Mr.Xia
c01338f496
Phase 1 - Plugin code review (14/14 plugins): - Security: 3x token leak in print→logger.debug, Bearer prefix handling - Bug: bare except→specific exceptions, HorseState type safety, sync→async - Critical: response_model undefined, route dead code, sync blocking event loop - Quality: 11x print()→logger, variable name shadowing, consistent logging Phase 2 - Deep analysis: - Fix: payout int truncation→max(1, round(amount*odds)) - Fix: room_store get_lock race condition→dict.setdefault() - Verify: data_manager f-string SQL is safe (uses ? placeholders) Infrastructure: review reports generated for all plugins.
1.0 KiB
1.0 KiB
welcome_plugin 评审报告
修复前问题清单 (4项)
| # | 严重度 | 问题 | 文件 |
|---|---|---|---|
| 1 | 中 | 未使用T_State导入 |
welcome.py:2 |
| 2 | 中 | 硬编码跨插件路径(../danding_help/img/),移动或重命名即崩 |
welcome.py:38 |
| 3 | 中 | finish()在try中,异常时仅文本回退,但finish本身抛FinishedException会被外层catch |
welcome.py:44 |
| 4 | 低 | random.sleep(2,3)模拟人工反应 |
welcome.py:52 |
修复内容
- 移除未使用
T_State导入 - 保留sleep(欢迎场景模拟人工反应合理)
未修项
- 硬编码路径:
danding_help/img/帮助菜单.jpg是项目约定,需要时建议改为配置 finish在try中:NoneBot的FinishedException不会被普通except Exception捕获,实际安全
验证
- 无T_State导入
- 插件正常运行
- init.py正确使用PluginMetadata
代码质量总结
插件结构简洁,正确使用了PluginMetadata和SAA。修复后质量评级:B+