odoo-code-reviewer

# Odoo Code Reviewer

## Overview

This skill provides comprehensive code review for Odoo 16.0 modules, checking for security vulnerabilities, performance issues, OCA guideline compliance, and general best practices.

## Review Categories

### 1. Security Issues
SQL injection, XSS vulnerabilities, improper sudo() usage, missing input validation.

### 2. Performance Problems
N+1 queries, inefficient searches, unnecessary database operations.

### 3. OCA Guidelines Compliance
Code style, structure, naming conventions, documentation.

### 4. Best Practices
Proper API usage, error handling, logging, testing.

### 5. Maintainability
Code organization, readability, documentation, modularity.

## Review Process

### Step 1: Identify Review Scope

Determine what to review:
- Complete module
- Specific model files
- View files
- Security configuration
- Specific functionality

### Step 2: Systematic Review

Check each category systematically following the patterns below.

## Review Patterns

### Security Review Checklist

**1. SQL Injection Risk**
```python
# BAD - SQL injection vulnerability
self.env.cr.execute("SELECT * FROM table WHERE id = %s" % record_id)

# GOOD - Parameterized query
self.env.cr.execute("SELECT * FROM table WHERE id = %s", (record_id,))
```

**2. XSS Vulnerabilities**
```python
# BAD - Unescaped HTML field
description = fields.Char(string='Description')

# GOOD - Use Text or Html field with sanitization
description = fields.Html(string='Description', sanitize=True)
```

**3. Improper sudo() Usage**
```python
# BAD - sudo() without justification
records = self.env['model'].sudo().search([])

# GOOD - Check permissions properly
if self.env.user.has_group('base.group_system'):
    records = self.env['model'].search([])
```

**4. Missing Input Validation**
```python
# BAD - No validation
def process(self, value):
    return int(value)

# GOOD - Proper validation
def process(self, value):
    if not value or not isinstance(value, (int, str)):
        raise