My B.Tech Final Year Project β built from scratch over 6 months π
"I was tired of submitting code and not knowing WHY it was bad. So I built something that actually explains it."
π Quick Start β’ β¨ Features β’ πΈ Screenshots β’ ποΈ How it Works β’ π€ Contributing
So basically in my 3rd year I kept getting feedback like "your code quality is bad" from professors but nobody ever told me what exactly was wrong or how to fix it. That's when I decided to make CodeSense for my final year project.
It analyzes your Python, Java, or C++ code and gives you:
- A proper score (not just vibes)
- Exactly what's wrong and on which line
- How to fix it
- Which algorithms you used and their complexity
- Security vulnerabilities you didn't even know you had
I spent way too many nights on this. Hope it helps someone π
|
Trained an ensemble model (Random Forest + Gradient Boosting) on 10,000 code samples. The score actually comes from the model β not some random formula I made up. RΒ² β₯ 0.90 on test set. |
Detects 40+ algorithms (bubble sort to Dijkstra's) and tells you the Big-O complexity. Honestly this part was the most fun to build. |
|
50+ vulnerability patterns. Finds SQL injection, hardcoded passwords, weak hashing and more. Saved me from some embarrassing code lol. |
Doesn't just point out problems β gives you resources, LeetCode problems, and step-by-step improvement tips based on YOUR specific issues. |
|
Shows you the before/after for safe fixes. Doesn't just say "this is bad" β actually shows what good looks like. |
Tracks your scores over time so you can actually see yourself improving. Made this because I wanted to see if I was getting better. |
git clone https://github.com/asarthak2003/CodeSense-AI-Based-Code-Quality-Analyzer
cd CodeSense-AI-Based-Code-Quality-Analyzer# Windows
python -m venv venv
venv\Scripts\activate
# Mac/Linux
python3 -m venv venv
source venv/bin/activatepip install -r requirements.txt
β οΈ This installs scikit-learn, streamlit, plotly, bcrypt etc. Might take 2-3 mins on slow internet.
cp .env.example .envOpen .env and change the SECRET_KEY to anything random (min 32 chars).
python train_model.py --samples 10000This runs once and saves the model to models/. Takes about 30-60 seconds. You'll see output like:
Generating 10000 training samples...
Running 10-fold cross-validation...
CV RΒ²: 0.923 Β± 0.008 β
PASSED
Model saved to models/codesense_model.pkl
streamlit run app.pyGo to http://localhost:8501 β create an account and start analyzing!
I know most project READMEs skip this part but I think it's actually interesting so here's a quick breakdown:
Your Code
β
ββββΊ Syntax Analyzer (AST + tokenizer, finds parse errors)
ββββΊ Semantic Analyzer (unused vars, dead code, mutable defaults)
ββββΊ Static Analyzer (security patterns, complexity, style)
ββββΊ DSA Detector (pattern matching for 40+ algorithms)
ββββΊ Context Engine (is this a test file? web app? algorithm?)
β
βΌ
Feature Extractor
(converts everything into 33 numbers the ML model understands)
β
βΌ
ML Model (RandomForest + GradientBoosting ensemble)
β
βΌ
Quality Score (0-100) + Grade + Confidence
β
βΌ
Feedback Engine (generates human-readable explanation)
The score comes ENTIRELY from the ML model. I spent a long time making sure there are no hardcoded rules that override it.
The ML model uses 33 features I engineered from the static analysis:
| Category | Features | Examples |
|---|---|---|
| Basic Metrics | 8 | Lines of code, comment ratio, blank lines |
| Complexity | 6 | Cyclomatic complexity, nesting depth, function length |
| Style | 5 | Naming consistency, magic numbers, long lines |
| Security | 4 | Issue count, critical count, severity score |
| DSA | 3 | Algorithm complexity score, count, DS count |
| Contextual | 7 | Code duplication, exception coverage, technical debt |
CodeSense/
β
βββ π± app.py β Main Streamlit app (all the pages)
βββ π analyzer.py β Static analysis engine
βββ π§ dsa_detector.py β Algorithm + data structure detection
βββ π features.py β Feature engineering (33 features)
βββ π€ train_model.py β ML model training + inference
βββ π¬ student_feedback.py β Feedback generation
βββ β οΈ syntax_analyzer.py β Syntax error detection
βββ π¬ semantic_analyzer.py β Semantic issue detection
βββ π context_engine.py β Code context understanding
βββ π§ code_fixer.py β Auto-fix suggestions
βββ π¨ ui_components.py β Reusable UI components
β
βββ ποΈ db.py β SQLite database (WAL mode)
βββ π auth.py β Auth (bcrypt + OTP + sessions)
βββ β‘ cache.py β Two-tier LRU + disk cache
βββ β
validators.py β Input validation
βββ π οΈ utils.py β GitHub fetch, exports, timing
βββ π logger.py β Structured logging
βββ βοΈ config.py β Config management
βββ π constants.py β All constants in one place
β
βββ π models/ β Saved ML model files
βββ π tests/ β Test suite (50+ tests)
βββ π logs/ β App logs
βββ π cache/ β Disk cache files
β
βββ π requirements.txt
βββ π .env.example
This was my main challenge β making a model that actually gives meaningful scores
- Algorithm: Voting ensemble (RandomForest 55% + GradientBoosting 45%)
- Training data: 10,000 synthetic code samples with realistic score distributions
- Validation: 10-fold cross-validation (not just train/test split)
- Target RΒ²: β₯ 0.90 (retrains if it doesn't hit this)
- Contextual adjustment: Max Β±5 points from context engine (test files, algorithm-heavy code etc.)
I initially tried just using cyclomatic complexity as the score (lol) but that was terrible. The ML approach captures way more nuance.
Both in the app AND in what it detects:
App security:
- bcrypt password hashing (12 rounds)
- OTP email verification
- Brute force lockout (5 attempts β 30 min lock)
- Parameterized SQL queries (no injection)
- Session tokens (48-byte cryptographically secure)
Code security detection:
- SQL injection, command injection, XSS
- Hardcoded passwords, API keys, tokens
- Weak crypto (MD5, SHA1, insecure random)
- Unsafe deserialization (pickle, yaml.load)
- Buffer overflows in C++ (gets, strcpy, sprintf)
- And 40+ more patterns
# Run all tests
python tests/test_suite_enhanced.py
# Or with pytest for better output
pip install pytest pytest-cov
pytest tests/ -v --tb=short --cov=. --cov-report=term-missingTests cover all major modules β syntax analysis, ML model, database, auth, cache, DSA detection etc.
Then go to http://localhost:8501
| What | Why I chose it |
|---|---|
| Streamlit | Fastest way to build a Python web UI. Perfect for data science projects. |
| scikit-learn | Industry standard ML library. The ensemble models are solid. |
| SQLite | No external database server needed. WAL mode handles concurrent reads fine. |
| bcrypt | Proper password hashing. None of that MD5 nonsense. |
| Plotly | Interactive charts that actually look good in dark mode. |
| Python AST | Built-in library for parsing Python code β no external parsers needed. |
This is my final year project so I'm not taking major contributions right now, but if you find bugs or have suggestions feel free to open an issue!
If you fork this for your own project, a star β would be really appreciated β it helps with the placement portfolio π
- Add support for JavaScript / TypeScript
- Fix occasional false positives in C++ template code detection
- Add side-by-side code diff view in the Fixes tab
- Mobile responsive layout (Streamlit has some limitations here)
- Export analysis as PDF
- Add more LeetCode problem suggestions
- My project guide for not giving up on me when I showed up with "I'll just use cyclomatic complexity as the score" in month 2
- Big-O Cheat Sheet β referenced constantly
- OWASP Top 10 β for the security patterns
- Streamlit docs β surprisingly good docs
- Stack Overflow β obviously
Made with way too much coffee β and late nights π
Shivam Jaiswal β B.Tech CSE, Final Year Sarthak Agrawal β B.Tech CSE, Final Year Yash Sharma β B.Tech CSE, Final Year Tanishq Kumarβ B.Tech CSE, Final Year
β Star this repo if it helped you! β