SiteShadow
Back to vulnerability library
Detected byEngineering-practice checks (QP)Pro

QP11 High Complexity

What this means

SiteShadow flagged functions/modules with very high branching or complexity. Complexity is a security risk multiplier: it makes it easier to miss edge cases and accidentally create bypasses.

Why it matters

Complex logic is harder to test and easier to bypass.

Safer examples

1) Break complex functions into smaller units

Move parsing, validation, authorization, and business logic into separate functions.

2) Use guard clauses for security checks

Fail early (and consistently) when auth/validation fails.

3) Add targeted tests for tricky branches

Cover branches that handle auth decisions, money/state transitions, and input parsing.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.