{
  "tool": "code2logic",
  "target_project": "/project",
  "tokens_in": 223224,
  "tokens_out": 2637,
  "duration_analysis_sec": 9.895550727844238,
  "duration_llm_sec": 182.65977430343628,
  "duration_total_sec": 192.55989933013916,
  "context_chars": 678039,
  "raw_code_chars": 2790515,
  "compression_ratio": 0.7570201199420179,
  "llm_response": " # Code Review: Project Analysis\n\n## Executive Summary\nThis codebase exhibits **severe structural issues** including massive code duplication (80k+ lines of identical logic across 12+ files), critical security vulnerabilities, and fundamental Python anti-patterns. The project appears to contain auto-generated \"broken rules\" that replicate the same bugs across multiple modules.\n\n---\n\n## 1. Critical Security Concerns\n\n### SQL Injection (Critical)\n**Location**: `app/config.py`, `app/db.py`, `app/analytics.py`, etc. - `unsafe_sql_lookup()`\n```python\nunsafe_sql_lookup(conn:Any, table:str, user_input:str) -> list[tuple[Any, ...]]\n# calls: [conn.execute.fetchall, conn.execute]\n```\n**Issue**: Direct string interpolation of `user_input` into SQL queries without parameterization.\n**Recommendation**: Use parameterized queries: `conn.execute(\"SELECT * FROM ? WHERE id = ?\", (table, user_input))`\n\n### Arbitrary Code Execution (Critical)\n**Location**: All modules - `insecure_eval()`\n```python\ninsecure_eval(expression:str) -> Any\n# calls: [eval]\n```\n**Issue**: Uses Python's `eval()` on arbitrary string input, allowing complete system compromise.\n**Recommendation**: Replace with `ast.literal_eval()` for safe parsing, or implement a restricted expression parser.\n\n### Unsafe Deserialization\n**Location**: `parse_payload()` across all modules\n```python\nparse_payload(raw:str) -> dict[str, Any]\n# calls: [raw.replace, json.loads]\n```\n**Issue**: No validation before JSON parsing; potential for memory exhaustion or parsing attacks.\n**Recommendation**: Add schema validation using Pydantic or marshmallow before processing.\n\n---\n\n## 2. Logic Errors & Bugs\n\n### Mutable Default Arguments (Classic Python Bug)\n**Affected**: `accumulate()`, all `generated_rule_X()` functions (220 instances per file)\n```python\naccumulate(values:list[int], acc:list[int]=[]) -> list[int]\ngenerated_rule_X(payload:dict[str,Any], cache:dict[str,Any]={}) -> dict[str, Any]\n```\n**Issue**: Mutable defaults (`[]`, `{}`) are sh...",
  "llm_quality_keywords": 23,
  "error": null,
  "metadata": {
    "parser": "tree-sitter",
    "format": "compact+function_logic"
  }
}