Skip to content

Demo/pr review demo #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Demo/pr review demo #6

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
717d617
Add userService class with initial implementation, addressing multipl…
YashBangeraXR Sep 22, 2025
5ce4cbc
Merge branch 'main' into demo/pr-review-demo
YashBangeraXR Sep 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
131 changes: 131 additions & 0 deletions Services/userService.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace DemoApp.Services
{
// Wrong naming - should be PascalCase
public class userService
{
// Public field instead of property
public string username;

// Missing m_ prefix for private field
private int userId;

// No #region blocks for organization

public string connectionString = "Server=localhost;Database=demo;User=sa;Password=admin123";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Credentials Hardcoded in Source Code

The database connection string, including sensitive credentials, is hardcoded directly in userService.cs. This exposes confidential information and creates a security vulnerability.

Fix in Cursor Fix in Web


// Inconsistent parameter casing
public async Task<string> GetData(string InputParam)
{
// Wrong casing for local variable
string Result = "";

// SQL Injection vulnerability
var query = "SELECT * FROM Users WHERE Name = '" + InputParam + "'";

// Hardcoded password
var password = "admin123";

// Not using async properly
var users = GetAllUsers().Result;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: SQL Injection & Async Blocking

The GetData method is vulnerable to SQL injection due to direct user input concatenation in the query. It also blocks an async operation by using .Result, which can cause deadlocks and negates the benefits of async programming.

Fix in Cursor Fix in Web


// String concatenation in loop
for (int i = 0; i < users.Count; i++)
{
Result = Result + users[i].Name + ", ";
}

// This method is way too long (imagine 50+ more lines here)
// Violating the 30-line rule

// Deep nesting example
if (InputParam != null)
{
if (InputParam.Length > 0)
{
if (InputParam.Contains("admin"))
{
if (password == "admin123")
{
// Too deeply nested
return "Admin access granted";
}
}
}
}

// Magic number without constant
if (users.Count > 100)
{
return "Too many users";
}

// Missing null checks
var firstUser = users.First();

// Not disposing resources
var connection = new System.Data.SqlClient.SqlConnection(connectionString);
connection.Open();
// Never closed or disposed
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Unhandled Exceptions and Resource Leaks

The GetData method has two issues: it calls users.First() without checking if the collection is empty, which can cause an InvalidOperationException. Additionally, a SqlConnection is opened but not disposed, leading to a resource leak and potential connection pool exhaustion.

Fix in Cursor Fix in Web


// Missing XML documentation
// Missing error handling
// Missing parameter validation

return Result;
}

// Method name should be PascalCase
public void processOrder(int OrderId)
{
// Local variable should be camelCase
var OrderStatus = "Processing";

// Public method without any documentation
}

// Missing async on method that returns Task
public Task<List<User>> GetAllUsers()
{
// Synchronous operation returning Task
var users = new List<User>();
return Task.FromResult(users);
}

// N+1 query pattern example
public void LoadUserOrders()
{
var users = GetAllUsers().Result;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Synchronous Await Causes Deadlocks

Calling .Result on an async method synchronously blocks the calling thread. This can lead to deadlocks, especially in UI or ASP.NET synchronization contexts.

Fix in Cursor Fix in Web


foreach (var user in users)
{
// This would execute a query for each user
var orders = GetOrdersForUser(user.Id);
user.Orders = orders;
}
}

private List<Order> GetOrdersForUser(int userId)
{
// Imagine database query here
return new List<Order>();
}
}

// Helper classes
public class User
{
public int Id { get; set; }
public string Name { get; set; }
public List<Order> Orders { get; set; }
}

public class Order
{
public int Id { get; set; }
public string Status { get; set; }
}