
+
+    def connect(self) -> bool:
+        """Establish database connection with error handling."""
+        try:
+            self.connection = sqlite3.connect(self.db_path)
+            logger.info(f"Connected to database: {self.db_path}")
+            return True
+        except sqlite3.Error as e:
+            logger.error(f"Database connection failed: {e}")
+            return False
+
+    def execute_query(self, query: str, params: tuple = ()) -> List[Dict]:
+        """Execute parameterized query safely."""
+        if not self.connection:
+            raise ValueError("Database not connected")
+
+        try:
+            cursor = self.connection.cursor()
+            cursor.execute(query, params)  # Safe parameterized query
+            results = cursor.fetchall()
+
+            # Convert to list of dictionaries
+            columns = [description[0] for description in cursor.description]
+            return [dict(zip(columns, row)) for row in results]
+
+        except sqlite3.Error as e:
+            logger.error(f"Query execution failed: {e}")
+            raise
+
+    def close(self):
+        """Close database connection."""
+        if self.connection:
+            self.connection.close()
+            logger.info("Database connection closed")
+
+def validate_input(data: str) -> bool:
+    """Validate input data."""
+    if not isinstance(data, str):
+        return False
+    if len(data) > 1000:  # Reasonable limit
+        return False
+    return True
+
+def process_user_data(user_id: int, user_data: str) -> Optional[Dict]:
+    """Process user data with proper validation."""
+    if not validate_input(user_data):
+        logger.warning(f"Invalid input data for user {user_id}")
+        return None
+
+    # Process the data
+    processed_data = {
+        'user_id': user_id,
+        'data': user_data.upper(),
+        'length': len(user_data),
+        'processed_at': '2025-01-01'  # Would use datetime.now() in real code
+    }
+
+    return processed_data
+
+def main():
+    """Main function demonstrating clean code practices."""
+    # Configuration from environment
+    db_path = os.getenv('DATABASE_PATH', 'app.db')
+
+    # Initialize database manager
+    db_manager = DatabaseManager(db_path)
+
+    if not db_manager.connect():
+        logger.error("Failed to connect to database")
+        return
+
+    try:
+        # Example: Get user data safely
+        user_data = process_user_data(1, "test data")
+        if user_data:
+            logger.info(f"Processed user data: {user_data}")
+
+        # Example: Execute safe query
+        results = db_manager.execute_query(
+            "SELECT * FROM users WHERE id = ?", 
+            (1,)  # Parameterized query
+        )
+        logger.info(f"Query results: {len(results)} rows")
+
+    except Exception as e:
+        logger.error(f"Error in main: {e}")
+    finally:
+        db_manager.close()
+
+if __name__ == "__main__":
+    main()

requirements.txt

@@ -1,3 +1,5 @@
 requests
 pygments
-groq
+groq
+safety
+bandit