Configuring Code Review Doctor

Code Review Doctor checks over 70 security, performance, and maintainability problems.

This can be customized using a pyproject.toml file: add it to the root of your project and specify some check codes in enable and disable, like the examples below.

View the list of check codes here.

What is a pyproject.toml file? Read here.

Examples of Code Review Doctor pyproject.toml configuration

Example 1: Disable one check

pyproject.toml


[tool.codereviewdoctor]
disable = ["redundant-settings"]

Example 2: Disable multiple checks

pyproject.toml


[tool.codereviewdoctor]
disable = ["redundant-settings", "missing-hsts-subdomain"]

Example 3: Disable everything except x

pyproject.toml


[tool.codereviewdoctor]
disable = ["all"]
enable = ["redundant-settings", "missing-hsts-subdomain"]

Example 4: Targeting sub-directories and ignoring folders

pyproject.toml


[tool.codereviewdoctor]
directories = ["my_app_one", "my_app_two"]
ignore = ["my_app_one/tests", "my_app_two/tests"]

Check codes

Use these codes in the enable and disable section of your pyproject.toml file to customize the checks that Code Review Doctor performs.

Code	Summary
django-version-support	Django version is not maintained
django-minor-version	Django bug fixes and additional features available
nullable-string-field	Nullable string field
tall-model	Tall Model
redundant-default-args	Redundant default arguments
field-null-not-blank	Field allows null but not blank
brittle-unique-for	Brittle unique_for
missing-related-name	ForeignKey missing related_name
huge-max-length	CharField with huge max_length
deprecated-nullboolean-field	Deprecated NullBooleanField
non-unique-primary	Non-unique primary_key
tall-models	Huge models.py
model-method-order	Model method order
model-common-prefix	Tall models.py with a common prefix
middleware-order	Middleware order
template-dir-relative	Relative path in TEMPLATES setting
template-dir-backslash	Back slashes in TEMPLATES settings
middleware-order-end	Middleware should be near the end
middleware-order-top	Middleware should be near the top
redundant-setting	Redundant setting
direct-import-settings	Importing setting file directly
missing-security-middleware	Security middleware not activated
missing-xframe-middleware	Clickjacking protection not activated
missing-csrf-middleware	Cross Site Request Forgery protection not activated
missing-hsts-middleware	HTTP Strict Transport Security protection not activated
missing-hsts-subdomain	Use HSTS for subdomainsd
missing-secure-content-type-nosniff	Browser can be tricked into executing uploaded malicious code
missing-secure-ssl-redirect	Use HTTPS
missing-session-cookie-secure	Session cookie is vulnerable to packet sniffing attack
missing-session-cookie-http-only	Session cookie is vulnerable to XSS attack
missing-csrf-secure	Cross Site Request Forgery protection weak to packet sniffing
missing-hsts-preload	Use HSTS browser preload
checking-settings-debug	Using settings.DEBUG as a feature flag hinders testing
misplaced-admin-class	Admin class not in admin.py
non-unique-url-name	URL name not unique
reverse-lazy-misuse	Using reverse_lazy where reverse would be better
hard-coded-url	Hard-coded URL in template
hard-coded-static-url	Hard-coded static asset URL in template
migration-model-import	Importing models.py into migrations
missing-reverse-migration	Missing reverse migration
queryset-length	Using len(queryset) instead of queryset.count()
indirect-foreign-key	Not using foreign keys directly
count-instead-exists	Comparing queryset.count() instead of checking queryset.exists()
truthy-instead-exists	Checking queryset truthiness instead of checking queryset.exists()
inefficient-order-by-random	Random ordering via order_by("?")
await-async-call	Missing await in coroutine call
inheriting-from-object	Unnecessary inheriting from object
multiple-isinstance-calls	Multiple isinstance calls
multiple-issubclass-calls	Multiple issubclass calls
class-method-missing-cls	Missing cls in class method
primative-identity-checking	Comparing primitives with identity checking
singleton-equality-checking	Comparing singleton primitives with equality checking
freeze-dataclasses	Using mutable dataclass
avoid-deprecated-testcase-aliases	Avoid deprecated TestCase method aliases
avoid-misusing-assert-true	Avoid misusing assertTrue in tests
avoid-missing-comma	Avoid implicit string concatenation
avoid-named-tuple	Use dataclass instead of NamedTuple
redundant-super-args	Unnecessary arguments in super call
avoid-redundant-f-string	Redundant f-string
avoid-redundant-lambda-definition	Redundant lambda definitions
avoid-redundant-list-comprehension	Avoid redundant list comprehension
avoid-static-if-condition	Avoid expressions that always evaluate to the same value
use-type-identifiers	Use type identifiers instead of string type hints
use-optional	Use Optional instead of Union
use-comprehension	Use list and dict comprehension instead
use-comprehension	Use literals instead of calling list/set/dict
use-assert-in	Use AssertIn when performing inclusion tests
use-assert-is-not-none	Use AssertIsNotNone when checking against None
use-f-string	Use f-string instead of legacy string formatting
compare-optional-against-none	Explicitly compare Optional variables against None
exception-handler-or	Incorrectly using or in exception handling
no-breakpoint	Avoid committing breakpoints
probably-meant-tuple	Missing trailing comma in tuple
probably-meant-not-tuple	Avoid accidental tuples
use-json-load	Use json.load to read a JSON file
use-json-dump	Use json.dump to write JSON to file
no-unclosed-files	Always close files when finished with them
no-unsupported-file-operation	Open files with correct mode flags
no-operation-after-close	Don't try reading or writing closed files
use-file-encoding-read	Specify text encoding when reading files
use-file-encoding-write	Specify text encoding when writing files
no-incorrect-file-encoding-read	Use correct file encoding
duplicate-test-names	Use unique names for tests
probably-meant-fstring	Missing f prefix in f-string

Are you ready to improve your team agility through lower tech debt? Add Code Review Doctor to GitHub.