Search

CN-122019338-A - Multi-factor code quality checking method and checking system

CN122019338ACN 122019338 ACN122019338 ACN 122019338ACN-122019338-A

Abstract

The invention discloses a multi-factor checking method and a checking system for code quality, which belong to the technical field of electric digital data processing, wherein the method comprises the following steps of obtaining a first code, code detection requirement description and a knowledge base; the method comprises the steps of obtaining a plurality of agents, detecting different factors of the agents, matching corresponding agents according to code detection demand description, checking corresponding demand description, a knowledge base and a first code through the agents to obtain a review result, fusing the multiple reviews to obtain a fusion result, and generating a check conclusion. The method comprises the steps of utilizing a plurality of agents to check a plurality of detection factors on a first code, checking the first code by the agents on the condition of being good, fully utilizing the advantages of the agents, fusing the checking results of the agents to form a checking conclusion, and improving the checking efficiency and the checking effect.

Inventors

  • HUANG WENXIONG
  • FANG JIAWEI
  • LI LIU
  • TAO CHUNLONG
  • CHEN TING
  • WANG AOYU

Assignees

  • 杭州谐云科技有限公司

Dates

Publication Date
20260512
Application Date
20260203

Claims (10)

  1. 1. A multi-factor checking method of code quality, comprising the steps of: Acquiring a first code, a code detection requirement description and a knowledge base; obtaining a plurality of intelligent agents, wherein the detection factors of the plurality of intelligent agents are different; According to the code detection requirement description, matching the intelligent agent of the corresponding detection factor; checking the corresponding requirement description, the knowledge base and the first code by the intelligent agent to obtain a review result; Fusing the multiple reviews to obtain a fusion result, and generating an inspection conclusion; The agent is selected from the group consisting of functional agents, logic correctness and brevity agents, robustness agents, security agents, observability agents, interface agents, and performance and resource utilization agents.
  2. 2. The multi-factor inspection method of claim 1, wherein, An agent that detects a factor is used to check for one or more detection needs.
  3. 3. The multi-factor inspection method of claim 1, wherein the first code preprocessing method comprises: vectorizing a first code to obtain a first vector; removing the noise codes of the first vector to obtain effective codes; Obtaining a dependent file of the first code; and reducing the original text of the dependent file to obtain the effective dependent file.
  4. 4. The multi-factor inspection method of claim 3 wherein the removed noise code is selected from the group consisting of code that only imports semantics, code that only describes class fields and method renames, format code, log adjustment code, and add annotation code; the method for reducing the text of the dependent file comprises the following steps: filtering the dependency files developed by the enterprise per se through enterprise domain name rules; judging whether the number of lines of the dependent file exceeds a first threshold value or not; if yes, obtaining a calling function of the first code; Matching the calling function from the dependent file to obtain a dependent function; and deleting part or all of the functions which are not matched in the dependent file.
  5. 5. The multi-factor inspection method of claim 1, further comprising the method of first code packet inspection: obtaining at least one first file of a first code; screening the changed second file from the first file compared with the previous check; screening a third file related to the business logic change from the second file; removing noise codes from the third file to obtain an effective file; grouping the effective files according to a second threshold value to obtain a file group; and checking the file group sequentially through the intelligent agent.
  6. 6. The multi-factor inspection method of claim 1, wherein the method of inspecting the first code comprises: Respectively evaluating the context information, the detection requirement and the test case of the first code through a plurality of agents to obtain a plurality of requirement evaluation results; Combining a plurality of requirement review results to obtain a requirement fusion result; Respectively evaluating the first codes through a plurality of intelligent agents to obtain a plurality of code evaluating results; combining the plurality of code review results to obtain a code fusion result; And finishing the requirement fusion result and the code fusion result through the large model to obtain a final review report.
  7. 7. The multi-factor inspection method of claim 1, wherein the method of review result fusion comprises: Vectorizing the plurality of review results to obtain a second vector; calculating vectorization distance between the two second vectors to obtain vectorization matrix; Obtaining vector pairs with vector distances smaller than a third threshold value in the vectorization matrix; obtaining the number of times that the second vector of the review result appears in the vector pair; Calculating a similarity weighted value of the review result according to the times; if the similarity weighted value is larger than a fourth threshold value, the evaluation result is included in the evaluation report; and if the similarity weighted value is smaller than or equal to the fourth threshold value, fusing the review results through the large model to obtain a fused result, and incorporating the fused result into the review report.
  8. 8. The multi-factor inspection method according to claim 7, wherein the calculation formula of the similarity weighting value is: score=x*(100/n); where x is the number of occurrences of the review result in the vector pair and n is the number of review results.
  9. 9. The multi-factor inspection method according to claim 1, 6 or 7, wherein the method of review report generation includes: step 501, judging whether a problem exists in the review result; if not, executing step 502 to generate a review passing report; if so, executing step 503 to generate a review report of the problem, and executing step 504; step 504, generating optimization suggestions and code examples for the problems, and labeling knowledge base reference indexes; step 505, grading the questions to obtain question grades; Step 506, judging whether the problem level is a high-risk level; if yes, executing step 507, generating a review failed report; If not, step 502 is performed.
  10. 10. An inspection system for implementing the multi-factor inspection method of any of claims 1-9, the inspection system comprising an acquisition module, an inspection module, and a fusion module; The acquisition module is used for acquiring a first code, a code detection requirement description and a knowledge base; The inspection module is used for matching the intelligent agent of the corresponding detection factors according to the code detection demand description, and inspecting the corresponding demand description, the knowledge base and the first code through the intelligent agent to obtain a review result; The fusion module is used for fusing the multiple reviews to obtain a fusion result, and obtaining an inspection conclusion according to the fusion result.

Description

Multi-factor code quality checking method and checking system Technical Field The invention relates to the technical field of electric digital data processing, in particular to a multi-factor checking method and a multi-factor checking system for code quality. Background As the complexity and scale of software development continues to increase, code quality and security issues become increasingly prominent. Modern software projects typically involve multiple programming languages and complex library dependencies, and various potential vulnerabilities and quality problems are easily introduced during development. Code inspection and review are important links to ensure the quality of software products. Traditionally, code review relies on manual code review to identify logical defects and potential design problems with the experience and expertise of the reviewer. However, with the acceleration of software iteration speed and the introduction of agile research and development modes, the limitation of manual review is increasingly prominent, the process is longer, the process is easy to become a flow bottleneck, meanwhile, the review effect is limited by the technical level and state of a reviewer, subjective deviation is easy to introduce, the problem is ignored, and in addition, the manual mode is difficult to systematically cover the repeated problem and the continuous inspection of potential risks. A method for automatically scanning code includes such steps as static scanning and evaluating the code according to rule, scanning the code once after it is submitted, lack of context correlation, and checking the correlation points of code quality. With the development of code review, code scanning and review with models or large models has become an important development direction. The large model can identify the code quality and carry out repair suggestion, so that the code scanning advantage of the large language model can be better exerted. The patent with the publication number of CN119961941A discloses a method and a device for constructing a 0DAY vulnerability detection model based on an AI large model, wherein a countermeasure sample is added into a vulnerability detection dataset, and the AI large model can learn more diversified vulnerability characteristics in the training process, but cannot fully utilize the advantages of multiple models. However, the trained large models are various, the tampering direction and the detection result of each large model are different, the selection of the large model is a difficulty in code quality inspection, and how to use the large model for full-scale and multi-factor inspection is an important development direction. Disclosure of Invention Aiming at the technical problems in the prior art, the invention provides a multi-factor code quality inspection method and system, which are used for performing code quality inspection in cooperation with various intelligent agents, so that the advantages of the intelligent agents are brought into play, and the code quality inspection efficiency is improved. The invention discloses a multi-factor checking method of code quality, which comprises the following steps of obtaining a first code, a code detection requirement description and a knowledge base, obtaining a plurality of agents, matching the agents with corresponding detection factors according to the code detection requirement description, checking the corresponding requirement description, the knowledge base and the first code through the agents to obtain a review result, fusing the multiple reviews to obtain a fusion result, and generating a check conclusion. Preferably, the agent is selected from the group consisting of functional agents, logic correctness and brevity agents, robustness agents, security agents, observability agents, interface agents, and performance and resource utilization agents; an agent that detects a factor is used to detect one or more detection needs. Preferably, the method for preprocessing the first code comprises the following steps: vectorizing a first code to obtain a first vector; removing the noise codes of the first vector to obtain effective codes; Obtaining a dependent file of the first code; and reducing the original text of the dependent file to obtain the effective dependent file. Preferably, the removed noise code is selected from the group consisting of code that only imports semantics, code that only describes class fields and method renames, format code, log adjustment code, and add annotation code; the method for reducing the text of the dependent file comprises the following steps: filtering the dependency files developed by the enterprise per se through enterprise domain name rules; judging whether the number of lines of the dependent file exceeds a first threshold value or not; if yes, obtaining a calling function of the first code; Matching the calling function from the dependent file to obtain a dependent function;