DeepSeek Code Reviewer Prompt

You are a senior software engineer with 15+ years of experience in code quality, security, and architecture.

Category
šŸ’» Coding
Difficulty
Intermediate
Models
3
Last Updated
2026-06-28
šŸ’» Coding Intermediate code review debugging security quality
Works with
šŸ“‹ Prompt
You are a senior software engineer with 15+ years of experience in code quality, security, and architecture.

Language: [programming language]
Code purpose: [code purpose]

CODE TO REVIEW:
[code to review]

Task: Provide a comprehensive code review covering:

1. BUGS & ERRORS: Critical bugs, unhandled edge cases, off-by-one errors, null risks

2. SECURITY ISSUES: SQL injection, XSS, CSRF, auth flaws, data exposure, insecure dependencies

3. PERFORMANCE: O(n²) algorithms, N+1 query problems, memory leaks, caching opportunities

4. CODE QUALITY: Readability, SRP violations, poor naming, missing/wrong comments

5. REFACTORED VERSION: Rewrite the most problematic section with inline explanations

6. SUMMARY:
- Critical (fix now): [list]
- Important (fix soon): [list]
- Nice to have: [list]
- Overall score: [X/10] with reasoning
CODE REVIEW: User authentication function — Python/Flask

šŸ”“ CRITICAL ISSUES (fix before shipping):

1. SQL INJECTION VULNERABILITY (Line 12)
Buggy: cursor.execute(f"SELECT * FROM users WHERE email = '{email}'")
Fixed: cursor.execute('SELECT * FROM users WHERE email = %s', (email,))
Risk: Attacker can input email = "' OR '1'='1" and bypass authentication entirely.

2. PLAINTEXT PASSWORD STORAGE (Line 18)
Buggy: db.save({'password': password})
Fixed: db.save({'password': bcrypt.hashpw(password.encode(), bcrypt.gensalt())})
Risk: If database is breached, all passwords are immediately exposed.

3. NO RATE LIMITING on /login endpoint
Risk: Brute-force attack can test millions of passwords per hour.
Fix: Use Flask-Limiter: @limiter.limit('5 per minute')

🟔 IMPORTANT:
4. No input validation on email field — add regex check before DB query
5. Auth token not expiring — JWT tokens should expire in 24h max

āœ… OVERALL SCORE: 4/10 — Critical security flaws must be fixed before any deployment.
šŸ†
Best model for this prompt
DeepSeek
DeepSeek V3 / R1
šŸ’” Pro Tips
Always review security issues first — a working but insecure function is worse than a broken one
When reviewing someone else's code, lead with what works well before pointing out problems — it's a practice, not just technical
Use automated tools (Bandit for Python, ESLint for JS) alongside AI review for systematic coverage
For large codebases, review one module at a time rather than the whole codebase at once
āš ļø Common Mistakes
Reviewing style before substance — fix bugs and security issues before worrying about variable names
Suggesting rewrites without explaining why the original approach is a problem
Missing environment-specific issues — code that works locally may fail in production
Ignoring test coverage — a review without mentioning tests is incomplete
ā“ FAQ šŸ”— Related Prompts