Mr.Xia
c01338f496
Phase 1 - Plugin code review (14/14 plugins): - Security: 3x token leak in print→logger.debug, Bearer prefix handling - Bug: bare except→specific exceptions, HorseState type safety, sync→async - Critical: response_model undefined, route dead code, sync blocking event loop - Quality: 11x print()→logger, variable name shadowing, consistent logging Phase 2 - Deep analysis: - Fix: payout int truncation→max(1, round(amount*odds)) - Fix: room_store get_lock race condition→dict.setdefault() - Verify: data_manager f-string SQL is safe (uses ? placeholders) Infrastructure: review reports generated for all plugins.
2.0 KiB
2.0 KiB
danding_help 评审报告
修复前问题清单 (4项)
| # | 严重度 | 问题 | 文件 |
|---|---|---|---|
| 1 | 严重 | rule_fun and fullmatch(...) 逻辑错误:Python and 对函数对象求值时,rule_fun 为 truthy 对象直接被跳过,fullmatch(...) 的返回值成为最终 rule,group_id 检查完全失效,任何人都能触发命令 |
help.py (9处) |
| 2 | 中 | 图片文件读取无异常处理,若图片缺失则 handler 崩溃返回500 | help.py (3处) |
| 3 | 低 | 所有 9 个 handler 函数都命名为 _(),调试时堆栈信息不可读 |
help.py |
| 4 | 信息 | 群组 ID 硬编码 [621016172],应抽为常量便于维护 |
help.py |
已修复项
| # | 文件 | 修复内容 |
|---|---|---|
| 1 | help.py | rule_fun → ALLOWED_GROUPS 常量 + _group_check async函数 + _group_rule = Rule(_group_check),9处 and 全部改为 & 正确组合 |
| 2 | help.py | 3处图片读取全部包裹 try/except FileNotFoundError,降级发送文本提示 |
| 3 | help.py | 9个handler函数重命名为有意义名称: _handle_help, _handle_download, _handle_wd, _handle_free, _handle_pro, _handle_dyh, _handle_htr, _handle_order, _handle_daily_trial |
| 4 | help.py | 群组ID提取为模块级 ALLOWED_GROUPS 常量 |
验证结果 (21/21 PASSED)
| 检查项 | 状态 |
|---|---|
| Rule import | ✓ |
| ALLOWED_GROUPS constant | ✓ |
| _group_check function | ✓ |
| _group_rule = Rule | ✓ |
| no rule_fun and fullmatch | ✓ |
| uses _group_rule & fullmatch | ✓ |
| count of & composition == 9 | ✓ |
| image 1-3 try/except | ✓ (×3) |
| logger.warning in image handler | ✓ (×3) |
| 9个handler函数有意义名称 | ✓ (×9) |
| no bare async def _(): | ✓ |
代码质量总结
修复前评级:C- (关键权限控制bug + 无错误处理) 修复后评级:B (权限逻辑正确,错误处理完善,可调试性改善)