diff --git "a/analyst_dataset_expanded.jsonl" "b/analyst_dataset_expanded.jsonl"
new file mode 100644--- /dev/null
+++ "b/analyst_dataset_expanded.jsonl"
@@ -0,0 +1,59 @@
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```def calculate_fibonacci(n):\n    if n <= 0:\n        return 0\n    elif n == 1:\n        return 1\n    else:\n        return calculate_fibonacci(n-1) + calculate_fibonacci(n-2)\n\n# Test the function\nfor i in range(10):\n    result = calculate_fibonacci(i)\n    print(f\"Fibonacci({i}) = {result}\")``` [/INST] Quality Score: 65/100\n\nBUGS:\n- Recursive implementation without memoization causes exponential time complexity\n- Will cause stack overflow for large values of n\n- No input validation for negative numbers beyond the first check\n\nPERFORMANCE ISSUES:\n- Time complexity: O(2^n) - extremely inefficient\n- Space complexity: O(n) due to recursion stack\n- Repeated calculations for same values\n\nSECURITY CONCERNS:\n- No protection against extremely large inputs that could cause DoS\n- No input sanitization\n\nIMPROVEMENTS:\n1. Use memoization or iterative approach for O(n) time complexity\n2. Add input validation with proper error handling\n3. Add maximum input limit to prevent abuse\n4. Consider using dynamic programming approach\n\nExample improved code:\n```python\ndef calculate_fibonacci(n):\n    if n < 0:\n        raise ValueError(\"Input must be non-negative\")\n    if n > 1000:  # Prevent abuse\n        raise ValueError(\"Input too large\")\n    \n    if n <= 1:\n        return n\n    \n    a, b = 0, 1\n    for _ in range(2, n + 1):\n        a, b = b, a + b\n    return b\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import os\n\ndef read_user_file(filename):\n    file_path = os.path.join(\"/home/user/\", filename)\n    with open(file_path, \"r\") as f:\n        content = f.read()\n    return content\n\n# Usage\nuser_input = input(\"Enter filename: \")\ndata = read_user_file(user_input)\nprint(data)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Path traversal vulnerability: User can access any file by using \"../\" in filename\n- No input validation or sanitization\n- Hardcoded directory path creates inflexibility\n- No error handling for file operations\n\nBUGS:\n- Will crash if file doesn't exist\n- Will crash if user doesn't have read permissions\n- No handling for binary files (will try to decode as text)\n\nPERFORMANCE ISSUES:\n- Loads entire file into memory (problematic for large files)\n- No file size limits\n\nIMPROVEMENTS:\n1. Validate and sanitize input filename\n2. Use absolute path validation\n3. Add proper error handling\n4. Implement file size limits\n5. Use pathlib for safer path handling\n\nExample improved code:\n```python\nimport os\nfrom pathlib import Path\n\ndef read_user_file(filename):\n    # Validate filename\n    if not filename or \"..\" in filename or \"/\" in filename:\n        raise ValueError(\"Invalid filename\")\n    \n    # Create safe path\n    base_dir = Path(\"/home/user/\")\n    file_path = base_dir / filename\n    \n    # Ensure path is within allowed directory\n    if not file_path.resolve().is_relative_to(base_dir.resolve()):\n        raise ValueError(\"Access denied\")\n    \n    # Check file size\n    if file_path.stat().st_size > 10 * 1024 * 1024:  # 10MB limit\n        raise ValueError(\"File too large\")\n    \n    try:\n        with open(file_path, \"r\") as f:\n            return f.read()\n    except FileNotFoundError:\n        raise FileNotFoundError(\"File not found\")\n    except PermissionError:\n        raise PermissionError(\"Access denied\")\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```class UserManager:\n    def __init__(self):\n        self.users = {}\n    \n    def add_user(self, username, password):\n        self.users[username] = password\n    \n    def authenticate(self, username, password):\n        if username in self.users:\n            if self.users[username] == password:\n                return True\n        return False\n    \n    def get_user_info(self, username):\n        return self.users.get(username, None)\n\n# Usage\nmanager = UserManager()\nmanager.add_user(\"admin\", \"password123\")\nprint(manager.authenticate(\"admin\", \"password123\"))``` [/INST] Quality Score: 30/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Passwords stored in plain text (major security risk)\n- No password hashing or encryption\n- No password strength validation\n- No protection against brute force attacks\n- No session management\n\nBUGS:\n- No input validation for username/password\n- No handling of edge cases (empty strings, None values)\n- No duplicate user prevention\n\nPERFORMANCE ISSUES:\n- In-memory storage (data lost on restart)\n- No database persistence\n- No indexing for large user bases\n\nIMPROVEMENTS:\n1. Hash passwords using bcrypt or similar\n2. Add input validation and sanitization\n3. Implement proper session management\n4. Use database for persistence\n5. Add password strength requirements\n6. Implement rate limiting for authentication attempts\n\nExample improved code:\n```python\nimport hashlib\nimport secrets\nfrom typing import Optional\n\nclass UserManager:\n    def __init__(self):\n        self.users = {}\n        self.sessions = {}\n    \n    def _hash_password(self, password: str) -> str:\n        salt = secrets.token_hex(16)\n        password_hash = hashlib.pbkdf2_hmac('sha256', \n                                          password.encode('utf-8'), \n                                          salt.encode('utf-8'), \n                                          100000)\n        return f\"{salt}:{password_hash.hex()}\"\n    \n    def _verify_password(self, password: str, stored_hash: str) -> bool:\n        salt, hash_value = stored_hash.split(':')\n        password_hash = hashlib.pbkdf2_hmac('sha256',\n                                           password.encode('utf-8'),\n                                           salt.encode('utf-8'),\n                                           100000)\n        return password_hash.hex() == hash_value\n    \n    def add_user(self, username: str, password: str) -> bool:\n        if not username or not password:\n            raise ValueError(\"Username and password required\")\n        if len(password) < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        if username in self.users:\n            raise ValueError(\"User already exists\")\n        \n        self.users[username] = self._hash_password(password)\n        return True\n    \n    def authenticate(self, username: str, password: str) -> bool:\n        if username not in self.users:\n            return False\n        return self._verify_password(password, self.users[username])\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import re, pathlib, requests\nfrom urllib.parse import urlparse\nfrom html.parser import HTMLParser\n\nclass TitleParser(HTMLParser):\n    def __init__(self): super().__init__(); self.in_title=False; self.title=[]\n    def handle_starttag(self, tag, attrs): self.in_title = tag.lower()==\"title\"\n    def handle_endtag(self, tag): \n        if tag.lower()==\"title\": self.in_title=False\n    def handle_data(self, data): \n        if self.in_title: self.title.append(data)\n\nALLOWED_SCHEMES = {\"http\",\"https\"}\nBLOCKED_HOSTS = {\"169.254.169.254\",\"localhost\",\"127.0.0.1\",\"::1\"}\n\ndef safe_fetch(url: str):\n    u = urlparse(url)\n    if u.scheme not in ALLOWED_SCHEMES or u.hostname in BLOCKED_HOSTS:\n        raise ValueError(\"URL not allowed\")\n    with requests.get(url, timeout=10, stream=True) as r:\n        r.raise_for_status()\n        text = r.text  # consider iter_content for huge pages\n    p = TitleParser(); p.feed(text)\n    title = \"\".join(p.title).strip() or \"No Title\"\n    safe_name = re.sub(r\"[^a-zA-Z0-9_.-]\", \"_\", u.hostname or \"page\")\n    pathlib.Path(f\"{safe_name}.html\").write_text(text, encoding=\"utf-8\")\n    return title``` [/INST] Quality Score: 48/100\n\nBUGS:\n- No error handling for network failures or malformed HTML\n- File overwrites without checking if it already exists\n- No validation of URL format before parsing\n\nPERFORMANCE ISSUES:\n- Loads entire response into memory with r.text instead of streaming\n- No caching mechanism for repeated requests to same URL\n\nSECURITY CONCERNS:\n- File writes to current directory without path validation\n- No size limits on downloaded content (potential DoS)\n- No validation of HTML content before parsing\n\nIMPROVEMENTS:\n1. Add proper error handling and file size limits\n```python\nimport re, pathlib, requests\nfrom urllib.parse import urlparse\nfrom html.parser import HTMLParser\n\ndef safe_fetch(url: str, max_size: int = 10 * 1024 * 1024):\n    u = urlparse(url)\n    if u.scheme not in ALLOWED_SCHEMES or u.hostname in BLOCKED_HOSTS:\n        raise ValueError(\"URL not allowed\")\n    \n    try:\n        with requests.get(url, timeout=10, stream=True) as r:\n            r.raise_for_status()\n            content_length = int(r.headers.get('content-length', 0))\n            if content_length > max_size:\n                raise ValueError(\"Content too large\")\n            \n            content = b\"\"\n            for chunk in r.iter_content(chunk_size=8192):\n                content += chunk\n                if len(content) > max_size:\n                    raise ValueError(\"Content too large\")\n            \n            text = content.decode('utf-8', errors='ignore')\n    except requests.RequestException as e:\n        raise ValueError(f\"Network error: {e}\")\n    \n    # Parse and save with proper error handling\n    p = TitleParser()\n    try:\n        p.feed(text)\n    except Exception:\n        pass  # Continue even if HTML parsing fails\n    \n    title = \"\".join(p.title).strip() or \"No Title\"\n    safe_name = re.sub(r\"[^a-zA-Z0-9_.-]\", \"_\", u.hostname or \"page\")\n    \n    # Create safe output directory\n    output_dir = pathlib.Path(\"downloads\")\n    output_dir.mkdir(exist_ok=True)\n    output_path = output_dir / f\"{safe_name}.html\"\n    \n    output_path.write_text(text, encoding=\"utf-8\")\n    return title\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import sqlite3\n\ndef get_user(email):\n    conn = sqlite3.connect(\"app.db\")\n    cur = conn.cursor()\n    # vulnerable string interpolation\n    q = f\"SELECT id, email, role FROM users WHERE email = '{email}'\"\n    rows = cur.execute(q).fetchall()\n    conn.close()\n    return rows[0] if rows else None\n\ndef delete_user(email):\n    # missing commit and no existence check\n    conn = sqlite3.connect(\"app.db\")\n    cur = conn.cursor()\n    cur.execute(f\"DELETE FROM users WHERE email = '{email}'\")\n    conn.close()\n\nif __name__ == \"__main__\":\n    e = input(\"Email: \")\n    print(get_user(e))\n    if input(\"Delete? (y/n): \") == \"y\":\n        delete_user(e)``` [/INST] Quality Score: 32/100\n\nBUGS:\n- delete_user never commits; deletion may not persist\n- get_user returns None for empty table but code assumes tuple downstream in callers (potential TypeError)\n\nPERFORMANCE ISSUES:\n- Opens/closes a new connection per call; consider pooling or reuse for batch operations\n\nSECURITY CONCERNS:\n- SQL injection via string interpolation for email\n- Potential information disclosure by printing raw tuple\n\nIMPROVEMENTS:\n1. Use parameterized queries and ensure transactions are committed\n```python\nimport sqlite3\n\ndef with_conn(db=\"app.db\"):\n    conn = sqlite3.connect(db)\n    try:\n        yield conn\n        conn.commit()\n    finally:\n        conn.close()\n\ndef get_user(email):\n    with sqlite3.connect(\"app.db\") as conn:\n        cur = conn.execute(\"SELECT id, email, role FROM users WHERE email = ?\", (email,))\n        return cur.fetchone()\n\ndef delete_user(email):\n    with sqlite3.connect(\"app.db\") as conn:\n        conn.execute(\"DELETE FROM users WHERE email = ?\", (email,))\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```from flask import Flask, request, jsonify\n\napp = Flask(__name__)\nAPI_TOKEN = \"secret\"  # hardcoded\n\n@app.route(\"/admin/users\", methods=[\"GET\"])\ndef list_users():\n    # auth via query param; vulnerable\n    if request.args.get(\"token\") != API_TOKEN:\n        return jsonify({\"error\": \"unauthorized\"}), 401\n    # pretend to read from file\n    with open(\"users.json\") as f:\n        return f.read()  # returns raw string, wrong content-type\n\n@app.route(\"/echo\", methods=[\"POST\"])\ndef echo():\n    # reflects untrusted data directly\n    msg = request.json.get(\"msg\", \"\")\n    return f\"<div>{msg}</div>\"\n\nif __name__ == \"__main__\":\n    app.run(debug=True)``` [/INST] Quality Score: 35/100\n\nBUGS:\n- /admin/users returns plain string without JSON content-type; clients may fail parsing\n- Missing error handling if users.json not found\n\nPERFORMANCE ISSUES:\n- Reading file on every request instead of caching\n\nSECURITY CONCERNS:\n- Hardcoded secret; weak auth via token in query string (leaks via logs)\n- XSS in /echo by reflecting unsanitized HTML\n- debug=True exposes Werkzeug debugger with arbitrary code execution in some configs\n\nIMPROVEMENTS:\n1. Use header-based auth, environment secrets, safe JSON responses, and HTML escaping\n```python\nimport os, html, json\nfrom flask import Flask, request, jsonify, Response\n\napp = Flask(__name__)\nAPI_TOKEN = os.environ.get(\"API_TOKEN\")\n\ndef require_token():\n    token = request.headers.get(\"Authorization\",\"\").replace(\"Bearer \",\"\")\n    if not API_TOKEN or token != API_TOKEN:\n        return jsonify({\"error\":\"unauthorized\"}), 401\n\n@app.get(\"/admin/users\")\ndef list_users():\n    auth = require_token()\n    if auth: return auth\n    try:\n        with open(\"users.json\",\"r\",encoding=\"utf-8\") as f:\n            data = json.load(f)\n        return jsonify(data)\n    except FileNotFoundError:\n        return jsonify({\"error\":\"not found\"}), 404\n\n@app.post(\"/echo\")\ndef echo():\n    msg = request.json.get(\"msg\",\"\")\n    return Response(f\"<div>{html.escape(msg)}</div>\", mimetype=\"text/html\")\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import os, time\n\nTMP_DIR = \"/tmp\"\n\ndef process_upload(filename, content):\n    # race: check then use predictable path\n    path = os.path.join(TMP_DIR, filename)\n    if not os.path.exists(path):\n        open(path, \"w\").write(content)\n    # later read it\n    time.sleep(0.5)  # simulate delay\n    data = open(path).read()\n    return data.upper()\n\nif __name__ == \"__main__\":\n    print(process_upload(input(\"name: \"), \"hello\"))``` [/INST] Quality Score: 44/100\n\nBUGS:\n- No file closing (implicit close but errors may leak descriptors)\n- No input validation on filename; may include path separators\n\nPERFORMANCE ISSUES:\n- Sleep delays processing; unnecessary blocking\n- Reads whole file even if large\n\nSECURITY CONCERNS:\n- TOCTOU race: attacker can symlink path to sensitive file after existence check\n- Path traversal via filename allowing writes to arbitrary locations\n\nIMPROVEMENTS:\n1. Use secure temporary files and sanitize paths; open with exclusive flags\n```python\nimport io, os, tempfile\n\ndef process_upload(content: str):\n    with tempfile.NamedTemporaryFile(mode=\"w+\", delete=False, dir=tempfile.gettempdir(), encoding=\"utf-8\") as tf:\n        tf.write(content)\n        tf.flush()\n        tf.seek(0)\n        data = tf.read()\n    return data.upper()\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import csv\n\ndef load_prices(path):\n    rows = []\n    with open(path) as f:\n        for r in csv.DictReader(f):\n            # trusting numeric fields; may be blank\n            price = float(r[\"price\"])  # ValueError possible\n            # evaluating discount expression directly from CSV (dangerous)\n            discount = eval(r.get(\"discount\",\"0\"))  # arbitrary code exec\n            rows.append({\"name\": r[\"name\"], \"final\": price - discount})\n    return rows\n\nif __name__ == \"__main__\":\n    print(load_prices(\"prices.csv\"))``` [/INST] Quality Score: 27/100\n\nBUGS:\n- Unhandled ValueError for missing or non-numeric price\n- discount application can produce negative final prices with no checks\n\nPERFORMANCE ISSUES:\n- No streaming/validation\u00e2\u20ac\u201dokay for small files, but no batching for large inputs\n\nSECURITY CONCERNS:\n- eval on CSV field allows arbitrary code execution\n- No path validation; could read unexpected files\n\nIMPROVEMENTS:\n1. Replace eval with safe parsing and validate numbers\n```python\nimport csv\nfrom decimal import Decimal, InvalidOperation\n\ndef parse_decimal(s):\n    try: return Decimal(s)\n    except (InvalidOperation, TypeError): return None\n\ndef load_prices(path):\n    out=[]\n    with open(path, newline=\"\", encoding=\"utf-8\") as f:\n        for r in csv.DictReader(f):\n            price = parse_decimal(r.get(\"price\"))\n            disc = parse_decimal(r.get(\"discount\") or \"0\")\n            if price is None or disc is None: continue\n            final = max(Decimal(\"0\"), price - disc)\n            out.append({\"name\": r.get(\"name\",\"\"), \"final\": str(final)})\n    return out\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import asyncio\n\nasync def fetch(i):\n    await asyncio.sleep(0.1)\n    return i*i\n\nasync def main():\n    tasks = []\n    for i in range(20):\n        tasks.append(fetch(i))  # forgot to create tasks with ensure_future\n    results = []\n    for t in tasks:\n        # not awaited; result is coroutine object\n        results.append(t)\n    print(results)\n\nif __name__ == \"__main__\":\n    loop = asyncio.get_event_loop()\n    loop.run_until_complete(main())\n    # bad: nested run in same loop (would crash if called again)\n    asyncio.run(main())``` [/INST] Quality Score: 26/100\n\nBUGS:\n- Appends coroutine objects, never awaited, leading to no execution\n- Double-running event loop with loop.run_until_complete and then asyncio.run may raise RuntimeError\n\nPERFORMANCE ISSUES:\n- Serial awaits inside a loop would be slow even if fixed; should gather\n\nSECURITY CONCERNS:\n- None specific beyond stability\n\nIMPROVEMENTS:\n1. Use asyncio.gather and avoid double loop management\n```python\nimport asyncio\n\nasync def fetch(i):\n    await asyncio.sleep(0.1)\n    return i*i\n\nasync def main():\n    results = await asyncio.gather(*(fetch(i) for i in range(20)))\n    print(results)\n\nif __name__ == \"__main__\":\n    asyncio.run(main())\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```cache = []\n\ndef read_big_file(path):\n    # loads entire file and caches forever -> memory growth\n    with open(path, \"rb\") as f:\n        data = f.read()\n    cache.append(data)\n    return len(data)\n\ndef process_many(paths):\n    total = 0\n    for p in paths:\n        total += read_big_file(p)\n    return total``` [/INST] Quality Score: 41/100\n\nBUGS:\n- No bounds on cache; memory leak across calls\n- No file existence/error handling\n\nPERFORMANCE ISSUES:\n- Reads entire files into memory; should stream for large files\n- Appending binary blobs prevents GC and increases fragmentation\n\nSECURITY CONCERNS:\n- If paths are user-controlled, could load sensitive files\n\nIMPROVEMENTS:\n1. Stream and limit cache by size or use LRU\n```python\nfrom functools import lru_cache\nimport os\n\n@lru_cache(maxsize=128)\ndef file_size(path):\n    return os.path.getsize(path)\n\ndef process_many(paths):\n    return sum(file_size(p) for p in paths if os.path.exists(p))\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```def transfer(a, b, amount):\n    try:\n        a['balance'] -= amount\n        if a['balance'] < 0:\n            raise ValueError(\"insufficient\")\n        b['balance'] += amount\n    except:\n        # swallow all errors\n        pass\n\nif __name__ == \"__main__\":\n    alice = {\"balance\": 100}\n    bob = {\"balance\": 50}\n    transfer(alice, bob, 200)\n    print(alice, bob)``` [/INST] Quality Score: 38/100\n\nBUGS:\n- Bare except swallows insufficient funds error, leaving inconsistent state (Alice reduced but Bob not credited if error after)\n- No return value indicating success/failure\n\nPERFORMANCE ISSUES:\n- None significant\n\nSECURITY CONCERNS:\n- Silent failures complicate auditing and could hide fraud\n\nIMPROVEMENTS:\n1. Use explicit exception handling and atomicity\n```python\ndef transfer(a, b, amount):\n    if amount <= 0:\n        raise ValueError(\"amount must be positive\")\n    if a[\"balance\"] < amount:\n        raise ValueError(\"insufficient funds\")\n    a[\"balance\"] -= amount\n    b[\"balance\"] += amount\n    return True\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import os\n\nDEBUG = True\nSECRET_KEY = \"supersecret\"\nDB_URL = \"postgres://user:pass@localhost/db\"\n\ndef connect():\n    # pretend to connect using DB_URL\n    print(\"Connecting to\", DB_URL)\n\nif __name__ == \"__main__\":\n    if DEBUG:\n        print(\"Debug mode on\")\n    connect()``` [/INST] Quality Score: 52/100\n\nBUGS:\n- None functional, but poor separation of config from code\n\nPERFORMANCE ISSUES:\n- Printing secrets to console in debug could end up in logs\n\nSECURITY CONCERNS:\n- Hardcoded secrets and credentials in source control\n- Debug mode enabled by default\n\nIMPROVEMENTS:\n1. Move secrets to environment variables and default to secure values\n```python\nimport os\n\nDEBUG = os.getenv(\"APP_DEBUG\",\"0\") == \"1\"\nSECRET_KEY = os.getenv(\"SECRET_KEY\")\nDB_URL = os.getenv(\"DATABASE_URL\")\n\ndef connect():\n    if not DB_URL:\n        raise RuntimeError(\"DATABASE_URL not set\")\n    # connect using DB_URL\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```from flask import Flask, request, render_template_string\n\napp = Flask(__name__)\n\n@app.route(\"/greet\")\ndef greet():\n    name = request.args.get(\"name\",\"world\")\n    # unsafe: marking user input as safe HTML\n    tpl = \"<h1>Hello, {{ name|safe }}</h1>\"\n    return render_template_string(tpl, name=name)\n\nif __name__ == \"__main__\":\n    app.run()``` [/INST] Quality Score: 46/100\n\nBUGS:\n- None functional, but template marks untrusted input as safe\n\nPERFORMANCE ISSUES:\n- Using render_template_string for every request rather than compiled templates\n\nSECURITY CONCERNS:\n- Reflected XSS via name parameter using |safe\n\nIMPROVEMENTS:\n1. Escape user input and use templates\n```python\nfrom flask import Flask, request, render_template_string\n\napp = Flask(__name__)\n\nTPL = \"<h1>Hello, {{ name }}</h1>\"\n\n@app.get(\"/greet\")\ndef greet():\n    name = request.args.get(\"name\",\"world\")\n    return render_template_string(TPL, name=name)\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import os\n\ndef list_dir(user_input):\n    # command injection via shell=True\n    cmd = f\"ls -la {user_input}\"\n    os.system(cmd)\n\nif __name__ == \"__main__\":\n    list_dir(input(\"Path: \"))``` [/INST] Quality Score: 28/100\n\nBUGS:\n- Fails on paths with spaces or special characters\n\nPERFORMANCE ISSUES:\n- Spawns a shell process unnecessarily\n\nSECURITY CONCERNS:\n- Command injection by passing ; rm -rf / or similar\n- No validation of path\n\nIMPROVEMENTS:\n1. Use subprocess without shell and validate input\n```python\nimport subprocess\nfrom pathlib import Path\n\ndef list_dir(path_str):\n    p = Path(path_str).expanduser().resolve()\n    result = subprocess.run([\"ls\",\"-la\", str(p)], check=True, capture_output=True, text=True)\n    return result.stdout\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import os\nfrom flask import Flask, request, send_file\n\napp = Flask(__name__)\n\nBASE = \"/var/data\"\n\n@app.route(\"/download\")\ndef download():\n    name = request.args.get(\"name\",\"\")\n    path = os.path.join(BASE, name)  # no normalization\n    if os.path.exists(path):\n        return send_file(path)\n    return \"Not found\", 404``` [/INST] Quality Score: 43/100\n\nBUGS:\n- No method checks; only GET assumed\n\nPERFORMANCE ISSUES:\n- Repeated os.path.exists without caching is fine; main issue is security\n\nSECURITY CONCERNS:\n- Path traversal via name=../../etc/passwd to escape BASE\n- Possible disclosure of any readable file\n\nIMPROVEMENTS:\n1. Normalize and ensure path stays within BASE\n```python\nfrom pathlib import Path\nfrom flask import Flask, request, send_file, abort\n\nBASE = Path(\"/var/data\").resolve()\n\n@app.get(\"/download\")\ndef download():\n    name = request.args.get(\"name\",\"\")\n    target = (BASE / name).resolve()\n    if not str(target).startswith(str(BASE)) or not target.exists():\n        abort(404)\n    return send_file(target)\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```from flask import Flask, request\nimport time, os\n\napp = Flask(__name__)\nUPLOAD_DIR = \"uploads\"\n\n@app.post(\"/upload\")\ndef upload():\n    f = request.files[\"file\"]\n    path = os.path.join(UPLOAD_DIR, f.filename)\n    f.save(path)  # save immediately\n    # scan after saving (race: window where file is accessible)\n    time.sleep(0.2)  # simulate scan\n    if f.filename.endswith(\".exe\"):\n        os.remove(path)  # too late; already served by static server?\n        return \"Rejected\", 400\n    return \"OK\" ``` [/INST] Quality Score: 49/100\n\nBUGS:\n- No check if UPLOAD_DIR exists; may crash\n\nPERFORMANCE ISSUES:\n- Sleep-based scan blocks worker thread\n\nSECURITY CONCERNS:\n- Race condition: file saved and potentially accessible before validation\n- Trusts filename; content-type and magic bytes not checked\n\nIMPROVEMENTS:\n1. Validate first to a quarantine path and atomically move after scanning\n```python\nfrom pathlib import Path\nimport tempfile, shutil\n\nUPLOAD_DIR = Path(\"uploads\"); UPLOAD_DIR.mkdir(exist_ok=True)\n\ndef is_safe(stream):\n    head = stream.read(512); stream.seek(0)\n    return b\"MZ\" not in head  # toy check\n\n@app.post(\"/upload\")\ndef upload():\n    f = request.files[\"file\"]\n    with tempfile.NamedTemporaryFile(delete=False, dir=UPLOAD_DIR) as tmp:\n        f.save(tmp.name)\n    with open(tmp.name,\"rb\") as s:\n        if not is_safe(s):\n            os.remove(tmp.name); return \"Rejected\", 400\n    final = UPLOAD_DIR / f.filename\n    shutil.move(tmp.name, final)\n    return \"OK\"\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import logging\n\nlogging.basicConfig(level=logging.INFO)\n\ndef login(username, password):\n    # logs sensitive info\n    logging.info(\"Login attempt user=%s password=%s\", username, password)\n    if username == \"admin\" and password == \"admin\":\n        return True\n    return False``` [/INST] Quality Score: 50/100\n\nBUGS:\n- Hardcoded credentials\n\nPERFORMANCE ISSUES:\n- None significant\n\nSECURITY CONCERNS:\n- Logs plaintext passwords\n- Trivial credentials\n\nIMPROVEMENTS:\n1. Remove sensitive logging and use proper auth\n```python\nimport logging\n\ndef login(username, password):\n    logging.info(\"Login attempt for user=%s\", username)\n    # verify against hashed password store (omitted)\n    return False\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import hashlib, os\n\ndef hash_password(password, salt=b\"fixedsalt\"):\n    # weak MD5 and constant salt\n    return hashlib.md5(salt + password.encode()).hexdigest()\n\ndef verify(password, digest):\n    return hash_password(password) == digest\n\nif __name__ == \"__main__\":\n    d = hash_password(\"secret\")\n    print(verify(\"secret\", d))``` [/INST] Quality Score: 34/100\n\nBUGS:\n- None functional, but cryptographically unsafe\n\nPERFORMANCE ISSUES:\n- MD5 is fast, making brute force cheap\n\nSECURITY CONCERNS:\n- MD5 is broken for password hashing\n- Fixed salt allows rainbow table reuse\n\nIMPROVEMENTS:\n1. Use a dedicated password KDF like bcrypt/argon2 with per-user salt\n```python\nfrom argon2 import PasswordHasher\nph = PasswordHasher()\n\ndef hash_password(pw): return ph.hash(pw)\ndef verify(pw, digest): \n    try: ph.verify(digest, pw); return True\n    except Exception: return False\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import jwt\n\nSECRET = \"topsecret\"\n\ndef parse_token(token):\n    # disables verification by passing options\n    data = jwt.decode(token, options={\"verify_signature\": False})\n    return data.get(\"user\")\n\nif __name__ == \"__main__\":\n    print(parse_token(input(\"JWT: \")))``` [/INST] Quality Score: 29/100\n\nBUGS:\n- Assumes user claim exists; may raise AttributeError if not dict\n\nPERFORMANCE ISSUES:\n- None notable\n\nSECURITY CONCERNS:\n- Signature verification disabled allows forged tokens\n- No audience/issuer checks\n\nIMPROVEMENTS:\n1. Verify signature and validate claims\n```python\nimport jwt, datetime\nSECRET=\"topsecret\"\nALGO=\"HS256\"\n\ndef parse_token(token):\n    data = jwt.decode(token, SECRET, algorithms=[ALGO], options={\"require\":[\"exp\",\"iat\",\"sub\"]}, audience=\"myapi\")\n    return data.get(\"sub\")\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import threading, time\n\ncounter = 0\n\ndef worker(n):\n    global counter\n    for _ in range(n):\n        tmp = counter\n        time.sleep(0.001)  # simulate work\n        counter = tmp + 1\n\nthreads = [threading.Thread(target=worker, args=(1000,)) for _ in range(4)]\n[t.start() for t in threads]\n[t.join() for t in threads]\nprint(\"counter =\", counter)``` [/INST] Quality Score: 45/100\n\nBUGS:\n- Data race on counter leading to lost updates; final value < 4000\n\nPERFORMANCE ISSUES:\n- Frequent context switches due to sleep\n\nSECURITY CONCERNS:\n- None\n\nIMPROVEMENTS:\n1. Use a Lock or atomic primitives\n```python\nimport threading\n\ncounter = 0\nlock = threading.Lock()\n\ndef worker(n):\n    global counter\n    for _ in range(n):\n        with lock:\n            counter += 1\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import requests\n\ndef get_json(url):\n    # disables SSL verification\n    r = requests.get(url, verify=False)  # insecure\n    if r.status_code == 200:\n        return r.json()\n    return {}\n\nif __name__ == \"__main__\":\n    print(get_json(\"https://example.com/api\"))``` [/INST] Quality Score: 53/100\n\nBUGS:\n- No exception handling for JSON decoding\n\nPERFORMANCE ISSUES:\n- No timeout or retries; may hang\n\nSECURITY CONCERNS:\n- verify=False exposes to MITM\n- No certificate pinning for sensitive APIs\n\nIMPROVEMENTS:\n1. Enable TLS verification, add timeouts and basic retry\n```python\nimport requests\n\nSESSION = requests.Session()\nADAPTER = requests.adapters.HTTPAdapter(max_retries=3)\nSESSION.mount(\"https://\", ADAPTER)\n\ndef get_json(url, timeout=5):\n    r = SESSION.get(url, timeout=timeout)\n    r.raise_for_status()\n    return r.json()\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```def paginate(items, page, size):\n    # off-by-one: page starts at 1 but uses 0-based math incorrectly\n    start = page * size\n    end = start + size - 1\n    return items[start:end]\n\nif __name__ == \"__main__\":\n    print(paginate(list(range(10)), 1, 3))``` [/INST] Quality Score: 58/100\n\nBUGS:\n- Off-by-one errors: page=1 should start at index 0; end slicing exclusive misused\n- Negative or zero page/size not validated\n\nPERFORMANCE ISSUES:\n- None\n\nSECURITY CONCERNS:\n- None\n\nIMPROVEMENTS:\n1. Correct indices and validate inputs\n```python\ndef paginate(items, page, size):\n    if page < 1 or size < 1: return []\n    start = (page - 1) * size\n    end = start + size\n    return items[start:end]\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```def most_frequent(nums):\n    # O(n^2) counting\n    best = None\n    bestc = -1\n    for x in nums:\n        c = 0\n        for y in nums:\n            if x == y:\n                c += 1\n        if c > bestc:\n            bestc = c\n            best = x\n    return best``` [/INST] Quality Score: 62/100\n\nBUGS:\n- Works but ties are arbitrary; behavior unspecified\n\nPERFORMANCE ISSUES:\n- Quadratic time; slow for large lists\n\nSECURITY CONCERNS:\n- None\n\nIMPROVEMENTS:\n1. Use a hashmap for linear time\n```python\nfrom collections import Counter\ndef most_frequent(nums):\n    return Counter(nums).most_common(1)[0][0] if nums else None\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import asyncio\nimport websockets\n\nclients = set()\n\nasync def handler(ws):\n    clients.add(ws)  # never removed on disconnect if error\n    async for msg in ws:\n        for c in clients:\n            await c.send(msg)  # exceptions not handled\n    # missing finally to remove ws\n\nasync def main():\n    async with websockets.serve(handler, \"0.0.0.0\", 8765):\n        await asyncio.Future()\n\nasyncio.run(main())``` [/INST] Quality Score: 47/100\n\nBUGS:\n- Clients not removed on errors; memory leak\n- Broadcast loop fails if one client breaks; others starve\n\nPERFORMANCE ISSUES:\n- Serial awaits per client; slow with many clients\n\nSECURITY CONCERNS:\n- No authentication or origin checks\n\nIMPROVEMENTS:\n1. Remove clients in finally and handle send errors\n```python\nasync def handler(ws):\n    clients.add(ws)\n    try:\n        async for msg in ws:\n            dead=set()\n            for c in clients:\n                try: await c.send(msg)\n                except: dead.add(c)\n            clients.difference_update(dead)\n    finally:\n        clients.discard(ws)\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```from datetime import datetime\nimport time\n\ndef log_event(ts_str):\n    # parse naive datetime string and compare to now\n    event = datetime.strptime(ts_str, \"%Y-%m-%d %H:%M:%S\")\n    now = datetime.now()\n    diff = (now - event).total_seconds()\n    print(\"Seconds ago:\", diff)\n\nif __name__ == \"__main__\":\n    log_event(\"2025-10-09 12:00:00\")``` [/INST] Quality Score: 60/100\n\nBUGS:\n- Treats naive datetimes as local time; mismatches if input intended as UTC\n\nPERFORMANCE ISSUES:\n- None\n\nSECURITY CONCERNS:\n- None\n\nIMPROVEMENTS:\n1. Use timezone-aware datetimes and explicit TZ\n```python\nfrom datetime import datetime, timezone\n\ndef log_event(ts_str):\n    event = datetime.strptime(ts_str, \"%Y-%m-%d %H:%M:%S\").replace(tzinfo=timezone.utc)\n    now = datetime.now(timezone.utc)\n    print(\"Seconds ago:\", (now - event).total_seconds())\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```def is_equal(a, b):\n    # exact float equality\n    return a == b\n\nif __name__ == \"__main__\":\n    print(is_equal(0.1+0.2, 0.3))``` [/INST] Quality Score: 70/100\n\nBUGS:\n- Floating point equality leads to false negatives due to precision\n\nPERFORMANCE ISSUES:\n- None\n\nSECURITY CONCERNS:\n- None\n\nIMPROVEMENTS:\n1. Use tolerance-based comparison\n```python\nimport math\ndef is_equal(a, b, eps=1e-9):\n    return math.isclose(a, b, rel_tol=1e-9, abs_tol=eps)\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```def add_item(item, items=[]):\n    # default mutable arg: shared list across calls\n    items.append(item)\n    return items\n\nif __name__ == \"__main__\":\n    print(add_item(1))\n    print(add_item(2))``` [/INST] Quality Score: 63/100\n\nBUGS:\n- Default list persists across invocations, causing unintended accumulation\n\nPERFORMANCE ISSUES:\n- None\n\nSECURITY CONCERNS:\n- None\n\nIMPROVEMENTS:\n1. Default to None and create per-call list\n```python\ndef add_item(item, items=None):\n    if items is None: items = []\n    items.append(item)\n    return items\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import pickle\nfrom flask import Flask, request\n\napp = Flask(__name__)\n\n@app.post(\"/load\")\ndef load():\n    data = request.data  # untrusted\n    obj = pickle.loads(data)  # RCE risk\n    return {\"type\": str(type(obj))}\n\nif __name__ == \"__main__\":\n    app.run()``` [/INST] Quality Score: 22/100\n\nBUGS:\n- No error handling for malformed payloads\n\nPERFORMANCE ISSUES:\n- Could block on large payloads; no size limits\n\nSECURITY CONCERNS:\n- Insecure deserialization: pickle.loads on untrusted data enables arbitrary code execution\n\nIMPROVEMENTS:\n1. Use safe serialization (JSON) and cap payload size\n```python\nfrom flask import Flask, request, jsonify\n\n@app.post(\"/load\")\ndef load():\n    if request.content_length and request.content_length > 1_000_000:\n        return jsonify({\"error\":\"payload too large\"}), 413\n    try:\n        obj = request.get_json(force=True)\n        return jsonify({\"keys\": list(obj.keys()) if isinstance(obj, dict) else None})\n    except Exception:\n        return jsonify({\"error\":\"invalid json\"}), 400\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import json, time\nfrom http.server import BaseHTTPRequestHandler, HTTPServer\n\nclass H(BaseHTTPRequestHandler):\n    sessions = {}  # in-memory sessions; never expire\n\n    def do_POST(self):\n        if self.path == \"/login\":\n            ln = int(self.headers.get(\"Content-Length\", \"0\"))\n            body = self.rfile.read(ln).decode()\n            data = json.loads(body)\n            if data.get(\"user\") and data.get(\"pass\"):\n                token = data[\"user\"] + str(time.time())\n                H.sessions[token] = data[\"user\"]\n                self.send_response(200); self.end_headers()\n                self.wfile.write(token.encode())\n            else:\n                self.send_response(400); self.end_headers()\n\nserver = HTTPServer((\"0.0.0.0\", 8080), H)\nserver.serve_forever()``` [/INST] Quality Score: 40/100\n\nBUGS:\n- No content-type checks; JSON errors unhandled\n- Reusing class variable sessions without thread safety (server may be multithreaded depending on mixin)\n\nPERFORMANCE ISSUES:\n- Sessions grow unbounded; memory leak\n\nSECURITY CONCERNS:\n- Session token is predictable (username + timestamp)\n- No HTTPS enforcement, no SameSite/HttpOnly cookies, tokens sent in body/plain\n- No password verification\n\nIMPROVEMENTS:\n1. Use secure random tokens with expiry and proper error handling\n```python\nimport os, json, secrets, time\nfrom http.server import BaseHTTPRequestHandler, HTTPServer\n\nclass H(BaseHTTPRequestHandler):\n    sessions = {}\n    def do_POST(self):\n        try:\n            data = json.loads(self.rfile.read(int(self.headers.get(\"Content-Length\",\"0\"))))\n        except Exception:\n            self.send_response(400); self.end_headers(); return\n        if self.path == \"/login\":\n            if not data.get(\"user\") or not data.get(\"pass\"):\n                self.send_response(400); self.end_headers(); return\n            token = secrets.token_urlsafe(32)\n            H.sessions[token] = {\"u\": data[\"user\"], \"exp\": time.time()+3600}\n            self.send_response(200); self.end_headers(); self.wfile.write(token.encode())\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import re\n\ndef parse_email(s):\n    # overly permissive regex; accepts invalid and allows catastrophic backtracking\n    pattern = r\"(.+)+@(.+)+\\.(.+)+\"\n    return bool(re.match(pattern, s))\n\nif __name__ == \"__main__\":\n    print(parse_email(\"a\"*10000 + \"@x.com\"))``` [/INST] Quality Score: 56/100\n\nBUGS:\n- Regex can exhibit catastrophic backtracking on long strings, causing CPU spikes\n- Accepts many invalid emails; false positives\n\nPERFORMANCE ISSUES:\n- Regex complexity leads to potential DoS\n\nSECURITY CONCERNS:\n- Potential ReDoS if user-controlled input is validated using this pattern\n\nIMPROVEMENTS:\n1. Use anchored, simpler regex or email.utils\n```python\nimport re\nEMAIL_RE = re.compile(r\"^[^@\\s]+@[^@\\s]+\\.[^@\\s]+$\")\ndef parse_email(s): return bool(EMAIL_RE.match(s))\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import json, time\nimport requests\n\ndef poll_job(api_url, job_id):\n    # tight loop without backoff; no timeout\n    while True:\n        r = requests.get(f\"{api_url}/jobs/{job_id}\")\n        if r.status_code == 200 and r.json().get(\"status\") == \"done\":\n            return r.json()\n        time.sleep(0.1)\n\nif __name__ == \"__main__\":\n    print(poll_job(\"https://example.com/api\", \"123\"))``` [/INST] Quality Score: 57/100\n\nBUGS:\n- No exit on error or unknown statuses; potential infinite loop\n\nPERFORMANCE ISSUES:\n- Aggressive polling (100 ms) can hammer the API\n- No timeout or retry policy\n\nSECURITY CONCERNS:\n- No TLS verification customization; default OK but missing auth headers\n\nIMPROVEMENTS:\n1. Add timeouts, backoff, and max wait\n```python\nimport time, requests\n\ndef poll_job(api_url, job_id, timeout=30):\n    end = time.time()+timeout\n    delay = 0.5\n    while time.time() < end:\n        r = requests.get(f\"{api_url}/jobs/{job_id}\", timeout=5)\n        r.raise_for_status()\n        st = r.json().get(\"status\")\n        if st == \"done\": return r.json()\n        if st in {\"failed\",\"canceled\"}: raise RuntimeError(st)\n        time.sleep(delay); delay = min(5.0, delay*1.5)\n    raise TimeoutError(\"job not done\")\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import json\nfrom flask import Flask, request\n\napp = Flask(__name__)\n\n@app.post(\"/api/items\")\ndef items():\n    data = request.json  # may be None\n    # expects 'qty' int but trusts client\n    total = data[\"price\"] * data[\"qty\"]  # TypeError if string\n    return {\"total\": total}\n\nif __name__ == \"__main__\":\n    app.run()``` [/INST] Quality Score: 59/100\n\nBUGS:\n- Assumes JSON body exists; KeyError/TypeError on missing/invalid fields\n- No type casting; arithmetic on strings raises errors\n\nPERFORMANCE ISSUES:\n- None significant\n\nSECURITY CONCERNS:\n- Trusting client-calculated fields could lead to abuse in real apps\n\nIMPROVEMENTS:\n1. Validate and coerce input with defaults\n```python\nfrom flask import Flask, request, jsonify\n\n@app.post(\"/api/items\")\ndef items():\n    data = request.get_json(silent=True) or {}\n    try:\n        price = float(data.get(\"price\", 0))\n        qty = int(data.get(\"qty\", 0))\n    except ValueError:\n        return jsonify({\"error\":\"invalid types\"}), 400\n    return jsonify({\"total\": price * qty})\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import threading, json\nfrom http.server import HTTPServer, BaseHTTPRequestHandler\n\ndb = {\"hits\": 0, \"items\": []}\n\nclass H(BaseHTTPRequestHandler):\n    def do_POST(self):\n        ln = int(self.headers.get(\"Content-Length\",\"0\"))\n        body = self.rfile.read(ln)\n        item = json.loads(body).get(\"item\")\n        # race: no lock protecting db\n        db[\"items\"].append(item)\n        db[\"hits\"] += 1\n        self.send_response(201); self.end_headers()\n\nsrv = HTTPServer((\"0.0.0.0\", 8000), H)\nsrv.serve_forever()``` [/INST] Quality Score: 46/100\n\nBUGS:\n- No error handling for invalid JSON/body\n- Global mutable dict accessed from multiple threads without synchronization (HTTPServer can be threaded in variations)\n\nPERFORMANCE ISSUES:\n- In-memory store grows unbounded\n\nSECURITY CONCERNS:\n- No authentication and accepts arbitrary data\n\nIMPROVEMENTS:\n1. Add locks and validation, or use a thread-safe queue/datastore\n```python\nimport threading\nlock = threading.Lock()\ndef add_item(item):\n    with lock:\n        db[\"items\"].append(item)\n        db[\"hits\"] += 1\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import yaml\n\ndef load_conf(path):\n    with open(path) as f:\n        return yaml.load(f, Loader=yaml.Loader)  # unsafe loader\n\nif __name__ == \"__main__\":\n    print(load_conf(\"config.yml\"))``` [/INST] Quality Score: 55/100\n\nBUGS:\n- Crashes on missing file; no handling\n\nPERFORMANCE ISSUES:\n- None\n\nSECURITY CONCERNS:\n- Unsafe YAML loader can construct arbitrary objects (code execution vectors)\n\nIMPROVEMENTS:\n1. Use safe_load and validate schema\n```python\nimport yaml, jsonschema\n\ndef load_conf(path):\n    with open(path, encoding=\"utf-8\") as f:\n        data = yaml.safe_load(f)\n    # validate with schema (omitted)\n    return data\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import subprocess\nimport sys\n\ndef run_command(user_input):\n    cmd = f\"ls -la {user_input}\"\n    result = subprocess.run(cmd, shell=True, capture_output=True, text=True)\n    return result.stdout\n\nif __name__ == \"__main__\":\n    user_path = input(\"Enter path: \")\n    print(run_command(user_path))``` [/INST] Quality Score: 15/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Command injection vulnerability via shell=True and unsanitized input\n- User can execute arbitrary commands using ; or && operators\n- No input validation or sanitization\n\nBUGS:\n- No error handling for subprocess failures\n- Will crash if command fails\n\nPERFORMANCE ISSUES:\n- Spawns shell process unnecessarily\n- No timeout protection\n\nIMPROVEMENTS:\n1. Avoid shell=True and use proper argument lists\n2. Validate and sanitize input\n3. Add proper error handling and timeouts\n\nExample improved code:\n```python\nimport subprocess\nimport os\nfrom pathlib import Path\n\ndef run_command(user_input):\n    # Validate and sanitize input\n    try:\n        safe_path = Path(user_input).expanduser().resolve()\n        if not safe_path.exists():\n            raise ValueError(\"Path does not exist\")\n    except Exception as e:\n        raise ValueError(f\"Invalid path: {e}\")\n    \n    # Use proper argument list without shell\n    result = subprocess.run(\n        [\"ls\", \"-la\", str(safe_path)],\n        capture_output=True,\n        text=True,\n        timeout=10\n    )\n    \n    if result.returncode != 0:\n        raise RuntimeError(f\"Command failed: {result.stderr}\")\n    \n    return result.stdout\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import json\nfrom flask import Flask, request\n\napp = Flask(__name__)\n\n@app.route(\"/api/data\", methods=[\"POST\"])\ndef process_data():\n    data = request.get_json()\n    \n    # Process the data\n    result = {\n        \"status\": \"success\",\n        \"data\": data,\n        \"length\": len(str(data))\n    }\n    \n    return json.dumps(result)\n\nif __name__ == \"__main__\":\n    app.run(host=\"0.0.0.0\", port=5000)``` [/INST] Quality Score: 42/100\n\nBUGS:\n- No error handling for malformed JSON requests\n- Missing Content-Type validation\n- No input size limits\n\nPERFORMANCE ISSUES:\n- Converting data to string just for length calculation is inefficient\n- No request timeout handling\n\nSECURITY CONCERNS:\n- Binding to 0.0.0.0 exposes service to all interfaces\n- No authentication or rate limiting\n- Potential DoS via large payloads\n- No input validation\n\nIMPROVEMENTS:\n1. Add proper error handling and validation\n2. Implement security measures\n3. Optimize performance\n\nExample improved code:\n```python\nimport json\nfrom flask import Flask, request, jsonify\nfrom functools import wraps\n\napp = Flask(__name__)\n\nMAX_PAYLOAD_SIZE = 1024 * 1024  # 1MB limit\n\ndef validate_json(f):\n    @wraps(f)\n    def decorated_function(*args, **kwargs):\n        if not request.is_json:\n            return jsonify({\"error\": \"Content-Type must be application/json\"}), 400\n        \n        content_length = request.content_length\n        if content_length and content_length > MAX_PAYLOAD_SIZE:\n            return jsonify({\"error\": \"Payload too large\"}), 413\n        \n        try:\n            request.json  # Validate JSON parsing\n        except Exception:\n            return jsonify({\"error\": \"Invalid JSON\"}), 400\n        \n        return f(*args, **kwargs)\n    return decorated_function\n\n@app.route(\"/api/data\", methods=[\"POST\"])\n@validate_json\ndef process_data():\n    data = request.get_json()\n    \n    # Validate required fields\n    if not isinstance(data, dict):\n        return jsonify({\"error\": \"Data must be a JSON object\"}), 400\n    \n    result = {\n        \"status\": \"success\",\n        \"data\": data,\n        \"field_count\": len(data)\n    }\n    \n    return jsonify(result)\n\nif __name__ == \"__main__\":\n    app.run(host=\"127.0.0.1\", port=5000, debug=False)\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import threading\nimport time\n\nclass Counter:\n    def __init__(self):\n        self.value = 0\n    \n    def increment(self):\n        temp = self.value\n        time.sleep(0.001)  # Simulate work\n        self.value = temp + 1\n    \n    def get_value(self):\n        return self.value\n\ncounter = Counter()\n\ndef worker():\n    for _ in range(1000):\n        counter.increment()\n\n# Create multiple threads\nthreads = []\nfor i in range(5):\n    t = threading.Thread(target=worker, args=(client,))\n    threads.append(t)\n    t.start()\n\n# Wait for all threads to complete\nfor t in threads:\n    t.join()\n\nprint(f\"Final count: {counter.get_value()}\")``` [/INST] Quality Score: 38/100\n\nBUGS:\n- Race condition in increment() method\n- Non-atomic read-modify-write operation\n- Final count will be less than expected (5000)\n\nPERFORMANCE ISSUES:\n- Unnecessary sleep in critical section\n- No thread synchronization\n\nSECURITY CONCERNS:\n- Race condition could lead to data corruption\n- No protection against concurrent access\n\nIMPROVEMENTS:\n1. Use proper synchronization mechanisms\n2. Make operations atomic\n\nExample improved code:\n```python\nimport threading\n\nclass Counter:\n    def __init__(self):\n        self._value = 0\n        self._lock = threading.Lock()\n    \n    def increment(self):\n        with self._lock:\n            # Simulate work outside critical section\n            time.sleep(0.001)\n            self._value += 1\n    \n    def get_value(self):\n        with self._lock:\n            return self._value\n\n# Alternative: Use atomic operations\nimport threading\n\nclass AtomicCounter:\n    def __init__(self):\n        self._value = 0\n        self._lock = threading.RLock()\n    \n    def increment(self):\n        with self._lock:\n            self._value += 1\n    \n    def get_value(self):\n        with self._lock:\n            return self._value\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import os\nimport tempfile\n\ndef process_file(file_content):\n    # Create temporary file\n    temp_file = tempfile.NamedTemporaryFile(delete=False)\n    temp_file.write(file_content.encode())\n    temp_file.close()\n    \n    # Process the file\n    with open(temp_file.name, \"r\") as f:\n        content = f.read()\n    \n    # Clean up\n    os.remove(temp_file.name)\n    \n    return content.upper()\n\nif __name__ == \"__main__\":\n    result = process_file(\"Hello, World!\")\n    print(result)``` [/INST] Quality Score: 55/100\n\nBUGS:\n- No error handling if file operations fail\n- Potential file descriptor leak if exception occurs after file creation\n- No cleanup if processing fails\n\nPERFORMANCE ISSUES:\n- Unnecessary file I/O for simple string operations\n- Creates temporary file for small data\n\nSECURITY CONCERNS:\n- Temporary file might not be cleaned up if process crashes\n- No validation of file_content size\n\nIMPROVEMENTS:\n1. Use context managers for proper cleanup\n2. Avoid unnecessary file operations\n3. Add proper error handling\n\nExample improved code:\n```python\nimport tempfile\nimport os\nfrom contextlib import contextmanager\n\n@contextmanager\ndef temporary_file(content):\n    \"\"\"Context manager for temporary file with automatic cleanup.\"\"\"\n    temp_file = None\n    try:\n        with tempfile.NamedTemporaryFile(mode=\"w+\", delete=False, encoding=\"utf-8\") as tf:\n            tf.write(content)\n            temp_file = tf.name\n        yield temp_file\n    finally:\n        if temp_file and os.path.exists(temp_file):\n            try:\n                os.unlink(temp_file)\n            except OSError:\n                pass  # File already deleted\n\ndef process_file(file_content):\n    # Validate input\n    if not isinstance(file_content, str):\n        raise ValueError(\"File content must be a string\")\n    \n    # For simple operations, avoid file I/O\n    if len(file_content) < 1024:  # Small content\n        return file_content.upper()\n    \n    # For larger content, use temporary file\n    with temporary_file(file_content) as temp_path:\n        with open(temp_path, \"r\", encoding=\"utf-8\") as f:\n            content = f.read()\n        return content.upper()\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import hashlib\nimport os\n\ndef hash_file(filename):\n    \"\"\"Calculate MD5 hash of a file.\"\"\"\n    hash_md5 = hashlib.md5()\n    with open(filename, \"rb\") as f:\n        for chunk in iter(lambda: f.read(4096), b\"\"):\n            hash_md5.update(chunk)\n    return hash_md5.hexdigest()\n\ndef verify_integrity(file_path, expected_hash):\n    \"\"\"Verify file integrity against expected hash.\"\"\"\n    actual_hash = hash_file(file_path)\n    return actual_hash == expected_hash\n\nif __name__ == \"__main__\":\n    file_path = input(\"Enter file path: \")\n    hash_value = hash_file(file_path)\n    print(f\"MD5: {hash_value}\")\n    \n    expected = input(\"Enter expected hash: \")\n    if verify_integrity(file_path, expected):\n        print(\"File integrity verified!\")\n    else:\n        print(\"File integrity check failed!\")``` [/INST] Quality Score: 65/100\n\nBUGS:\n- No error handling for file operations\n- No validation of input parameters\n- Will crash if file doesn't exist or can't be read\n\nPERFORMANCE ISSUES:\n- MD5 is fast but not cryptographically secure\n- No file size limits\n\nSECURITY CONCERNS:\n- MD5 is vulnerable to collision attacks\n- No protection against path traversal\n- No input sanitization\n\nIMPROVEMENTS:\n1. Use cryptographically secure hash function\n2. Add proper error handling and validation\n3. Secure file path handling\n\nExample improved code:\n```python\nimport hashlib\nimport os\nfrom pathlib import Path\n\ndef hash_file(file_path, algorithm=\"sha256\"):\n    \"\"\"Calculate hash of a file using specified algorithm.\"\"\"\n    file_path = Path(file_path).resolve()\n    \n    if not file_path.exists():\n        raise FileNotFoundError(f\"File not found: {file_path}\")\n    \n    if not file_path.is_file():\n        raise ValueError(f\"Path is not a file: {file_path}\")\n    \n    # Choose hash algorithm\n    if algorithm.lower() == \"md5\":\n        hasher = hashlib.md5()\n    elif algorithm.lower() == \"sha256\":\n        hasher = hashlib.sha256()\n    elif algorithm.lower() == \"sha1\":\n        hasher = hashlib.sha1()\n    else:\n        raise ValueError(f\"Unsupported algorithm: {algorithm}\")\n    \n    try:\n        with open(file_path, \"rb\") as f:\n            while chunk := f.read(8192):  # 8KB chunks\n                hasher.update(chunk)\n        return hasher.hexdigest()\n    except IOError as e:\n        raise IOError(f\"Error reading file: {e}\")\n\ndef verify_integrity(file_path, expected_hash, algorithm=\"sha256\"):\n    \"\"\"Verify file integrity against expected hash.\"\"\"\n    try:\n        actual_hash = hash_file(file_path, algorithm)\n        return actual_hash.lower() == expected_hash.lower()\n    except Exception as e:\n        print(f\"Verification failed: {e}\")\n        return False\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import socket\nimport threading\n\nclass SimpleServer:\n    def __init__(self, host=\"localhost\", port=8080):\n        self.host = host\n        self.port = port\n        self.clients = []\n    \n    def handle_client(self, client_socket):\n        while True:\n            data = client_socket.recv(1024)\n            if not data:\n                break\n            response = f\"Echo: {data.decode()}\"\n            client_socket.send(response.encode())\n        client_socket.close()\n    \n    def start(self):\n        server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n        server.bind((self.host, self.port))\n        server.listen(5)\n        \n        while True:\n            client, addr = server.accept()\n            self.clients.append(client)\n            thread = threading.Thread(target=self.handle_client, args=(client,))\n            thread.start()\n\nif __name__ == \"__main__\":\n    server = SimpleServer()\n    server.start()``` [/INST] Quality Score: 33/100\n\nBUGS:\n- No error handling for socket operations\n- Threads are never joined or cleaned up\n- No graceful shutdown mechanism\n- No connection limits or timeouts\n\nPERFORMANCE ISSUES:\n- Creates unlimited threads (potential thread exhaustion)\n- No connection pooling or limits\n- Memory leak with growing clients list\n\nSECURITY CONCERNS:\n- No authentication or authorization\n- No input validation or sanitization\n- Vulnerable to DoS attacks\n- No rate limiting\n\nIMPROVEMENTS:\n1. Add proper error handling and resource management\n2. Implement connection limits and timeouts\n3. Add security measures\n\nExample improved code:\n```python\nimport socket\nimport threading\nimport time\nfrom concurrent.futures import ThreadPoolExecutor\n\nclass SimpleServer:\n    def __init__(self, host=\"127.0.0.1\", port=8080, max_connections=10):\n        self.host = host\n        self.port = port\n        self.max_connections = max_connections\n        self.running = False\n        self.executor = ThreadPoolExecutor(max_workers=max_connections)\n    \n    def handle_client(self, client_socket, addr):\n        \"\"\"Handle client connection with proper error handling.\"\"\"\n        try:\n            client_socket.settimeout(30)  # 30 second timeout\n            \n            while self.running:\n                try:\n                    data = client_socket.recv(1024)\n                    if not data:\n                        break\n                    \n                    # Basic input validation\n                    message = data.decode(\"utf-8\", errors=\"ignore\")\n                    if len(message) > 1000:  # Limit message size\n                        response = \"Error: Message too long\"\n                    else:\n                        response = f\"Echo: {message}\"\n                    \n                    client_socket.send(response.encode(\"utf-8\"))\n                except socket.timeout:\n                    break\n        except Exception as e:\n            print(f\"Error handling client {addr}: {e}\")\n        finally:\n            try:\n                client_socket.close()\n            except:\n                pass\n    \n    def start(self):\n        \"\"\"Start the server with proper resource management.\"\"\"\n        self.running = True\n        \n        try:\n            server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n            server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\n            server.bind((self.host, self.port))\n            server.listen(self.max_connections)\n            \n            print(f\"Server listening on {self.host}:{self.port}\")\n            \n            while self.running:\n                try:\n                    client, addr = server.accept()\n                    self.executor.submit(self.handle_client, client, addr)\n                except Exception as e:\n                    if self.running:\n                        print(f\"Error accepting connection: {e}\")\n        except Exception as e:\n            print(f\"Server error: {e}\")\n        finally:\n            server.close()\n    \n    def stop(self):\n        \"\"\"Gracefully stop the server.\"\"\"\n        self.running = False\n        self.executor.shutdown(wait=True)\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import re\n\ndef validate_email(email):\n    \"\"\"Validate email address using regex.\"\"\"\n    pattern = r\"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$\"\n    return bool(re.match(pattern, email))\n\ndef extract_emails(text):\n    \"\"\"Extract all email addresses from text.\"\"\"\n    pattern = r\"[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}\"\n    return re.findall(pattern, text)\n\ndef sanitize_input(user_input):\n    \"\"\"Sanitize user input by removing special characters.\"\"\"\n    return re.sub(r\"[^a-zA-Z0-9@._-]\", \"\", user_input)\n\nif __name__ == \"__main__\":\n    email = input(\"Enter email: \")\n    if validate_email(email):\n        print(\"Valid email!\")\n    else:\n        print(\"Invalid email!\")\n    \n    text = input(\"Enter text to extract emails: \")\n    emails = extract_emails(text)\n    print(f\"Found emails: {emails}\")\n    \n    user_input = input(\"Enter text to sanitize: \")\n    clean = sanitize_input(user_input)\n    print(f\"Sanitized: {clean}\")``` [/INST] Quality Score: 72/100\n\nBUGS:\n- Email regex is too permissive and may allow invalid emails\n- No handling of edge cases (empty strings, None values)\n- Sanitization function is too aggressive and may break valid input\n\nPERFORMANCE ISSUES:\n- Regex compilation happens on every call (should be compiled once)\n- No input size limits\n\nSECURITY CONCERNS:\n- Email validation regex can be bypassed\n- Sanitization may not be sufficient for all use cases\n- No protection against regex DoS attacks\n\nIMPROVEMENTS:\n1. Use proper email validation library\n2. Pre-compile regex patterns\n3. Add proper input validation\n\nExample improved code:\n```python\nimport re\nfrom email_validator import validate_email, EmailNotValidError\n\nclass EmailValidator:\n    def __init__(self):\n        # Pre-compile regex patterns for better performance\n        self.email_pattern = re.compile(\n            r\"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$\",\n            re.IGNORECASE\n        )\n        self.extract_pattern = re.compile(\n            r\"[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}\",\n            re.IGNORECASE\n        )\n    \n    def validate_email(self, email):\n        \"\"\"Validate email address using proper validation.\"\"\"\n        if not email or not isinstance(email, str):\n            return False\n        \n        if len(email) > 254:  # RFC 5321 limit\n            return False\n        \n        try:\n            # Use proper email validation\n            validate_email(email)\n            return True\n        except EmailNotValidError:\n            return False\n    \n    def extract_emails(self, text):\n        \"\"\"Extract all email addresses from text.\"\"\"\n        if not text or not isinstance(text, str):\n            return []\n        \n        if len(text) > 10000:  # Limit input size\n            raise ValueError(\"Input text too long\")\n        \n        matches = self.extract_pattern.findall(text)\n        return [email for email in matches if self.validate_email(email)]\n    \n    def sanitize_input(self, user_input, max_length=1000):\n        \"\"\"Sanitize user input with proper validation.\"\"\"\n        if not user_input or not isinstance(user_input, str):\n            return \"\"\n        \n        if len(user_input) > max_length:\n            user_input = user_input[:max_length]\n        \n        # Remove potentially dangerous characters but preserve email structure\n        sanitized = re.sub(r\"[<>\"'&]\", \"\", user_input)\n        return sanitized\n\n# Usage\nvalidator = EmailValidator()\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import os\nimport shutil\n\ndef backup_file(source, destination):\n    \"\"\"Backup a file to destination.\"\"\"\n    if os.path.exists(source):\n        shutil.copy2(source, destination)\n        print(f\"Backed up {source} to {destination}\")\n    else:\n        print(f\"Source file {source} does not exist\")\n\nif __name__ == \"__main__\":\n    source = input(\"Enter source file: \")\n    dest = input(\"Enter destination: \")\n    backup_file(source, dest)``` [/INST] Quality Score: 48/100\n\nBUGS:\n- No error handling for file operations\n- No validation of input paths\n- Will crash if destination directory doesn't exist\n\nPERFORMANCE ISSUES:\n- No file size limits\n- No progress indication for large files\n\nSECURITY CONCERNS:\n- Path traversal vulnerability in user input\n- No validation of file paths\n- Could overwrite system files\n\nIMPROVEMENTS:\n1. Add proper error handling and path validation\n2. Implement security measures\n3. Add progress indication\n\nExample improved code:\n```python\nimport os\nimport shutil\nfrom pathlib import Path\n\ndef backup_file(source, destination):\n    \"\"\"Safely backup a file to destination.\"\"\"\n    try:\n        source_path = Path(source).resolve()\n        dest_path = Path(destination).resolve()\n        \n        # Validate source\n        if not source_path.exists():\n            raise FileNotFoundError(f\"Source file not found: {source_path}\")\n        \n        if not source_path.is_file():\n            raise ValueError(f\"Source is not a file: {source_path}\")\n        \n        # Validate destination\n        dest_dir = dest_path.parent\n        if not dest_dir.exists():\n            dest_dir.mkdir(parents=True, exist_ok=True)\n        \n        # Check if destination already exists\n        if dest_path.exists():\n            response = input(f\"Destination exists. Overwrite? (y/n): \")\n            if response.lower() != 'y':\n                print(\"Backup cancelled\")\n                return False\n        \n        # Perform backup\n        shutil.copy2(source_path, dest_path)\n        print(f\"Successfully backed up {source_path} to {dest_path}\")\n        return True\n        \n    except Exception as e:\n        print(f\"Backup failed: {e}\")\n        return False\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import urllib.request\nimport json\n\ndef fetch_data(url):\n    \"\"\"Fetch data from URL and return JSON.\"\"\"\n    response = urllib.request.urlopen(url)\n    data = response.read()\n    return json.loads(data.decode())\n\ndef process_api_data(url):\n    \"\"\"Process data from API endpoint.\"\"\"\n    data = fetch_data(url)\n    results = []\n    for item in data:\n        if 'name' in item and 'value' in item:\n            results.append({\n                'name': item['name'],\n                'value': item['value'] * 2\n            })\n    return results\n\nif __name__ == \"__main__\":\n    api_url = input(\"Enter API URL: \")\n    results = process_api_data(api_url)\n    print(f\"Processed {len(results)} items\")\n    for result in results:\n        print(f\"{result['name']}: {result['value']}\")``` [/INST] Quality Score: 52/100\n\nBUGS:\n- No error handling for network requests\n- No validation of URL format\n- Assumes data structure without validation\n\nPERFORMANCE ISSUES:\n- No timeout for network requests\n- No caching mechanism\n- Loads entire response into memory\n\nSECURITY CONCERNS:\n- No URL validation (potential SSRF)\n- No SSL certificate verification\n- No rate limiting\n\nIMPROVEMENTS:\n1. Add proper error handling and validation\n2. Implement security measures\n3. Add timeout and caching\n\nExample improved code:\n```python\nimport urllib.request\nimport urllib.parse\nimport json\nimport ssl\nfrom urllib.error import URLError, HTTPError\n\nclass APIClient:\n    def __init__(self, timeout=30):\n        self.timeout = timeout\n        self.ctx = ssl.create_default_context()\n    \n    def fetch_data(self, url):\n        \"\"\"Safely fetch data from URL.\"\"\"\n        # Validate URL\n        parsed = urllib.parse.urlparse(url)\n        if not parsed.scheme or not parsed.netloc:\n            raise ValueError(\"Invalid URL format\")\n        \n        # Only allow HTTP/HTTPS\n        if parsed.scheme not in ['http', 'https']:\n            raise ValueError(\"Only HTTP/HTTPS URLs are allowed\")\n        \n        try:\n            request = urllib.request.Request(url)\n            request.add_header('User-Agent', 'Python-API-Client/1.0')\n            \n            with urllib.request.urlopen(request, timeout=self.timeout, context=self.ctx) as response:\n                if response.status != 200:\n                    raise HTTPError(url, response.status, \"HTTP Error\", response.headers, None)\n                \n                data = response.read()\n                if len(data) > 10 * 1024 * 1024:  # 10MB limit\n                    raise ValueError(\"Response too large\")\n                \n                return json.loads(data.decode('utf-8'))\n                \n        except URLError as e:\n            raise ConnectionError(f\"Network error: {e}\")\n        except json.JSONDecodeError as e:\n            raise ValueError(f\"Invalid JSON response: {e}\")\n    \n    def process_api_data(self, url):\n        \"\"\"Process data from API with validation.\"\"\"\n        try:\n            data = self.fetch_data(url)\n            \n            if not isinstance(data, list):\n                raise ValueError(\"Expected list data\")\n            \n            results = []\n            for item in data:\n                if not isinstance(item, dict):\n                    continue\n                \n                if 'name' in item and 'value' in item:\n                    try:\n                        value = float(item['value'])\n                        results.append({\n                            'name': str(item['name']),\n                            'value': value * 2\n                        })\n                    except (ValueError, TypeError):\n                        continue\n            \n            return results\n            \n        except Exception as e:\n            print(f\"Error processing API data: {e}\")\n            return []\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import logging\nimport os\n\ndef setup_logging():\n    logging.basicConfig(\n        level=logging.INFO,\n        format='%(asctime)s - %(levelname)s - %(message)s',\n        filename='app.log'\n    )\n\ndef log_user_action(user_id, action, details):\n    \"\"\"Log user actions for audit trail.\"\"\"\n    message = f\"User {user_id} performed {action}: {details}\"\n    logging.info(message)\n\ndef log_error(error_msg, user_id=None):\n    \"\"\"Log error messages.\"\"\"\n    if user_id:\n        logging.error(f\"User {user_id} encountered error: {error_msg}\")\n    else:\n        logging.error(f\"System error: {error_msg}\")\n\nif __name__ == \"__main__\":\n    setup_logging()\n    log_user_action(\"user123\", \"login\", \"successful login\")\n    log_error(\"Database connection failed\")``` [/INST] Quality Score: 68/100\n\nBUGS:\n- No error handling for file operations\n- No log rotation or size limits\n- No validation of input parameters\n\nPERFORMANCE ISSUES:\n- No async logging\n- File I/O blocks on every log\n- No log compression\n\nSECURITY CONCERNS:\n- Logs may contain sensitive information\n- No log sanitization\n- Potential log injection attacks\n\nIMPROVEMENTS:\n1. Add proper error handling and log rotation\n2. Implement log sanitization\n3. Add security measures\n\nExample improved code:\n```python\nimport logging\nimport logging.handlers\nimport os\nimport re\nfrom datetime import datetime\n\nclass SecureLogger:\n    def __init__(self, log_file='app.log', max_size=10*1024*1024, backup_count=5):\n        self.logger = logging.getLogger('secure_app')\n        self.logger.setLevel(logging.INFO)\n        \n        # Clear existing handlers\n        self.logger.handlers.clear()\n        \n        # Create rotating file handler\n        handler = logging.handlers.RotatingFileHandler(\n            log_file, maxBytes=max_size, backupCount=backup_count\n        )\n        \n        # Create formatter\n        formatter = logging.Formatter(\n            '%(asctime)s - %(levelname)s - %(message)s',\n            datefmt='%Y-%m-%d %H:%M:%S'\n        )\n        handler.setFormatter(formatter)\n        \n        self.logger.addHandler(handler)\n        \n        # Prevent sensitive data patterns\n        self.sensitive_patterns = [\n            r'password[=:]\\s*\\S+',\n            r'token[=:]\\s*\\S+',\n            r'key[=:]\\s*\\S+',\n            r'\\b\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}\\b'  # Credit card\n        ]\n    \n    def sanitize_message(self, message):\n        \"\"\"Remove sensitive information from log messages.\"\"\"\n        for pattern in self.sensitive_patterns:\n            message = re.sub(pattern, '[REDACTED]', message, flags=re.IGNORECASE)\n        return message\n    \n    def log_user_action(self, user_id, action, details):\n        \"\"\"Log user actions with sanitization.\"\"\"\n        if not user_id or not action:\n            return\n        \n        message = f\"User {user_id} performed {action}: {details}\"\n        sanitized_message = self.sanitize_message(message)\n        self.logger.info(sanitized_message)\n    \n    def log_error(self, error_msg, user_id=None):\n        \"\"\"Log error messages with sanitization.\"\"\"\n        if not error_msg:\n            return\n        \n        if user_id:\n            message = f\"User {user_id} encountered error: {error_msg}\"\n        else:\n            message = f\"System error: {error_msg}\"\n        \n        sanitized_message = self.sanitize_message(message)\n        self.logger.error(sanitized_message)\n\n# Usage\nlogger = SecureLogger()\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n    \"\"\"Generate a random password.\"\"\"\n    chars = string.ascii_letters + string.digits\n    password = ''.join(random.choice(chars) for _ in range(length))\n    return password\n\ndef create_user(username, email):\n    \"\"\"Create a new user account.\"\"\"\n    password = generate_password()\n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password\n    }\n    # In real app, save to database\n    print(f\"User created: {username} with password: {password}\")\n    return user_data\n\nif __name__ == \"__main__\":\n    username = input(\"Enter username: \")\n    email = input(\"Enter email: \")\n    user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n    def __init__(self):\n        self.lowercase = string.ascii_lowercase\n        self.uppercase = string.ascii_uppercase\n        self.digits = string.digits\n        self.special = \"!@#$%^&*\"\n        self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n    \n    def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n        \"\"\"Generate cryptographically secure password.\"\"\"\n        if length < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        \n        password = []\n        \n        # Ensure minimum requirements\n        password.extend(secrets.choice(self.special) for _ in range(min_special))\n        password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n        password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n        password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n        \n        # Fill remaining length\n        remaining = length - len(password)\n        password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n        \n        # Shuffle to randomize positions\n        secrets.SystemRandom().shuffle(password)\n        \n        return ''.join(password)\n    \n    def validate_password(self, password):\n        \"\"\"Validate password strength.\"\"\"\n        if len(password) < 8:\n            return False, \"Password must be at least 8 characters\"\n        \n        if not re.search(r'[a-z]', password):\n            return False, \"Password must contain lowercase letters\"\n        \n        if not re.search(r'[A-Z]', password):\n            return False, \"Password must contain uppercase letters\"\n        \n        if not re.search(r'\\d', password):\n            return False, \"Password must contain digits\"\n        \n        if not re.search(r'[!@#$%^&*]', password):\n            return False, \"Password must contain special characters\"\n        \n        return True, \"Password is strong\"\n\ndef create_user(username, email):\n    \"\"\"Create user with secure password.\"\"\"\n    # Validate inputs\n    if not username or not email:\n        raise ValueError(\"Username and email required\")\n    \n    if len(username) < 3:\n        raise ValueError(\"Username must be at least 3 characters\")\n    \n    # Generate secure password\n    generator = PasswordGenerator()\n    password = generator.generate_password()\n    \n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password  # In real app, hash this immediately\n    }\n    \n    # NEVER log passwords!\n    print(f\"User created: {username}\")\n    return user_data\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n    \"\"\"Generate a random password.\"\"\"\n    chars = string.ascii_letters + string.digits\n    password = ''.join(random.choice(chars) for _ in range(length))\n    return password\n\ndef create_user(username, email):\n    \"\"\"Create a new user account.\"\"\"\n    password = generate_password()\n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password\n    }\n    # In real app, save to database\n    print(f\"User created: {username} with password: {password}\")\n    return user_data\n\nif __name__ == \"__main__\":\n    username = input(\"Enter username: \")\n    email = input(\"Enter email: \")\n    user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n    def __init__(self):\n        self.lowercase = string.ascii_lowercase\n        self.uppercase = string.ascii_uppercase\n        self.digits = string.digits\n        self.special = \"!@#$%^&*\"\n        self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n    \n    def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n        \"\"\"Generate cryptographically secure password.\"\"\"\n        if length < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        \n        password = []\n        \n        # Ensure minimum requirements\n        password.extend(secrets.choice(self.special) for _ in range(min_special))\n        password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n        password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n        password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n        \n        # Fill remaining length\n        remaining = length - len(password)\n        password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n        \n        # Shuffle to randomize positions\n        secrets.SystemRandom().shuffle(password)\n        \n        return ''.join(password)\n    \n    def validate_password(self, password):\n        \"\"\"Validate password strength.\"\"\"\n        if len(password) < 8:\n            return False, \"Password must be at least 8 characters\"\n        \n        if not re.search(r'[a-z]', password):\n            return False, \"Password must contain lowercase letters\"\n        \n        if not re.search(r'[A-Z]', password):\n            return False, \"Password must contain uppercase letters\"\n        \n        if not re.search(r'\\d', password):\n            return False, \"Password must contain digits\"\n        \n        if not re.search(r'[!@#$%^&*]', password):\n            return False, \"Password must contain special characters\"\n        \n        return True, \"Password is strong\"\n\ndef create_user(username, email):\n    \"\"\"Create user with secure password.\"\"\"\n    # Validate inputs\n    if not username or not email:\n        raise ValueError(\"Username and email required\")\n    \n    if len(username) < 3:\n        raise ValueError(\"Username must be at least 3 characters\")\n    \n    # Generate secure password\n    generator = PasswordGenerator()\n    password = generator.generate_password()\n    \n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password  # In real app, hash this immediately\n    }\n    \n    # NEVER log passwords!\n    print(f\"User created: {username}\")\n    return user_data\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n    \"\"\"Generate a random password.\"\"\"\n    chars = string.ascii_letters + string.digits\n    password = ''.join(random.choice(chars) for _ in range(length))\n    return password\n\ndef create_user(username, email):\n    \"\"\"Create a new user account.\"\"\"\n    password = generate_password()\n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password\n    }\n    # In real app, save to database\n    print(f\"User created: {username} with password: {password}\")\n    return user_data\n\nif __name__ == \"__main__\":\n    username = input(\"Enter username: \")\n    email = input(\"Enter email: \")\n    user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n    def __init__(self):\n        self.lowercase = string.ascii_lowercase\n        self.uppercase = string.ascii_uppercase\n        self.digits = string.digits\n        self.special = \"!@#$%^&*\"\n        self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n    \n    def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n        \"\"\"Generate cryptographically secure password.\"\"\"\n        if length < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        \n        password = []\n        \n        # Ensure minimum requirements\n        password.extend(secrets.choice(self.special) for _ in range(min_special))\n        password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n        password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n        password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n        \n        # Fill remaining length\n        remaining = length - len(password)\n        password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n        \n        # Shuffle to randomize positions\n        secrets.SystemRandom().shuffle(password)\n        \n        return ''.join(password)\n    \n    def validate_password(self, password):\n        \"\"\"Validate password strength.\"\"\"\n        if len(password) < 8:\n            return False, \"Password must be at least 8 characters\"\n        \n        if not re.search(r'[a-z]', password):\n            return False, \"Password must contain lowercase letters\"\n        \n        if not re.search(r'[A-Z]', password):\n            return False, \"Password must contain uppercase letters\"\n        \n        if not re.search(r'\\d', password):\n            return False, \"Password must contain digits\"\n        \n        if not re.search(r'[!@#$%^&*]', password):\n            return False, \"Password must contain special characters\"\n        \n        return True, \"Password is strong\"\n\ndef create_user(username, email):\n    \"\"\"Create user with secure password.\"\"\"\n    # Validate inputs\n    if not username or not email:\n        raise ValueError(\"Username and email required\")\n    \n    if len(username) < 3:\n        raise ValueError(\"Username must be at least 3 characters\")\n    \n    # Generate secure password\n    generator = PasswordGenerator()\n    password = generator.generate_password()\n    \n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password  # In real app, hash this immediately\n    }\n    \n    # NEVER log passwords!\n    print(f\"User created: {username}\")\n    return user_data\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n    \"\"\"Generate a random password.\"\"\"\n    chars = string.ascii_letters + string.digits\n    password = ''.join(random.choice(chars) for _ in range(length))\n    return password\n\ndef create_user(username, email):\n    \"\"\"Create a new user account.\"\"\"\n    password = generate_password()\n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password\n    }\n    # In real app, save to database\n    print(f\"User created: {username} with password: {password}\")\n    return user_data\n\nif __name__ == \"__main__\":\n    username = input(\"Enter username: \")\n    email = input(\"Enter email: \")\n    user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n    def __init__(self):\n        self.lowercase = string.ascii_lowercase\n        self.uppercase = string.ascii_uppercase\n        self.digits = string.digits\n        self.special = \"!@#$%^&*\"\n        self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n    \n    def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n        \"\"\"Generate cryptographically secure password.\"\"\"\n        if length < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        \n        password = []\n        \n        # Ensure minimum requirements\n        password.extend(secrets.choice(self.special) for _ in range(min_special))\n        password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n        password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n        password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n        \n        # Fill remaining length\n        remaining = length - len(password)\n        password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n        \n        # Shuffle to randomize positions\n        secrets.SystemRandom().shuffle(password)\n        \n        return ''.join(password)\n    \n    def validate_password(self, password):\n        \"\"\"Validate password strength.\"\"\"\n        if len(password) < 8:\n            return False, \"Password must be at least 8 characters\"\n        \n        if not re.search(r'[a-z]', password):\n            return False, \"Password must contain lowercase letters\"\n        \n        if not re.search(r'[A-Z]', password):\n            return False, \"Password must contain uppercase letters\"\n        \n        if not re.search(r'\\d', password):\n            return False, \"Password must contain digits\"\n        \n        if not re.search(r'[!@#$%^&*]', password):\n            return False, \"Password must contain special characters\"\n        \n        return True, \"Password is strong\"\n\ndef create_user(username, email):\n    \"\"\"Create user with secure password.\"\"\"\n    # Validate inputs\n    if not username or not email:\n        raise ValueError(\"Username and email required\")\n    \n    if len(username) < 3:\n        raise ValueError(\"Username must be at least 3 characters\")\n    \n    # Generate secure password\n    generator = PasswordGenerator()\n    password = generator.generate_password()\n    \n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password  # In real app, hash this immediately\n    }\n    \n    # NEVER log passwords!\n    print(f\"User created: {username}\")\n    return user_data\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n    \"\"\"Generate a random password.\"\"\"\n    chars = string.ascii_letters + string.digits\n    password = ''.join(random.choice(chars) for _ in range(length))\n    return password\n\ndef create_user(username, email):\n    \"\"\"Create a new user account.\"\"\"\n    password = generate_password()\n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password\n    }\n    # In real app, save to database\n    print(f\"User created: {username} with password: {password}\")\n    return user_data\n\nif __name__ == \"__main__\":\n    username = input(\"Enter username: \")\n    email = input(\"Enter email: \")\n    user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n    def __init__(self):\n        self.lowercase = string.ascii_lowercase\n        self.uppercase = string.ascii_uppercase\n        self.digits = string.digits\n        self.special = \"!@#$%^&*\"\n        self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n    \n    def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n        \"\"\"Generate cryptographically secure password.\"\"\"\n        if length < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        \n        password = []\n        \n        # Ensure minimum requirements\n        password.extend(secrets.choice(self.special) for _ in range(min_special))\n        password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n        password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n        password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n        \n        # Fill remaining length\n        remaining = length - len(password)\n        password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n        \n        # Shuffle to randomize positions\n        secrets.SystemRandom().shuffle(password)\n        \n        return ''.join(password)\n    \n    def validate_password(self, password):\n        \"\"\"Validate password strength.\"\"\"\n        if len(password) < 8:\n            return False, \"Password must be at least 8 characters\"\n        \n        if not re.search(r'[a-z]', password):\n            return False, \"Password must contain lowercase letters\"\n        \n        if not re.search(r'[A-Z]', password):\n            return False, \"Password must contain uppercase letters\"\n        \n        if not re.search(r'\\d', password):\n            return False, \"Password must contain digits\"\n        \n        if not re.search(r'[!@#$%^&*]', password):\n            return False, \"Password must contain special characters\"\n        \n        return True, \"Password is strong\"\n\ndef create_user(username, email):\n    \"\"\"Create user with secure password.\"\"\"\n    # Validate inputs\n    if not username or not email:\n        raise ValueError(\"Username and email required\")\n    \n    if len(username) < 3:\n        raise ValueError(\"Username must be at least 3 characters\")\n    \n    # Generate secure password\n    generator = PasswordGenerator()\n    password = generator.generate_password()\n    \n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password  # In real app, hash this immediately\n    }\n    \n    # NEVER log passwords!\n    print(f\"User created: {username}\")\n    return user_data\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n    \"\"\"Generate a random password.\"\"\"\n    chars = string.ascii_letters + string.digits\n    password = ''.join(random.choice(chars) for _ in range(length))\n    return password\n\ndef create_user(username, email):\n    \"\"\"Create a new user account.\"\"\"\n    password = generate_password()\n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password\n    }\n    # In real app, save to database\n    print(f\"User created: {username} with password: {password}\")\n    return user_data\n\nif __name__ == \"__main__\":\n    username = input(\"Enter username: \")\n    email = input(\"Enter email: \")\n    user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n    def __init__(self):\n        self.lowercase = string.ascii_lowercase\n        self.uppercase = string.ascii_uppercase\n        self.digits = string.digits\n        self.special = \"!@#$%^&*\"\n        self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n    \n    def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n        \"\"\"Generate cryptographically secure password.\"\"\"\n        if length < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        \n        password = []\n        \n        # Ensure minimum requirements\n        password.extend(secrets.choice(self.special) for _ in range(min_special))\n        password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n        password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n        password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n        \n        # Fill remaining length\n        remaining = length - len(password)\n        password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n        \n        # Shuffle to randomize positions\n        secrets.SystemRandom().shuffle(password)\n        \n        return ''.join(password)\n    \n    def validate_password(self, password):\n        \"\"\"Validate password strength.\"\"\"\n        if len(password) < 8:\n            return False, \"Password must be at least 8 characters\"\n        \n        if not re.search(r'[a-z]', password):\n            return False, \"Password must contain lowercase letters\"\n        \n        if not re.search(r'[A-Z]', password):\n            return False, \"Password must contain uppercase letters\"\n        \n        if not re.search(r'\\d', password):\n            return False, \"Password must contain digits\"\n        \n        if not re.search(r'[!@#$%^&*]', password):\n            return False, \"Password must contain special characters\"\n        \n        return True, \"Password is strong\"\n\ndef create_user(username, email):\n    \"\"\"Create user with secure password.\"\"\"\n    # Validate inputs\n    if not username or not email:\n        raise ValueError(\"Username and email required\")\n    \n    if len(username) < 3:\n        raise ValueError(\"Username must be at least 3 characters\")\n    \n    # Generate secure password\n    generator = PasswordGenerator()\n    password = generator.generate_password()\n    \n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password  # In real app, hash this immediately\n    }\n    \n    # NEVER log passwords!\n    print(f\"User created: {username}\")\n    return user_data\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n    \"\"\"Generate a random password.\"\"\"\n    chars = string.ascii_letters + string.digits\n    password = ''.join(random.choice(chars) for _ in range(length))\n    return password\n\ndef create_user(username, email):\n    \"\"\"Create a new user account.\"\"\"\n    password = generate_password()\n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password\n    }\n    # In real app, save to database\n    print(f\"User created: {username} with password: {password}\")\n    return user_data\n\nif __name__ == \"__main__\":\n    username = input(\"Enter username: \")\n    email = input(\"Enter email: \")\n    user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n    def __init__(self):\n        self.lowercase = string.ascii_lowercase\n        self.uppercase = string.ascii_uppercase\n        self.digits = string.digits\n        self.special = \"!@#$%^&*\"\n        self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n    \n    def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n        \"\"\"Generate cryptographically secure password.\"\"\"\n        if length < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        \n        password = []\n        \n        # Ensure minimum requirements\n        password.extend(secrets.choice(self.special) for _ in range(min_special))\n        password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n        password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n        password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n        \n        # Fill remaining length\n        remaining = length - len(password)\n        password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n        \n        # Shuffle to randomize positions\n        secrets.SystemRandom().shuffle(password)\n        \n        return ''.join(password)\n    \n    def validate_password(self, password):\n        \"\"\"Validate password strength.\"\"\"\n        if len(password) < 8:\n            return False, \"Password must be at least 8 characters\"\n        \n        if not re.search(r'[a-z]', password):\n            return False, \"Password must contain lowercase letters\"\n        \n        if not re.search(r'[A-Z]', password):\n            return False, \"Password must contain uppercase letters\"\n        \n        if not re.search(r'\\d', password):\n            return False, \"Password must contain digits\"\n        \n        if not re.search(r'[!@#$%^&*]', password):\n            return False, \"Password must contain special characters\"\n        \n        return True, \"Password is strong\"\n\ndef create_user(username, email):\n    \"\"\"Create user with secure password.\"\"\"\n    # Validate inputs\n    if not username or not email:\n        raise ValueError(\"Username and email required\")\n    \n    if len(username) < 3:\n        raise ValueError(\"Username must be at least 3 characters\")\n    \n    # Generate secure password\n    generator = PasswordGenerator()\n    password = generator.generate_password()\n    \n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password  # In real app, hash this immediately\n    }\n    \n    # NEVER log passwords!\n    print(f\"User created: {username}\")\n    return user_data\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n    \"\"\"Generate a random password.\"\"\"\n    chars = string.ascii_letters + string.digits\n    password = ''.join(random.choice(chars) for _ in range(length))\n    return password\n\ndef create_user(username, email):\n    \"\"\"Create a new user account.\"\"\"\n    password = generate_password()\n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password\n    }\n    # In real app, save to database\n    print(f\"User created: {username} with password: {password}\")\n    return user_data\n\nif __name__ == \"__main__\":\n    username = input(\"Enter username: \")\n    email = input(\"Enter email: \")\n    user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n    def __init__(self):\n        self.lowercase = string.ascii_lowercase\n        self.uppercase = string.ascii_uppercase\n        self.digits = string.digits\n        self.special = \"!@#$%^&*\"\n        self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n    \n    def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n        \"\"\"Generate cryptographically secure password.\"\"\"\n        if length < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        \n        password = []\n        \n        # Ensure minimum requirements\n        password.extend(secrets.choice(self.special) for _ in range(min_special))\n        password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n        password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n        password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n        \n        # Fill remaining length\n        remaining = length - len(password)\n        password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n        \n        # Shuffle to randomize positions\n        secrets.SystemRandom().shuffle(password)\n        \n        return ''.join(password)\n    \n    def validate_password(self, password):\n        \"\"\"Validate password strength.\"\"\"\n        if len(password) < 8:\n            return False, \"Password must be at least 8 characters\"\n        \n        if not re.search(r'[a-z]', password):\n            return False, \"Password must contain lowercase letters\"\n        \n        if not re.search(r'[A-Z]', password):\n            return False, \"Password must contain uppercase letters\"\n        \n        if not re.search(r'\\d', password):\n            return False, \"Password must contain digits\"\n        \n        if not re.search(r'[!@#$%^&*]', password):\n            return False, \"Password must contain special characters\"\n        \n        return True, \"Password is strong\"\n\ndef create_user(username, email):\n    \"\"\"Create user with secure password.\"\"\"\n    # Validate inputs\n    if not username or not email:\n        raise ValueError(\"Username and email required\")\n    \n    if len(username) < 3:\n        raise ValueError(\"Username must be at least 3 characters\")\n    \n    # Generate secure password\n    generator = PasswordGenerator()\n    password = generator.generate_password()\n    \n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password  # In real app, hash this immediately\n    }\n    \n    # NEVER log passwords!\n    print(f\"User created: {username}\")\n    return user_data\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n    \"\"\"Generate a random password.\"\"\"\n    chars = string.ascii_letters + string.digits\n    password = ''.join(random.choice(chars) for _ in range(length))\n    return password\n\ndef create_user(username, email):\n    \"\"\"Create a new user account.\"\"\"\n    password = generate_password()\n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password\n    }\n    # In real app, save to database\n    print(f\"User created: {username} with password: {password}\")\n    return user_data\n\nif __name__ == \"__main__\":\n    username = input(\"Enter username: \")\n    email = input(\"Enter email: \")\n    user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n    def __init__(self):\n        self.lowercase = string.ascii_lowercase\n        self.uppercase = string.ascii_uppercase\n        self.digits = string.digits\n        self.special = \"!@#$%^&*\"\n        self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n    \n    def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n        \"\"\"Generate cryptographically secure password.\"\"\"\n        if length < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        \n        password = []\n        \n        # Ensure minimum requirements\n        password.extend(secrets.choice(self.special) for _ in range(min_special))\n        password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n        password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n        password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n        \n        # Fill remaining length\n        remaining = length - len(password)\n        password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n        \n        # Shuffle to randomize positions\n        secrets.SystemRandom().shuffle(password)\n        \n        return ''.join(password)\n    \n    def validate_password(self, password):\n        \"\"\"Validate password strength.\"\"\"\n        if len(password) < 8:\n            return False, \"Password must be at least 8 characters\"\n        \n        if not re.search(r'[a-z]', password):\n            return False, \"Password must contain lowercase letters\"\n        \n        if not re.search(r'[A-Z]', password):\n            return False, \"Password must contain uppercase letters\"\n        \n        if not re.search(r'\\d', password):\n            return False, \"Password must contain digits\"\n        \n        if not re.search(r'[!@#$%^&*]', password):\n            return False, \"Password must contain special characters\"\n        \n        return True, \"Password is strong\"\n\ndef create_user(username, email):\n    \"\"\"Create user with secure password.\"\"\"\n    # Validate inputs\n    if not username or not email:\n        raise ValueError(\"Username and email required\")\n    \n    if len(username) < 3:\n        raise ValueError(\"Username must be at least 3 characters\")\n    \n    # Generate secure password\n    generator = PasswordGenerator()\n    password = generator.generate_password()\n    \n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password  # In real app, hash this immediately\n    }\n    \n    # NEVER log passwords!\n    print(f\"User created: {username}\")\n    return user_data\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n    \"\"\"Generate a random password.\"\"\"\n    chars = string.ascii_letters + string.digits\n    password = ''.join(random.choice(chars) for _ in range(length))\n    return password\n\ndef create_user(username, email):\n    \"\"\"Create a new user account.\"\"\"\n    password = generate_password()\n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password\n    }\n    # In real app, save to database\n    print(f\"User created: {username} with password: {password}\")\n    return user_data\n\nif __name__ == \"__main__\":\n    username = input(\"Enter username: \")\n    email = input(\"Enter email: \")\n    user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n    def __init__(self):\n        self.lowercase = string.ascii_lowercase\n        self.uppercase = string.ascii_uppercase\n        self.digits = string.digits\n        self.special = \"!@#$%^&*\"\n        self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n    \n    def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n        \"\"\"Generate cryptographically secure password.\"\"\"\n        if length < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        \n        password = []\n        \n        # Ensure minimum requirements\n        password.extend(secrets.choice(self.special) for _ in range(min_special))\n        password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n        password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n        password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n        \n        # Fill remaining length\n        remaining = length - len(password)\n        password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n        \n        # Shuffle to randomize positions\n        secrets.SystemRandom().shuffle(password)\n        \n        return ''.join(password)\n    \n    def validate_password(self, password):\n        \"\"\"Validate password strength.\"\"\"\n        if len(password) < 8:\n            return False, \"Password must be at least 8 characters\"\n        \n        if not re.search(r'[a-z]', password):\n            return False, \"Password must contain lowercase letters\"\n        \n        if not re.search(r'[A-Z]', password):\n            return False, \"Password must contain uppercase letters\"\n        \n        if not re.search(r'\\d', password):\n            return False, \"Password must contain digits\"\n        \n        if not re.search(r'[!@#$%^&*]', password):\n            return False, \"Password must contain special characters\"\n        \n        return True, \"Password is strong\"\n\ndef create_user(username, email):\n    \"\"\"Create user with secure password.\"\"\"\n    # Validate inputs\n    if not username or not email:\n        raise ValueError(\"Username and email required\")\n    \n    if len(username) < 3:\n        raise ValueError(\"Username must be at least 3 characters\")\n    \n    # Generate secure password\n    generator = PasswordGenerator()\n    password = generator.generate_password()\n    \n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password  # In real app, hash this immediately\n    }\n    \n    # NEVER log passwords!\n    print(f\"User created: {username}\")\n    return user_data\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n    \"\"\"Generate a random password.\"\"\"\n    chars = string.ascii_letters + string.digits\n    password = ''.join(random.choice(chars) for _ in range(length))\n    return password\n\ndef create_user(username, email):\n    \"\"\"Create a new user account.\"\"\"\n    password = generate_password()\n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password\n    }\n    # In real app, save to database\n    print(f\"User created: {username} with password: {password}\")\n    return user_data\n\nif __name__ == \"__main__\":\n    username = input(\"Enter username: \")\n    email = input(\"Enter email: \")\n    user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n    def __init__(self):\n        self.lowercase = string.ascii_lowercase\n        self.uppercase = string.ascii_uppercase\n        self.digits = string.digits\n        self.special = \"!@#$%^&*\"\n        self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n    \n    def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n        \"\"\"Generate cryptographically secure password.\"\"\"\n        if length < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        \n        password = []\n        \n        # Ensure minimum requirements\n        password.extend(secrets.choice(self.special) for _ in range(min_special))\n        password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n        password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n        password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n        \n        # Fill remaining length\n        remaining = length - len(password)\n        password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n        \n        # Shuffle to randomize positions\n        secrets.SystemRandom().shuffle(password)\n        \n        return ''.join(password)\n    \n    def validate_password(self, password):\n        \"\"\"Validate password strength.\"\"\"\n        if len(password) < 8:\n            return False, \"Password must be at least 8 characters\"\n        \n        if not re.search(r'[a-z]', password):\n            return False, \"Password must contain lowercase letters\"\n        \n        if not re.search(r'[A-Z]', password):\n            return False, \"Password must contain uppercase letters\"\n        \n        if not re.search(r'\\d', password):\n            return False, \"Password must contain digits\"\n        \n        if not re.search(r'[!@#$%^&*]', password):\n            return False, \"Password must contain special characters\"\n        \n        return True, \"Password is strong\"\n\ndef create_user(username, email):\n    \"\"\"Create user with secure password.\"\"\"\n    # Validate inputs\n    if not username or not email:\n        raise ValueError(\"Username and email required\")\n    \n    if len(username) < 3:\n        raise ValueError(\"Username must be at least 3 characters\")\n    \n    # Generate secure password\n    generator = PasswordGenerator()\n    password = generator.generate_password()\n    \n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password  # In real app, hash this immediately\n    }\n    \n    # NEVER log passwords!\n    print(f\"User created: {username}\")\n    return user_data\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n    \"\"\"Generate a random password.\"\"\"\n    chars = string.ascii_letters + string.digits\n    password = ''.join(random.choice(chars) for _ in range(length))\n    return password\n\ndef create_user(username, email):\n    \"\"\"Create a new user account.\"\"\"\n    password = generate_password()\n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password\n    }\n    # In real app, save to database\n    print(f\"User created: {username} with password: {password}\")\n    return user_data\n\nif __name__ == \"__main__\":\n    username = input(\"Enter username: \")\n    email = input(\"Enter email: \")\n    user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n    def __init__(self):\n        self.lowercase = string.ascii_lowercase\n        self.uppercase = string.ascii_uppercase\n        self.digits = string.digits\n        self.special = \"!@#$%^&*\"\n        self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n    \n    def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n        \"\"\"Generate cryptographically secure password.\"\"\"\n        if length < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        \n        password = []\n        \n        # Ensure minimum requirements\n        password.extend(secrets.choice(self.special) for _ in range(min_special))\n        password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n        password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n        password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n        \n        # Fill remaining length\n        remaining = length - len(password)\n        password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n        \n        # Shuffle to randomize positions\n        secrets.SystemRandom().shuffle(password)\n        \n        return ''.join(password)\n    \n    def validate_password(self, password):\n        \"\"\"Validate password strength.\"\"\"\n        if len(password) < 8:\n            return False, \"Password must be at least 8 characters\"\n        \n        if not re.search(r'[a-z]', password):\n            return False, \"Password must contain lowercase letters\"\n        \n        if not re.search(r'[A-Z]', password):\n            return False, \"Password must contain uppercase letters\"\n        \n        if not re.search(r'\\d', password):\n            return False, \"Password must contain digits\"\n        \n        if not re.search(r'[!@#$%^&*]', password):\n            return False, \"Password must contain special characters\"\n        \n        return True, \"Password is strong\"\n\ndef create_user(username, email):\n    \"\"\"Create user with secure password.\"\"\"\n    # Validate inputs\n    if not username or not email:\n        raise ValueError(\"Username and email required\")\n    \n    if len(username) < 3:\n        raise ValueError(\"Username must be at least 3 characters\")\n    \n    # Generate secure password\n    generator = PasswordGenerator()\n    password = generator.generate_password()\n    \n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password  # In real app, hash this immediately\n    }\n    \n    # NEVER log passwords!\n    print(f\"User created: {username}\")\n    return user_data\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n    \"\"\"Generate a random password.\"\"\"\n    chars = string.ascii_letters + string.digits\n    password = ''.join(random.choice(chars) for _ in range(length))\n    return password\n\ndef create_user(username, email):\n    \"\"\"Create a new user account.\"\"\"\n    password = generate_password()\n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password\n    }\n    # In real app, save to database\n    print(f\"User created: {username} with password: {password}\")\n    return user_data\n\nif __name__ == \"__main__\":\n    username = input(\"Enter username: \")\n    email = input(\"Enter email: \")\n    user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n    def __init__(self):\n        self.lowercase = string.ascii_lowercase\n        self.uppercase = string.ascii_uppercase\n        self.digits = string.digits\n        self.special = \"!@#$%^&*\"\n        self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n    \n    def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n        \"\"\"Generate cryptographically secure password.\"\"\"\n        if length < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        \n        password = []\n        \n        # Ensure minimum requirements\n        password.extend(secrets.choice(self.special) for _ in range(min_special))\n        password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n        password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n        password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n        \n        # Fill remaining length\n        remaining = length - len(password)\n        password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n        \n        # Shuffle to randomize positions\n        secrets.SystemRandom().shuffle(password)\n        \n        return ''.join(password)\n    \n    def validate_password(self, password):\n        \"\"\"Validate password strength.\"\"\"\n        if len(password) < 8:\n            return False, \"Password must be at least 8 characters\"\n        \n        if not re.search(r'[a-z]', password):\n            return False, \"Password must contain lowercase letters\"\n        \n        if not re.search(r'[A-Z]', password):\n            return False, \"Password must contain uppercase letters\"\n        \n        if not re.search(r'\\d', password):\n            return False, \"Password must contain digits\"\n        \n        if not re.search(r'[!@#$%^&*]', password):\n            return False, \"Password must contain special characters\"\n        \n        return True, \"Password is strong\"\n\ndef create_user(username, email):\n    \"\"\"Create user with secure password.\"\"\"\n    # Validate inputs\n    if not username or not email:\n        raise ValueError(\"Username and email required\")\n    \n    if len(username) < 3:\n        raise ValueError(\"Username must be at least 3 characters\")\n    \n    # Generate secure password\n    generator = PasswordGenerator()\n    password = generator.generate_password()\n    \n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password  # In real app, hash this immediately\n    }\n    \n    # NEVER log passwords!\n    print(f\"User created: {username}\")\n    return user_data\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n    \"\"\"Generate a random password.\"\"\"\n    chars = string.ascii_letters + string.digits\n    password = ''.join(random.choice(chars) for _ in range(length))\n    return password\n\ndef create_user(username, email):\n    \"\"\"Create a new user account.\"\"\"\n    password = generate_password()\n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password\n    }\n    # In real app, save to database\n    print(f\"User created: {username} with password: {password}\")\n    return user_data\n\nif __name__ == \"__main__\":\n    username = input(\"Enter username: \")\n    email = input(\"Enter email: \")\n    user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n    def __init__(self):\n        self.lowercase = string.ascii_lowercase\n        self.uppercase = string.ascii_uppercase\n        self.digits = string.digits\n        self.special = \"!@#$%^&*\"\n        self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n    \n    def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n        \"\"\"Generate cryptographically secure password.\"\"\"\n        if length < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        \n        password = []\n        \n        # Ensure minimum requirements\n        password.extend(secrets.choice(self.special) for _ in range(min_special))\n        password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n        password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n        password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n        \n        # Fill remaining length\n        remaining = length - len(password)\n        password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n        \n        # Shuffle to randomize positions\n        secrets.SystemRandom().shuffle(password)\n        \n        return ''.join(password)\n    \n    def validate_password(self, password):\n        \"\"\"Validate password strength.\"\"\"\n        if len(password) < 8:\n            return False, \"Password must be at least 8 characters\"\n        \n        if not re.search(r'[a-z]', password):\n            return False, \"Password must contain lowercase letters\"\n        \n        if not re.search(r'[A-Z]', password):\n            return False, \"Password must contain uppercase letters\"\n        \n        if not re.search(r'\\d', password):\n            return False, \"Password must contain digits\"\n        \n        if not re.search(r'[!@#$%^&*]', password):\n            return False, \"Password must contain special characters\"\n        \n        return True, \"Password is strong\"\n\ndef create_user(username, email):\n    \"\"\"Create user with secure password.\"\"\"\n    # Validate inputs\n    if not username or not email:\n        raise ValueError(\"Username and email required\")\n    \n    if len(username) < 3:\n        raise ValueError(\"Username must be at least 3 characters\")\n    \n    # Generate secure password\n    generator = PasswordGenerator()\n    password = generator.generate_password()\n    \n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password  # In real app, hash this immediately\n    }\n    \n    # NEVER log passwords!\n    print(f\"User created: {username}\")\n    return user_data\n```</s>"}
+{"text": "<s>[INST] Analyze this code for bugs, performance, and security issues. Give a quality score from 1-100 and provide a detailed analysis. \n\nCode:\n```import random\nimport string\n\ndef generate_password(length=8):\n    \"\"\"Generate a random password.\"\"\"\n    chars = string.ascii_letters + string.digits\n    password = ''.join(random.choice(chars) for _ in range(length))\n    return password\n\ndef create_user(username, email):\n    \"\"\"Create a new user account.\"\"\"\n    password = generate_password()\n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password\n    }\n    # In real app, save to database\n    print(f\"User created: {username} with password: {password}\")\n    return user_data\n\nif __name__ == \"__main__\":\n    username = input(\"Enter username: \")\n    email = input(\"Enter email: \")\n    user = create_user(username, email)``` [/INST] Quality Score: 25/100\n\nCRITICAL SECURITY VULNERABILITIES:\n- Weak password generation (no special characters, predictable)\n- Password printed to console (major security risk)\n- No password strength validation\n- No input validation\n\nBUGS:\n- No error handling\n- No validation of username/email format\n\nPERFORMANCE ISSUES:\n- Uses random.choice in loop (slow for long passwords)\n\nSECURITY CONCERNS:\n- Passwords logged to console\n- Weak entropy\n- No password policy enforcement\n\nIMPROVEMENTS:\n1. Use cryptographically secure random generation\n2. Implement proper password policies\n3. Never log passwords\n\nExample improved code:\n```python\nimport secrets\nimport string\nimport re\nfrom typing import Optional\n\nclass PasswordGenerator:\n    def __init__(self):\n        self.lowercase = string.ascii_lowercase\n        self.uppercase = string.ascii_uppercase\n        self.digits = string.digits\n        self.special = \"!@#$%^&*\"\n        self.all_chars = self.lowercase + self.uppercase + self.digits + self.special\n    \n    def generate_password(self, length=12, min_special=1, min_upper=1, min_lower=1, min_digits=1):\n        \"\"\"Generate cryptographically secure password.\"\"\"\n        if length < 8:\n            raise ValueError(\"Password must be at least 8 characters\")\n        \n        password = []\n        \n        # Ensure minimum requirements\n        password.extend(secrets.choice(self.special) for _ in range(min_special))\n        password.extend(secrets.choice(self.uppercase) for _ in range(min_upper))\n        password.extend(secrets.choice(self.lowercase) for _ in range(min_lower))\n        password.extend(secrets.choice(self.digits) for _ in range(min_digits))\n        \n        # Fill remaining length\n        remaining = length - len(password)\n        password.extend(secrets.choice(self.all_chars) for _ in range(remaining))\n        \n        # Shuffle to randomize positions\n        secrets.SystemRandom().shuffle(password)\n        \n        return ''.join(password)\n    \n    def validate_password(self, password):\n        \"\"\"Validate password strength.\"\"\"\n        if len(password) < 8:\n            return False, \"Password must be at least 8 characters\"\n        \n        if not re.search(r'[a-z]', password):\n            return False, \"Password must contain lowercase letters\"\n        \n        if not re.search(r'[A-Z]', password):\n            return False, \"Password must contain uppercase letters\"\n        \n        if not re.search(r'\\d', password):\n            return False, \"Password must contain digits\"\n        \n        if not re.search(r'[!@#$%^&*]', password):\n            return False, \"Password must contain special characters\"\n        \n        return True, \"Password is strong\"\n\ndef create_user(username, email):\n    \"\"\"Create user with secure password.\"\"\"\n    # Validate inputs\n    if not username or not email:\n        raise ValueError(\"Username and email required\")\n    \n    if len(username) < 3:\n        raise ValueError(\"Username must be at least 3 characters\")\n    \n    # Generate secure password\n    generator = PasswordGenerator()\n    password = generator.generate_password()\n    \n    user_data = {\n        'username': username,\n        'email': email,\n        'password': password  # In real app, hash this immediately\n    }\n    \n    # NEVER log passwords!\n    print(f\"User created: {username}\")\n    return user_data\n```</s>"}