QP11 High Complexity
What this means
SiteShadow flagged functions/modules with very high branching or complexity. Complexity is a security risk multiplier: it makes it easier to miss edge cases and accidentally create bypasses.
Why it matters
Complex logic is harder to test and easier to bypass.
- Edge-case bypasses happen when one branch forgets validation or authorization.
- Test gaps grow as branches multiply.
- Refactors become dangerous, which slows security fixes.
Safer examples
1) Break complex functions into smaller units
Move parsing, validation, authorization, and business logic into separate functions.
2) Use guard clauses for security checks
Fail early (and consistently) when auth/validation fails.
3) Add targeted tests for tricky branches
Cover branches that handle auth decisions, money/state transitions, and input parsing.
How SiteShadow detects it (high level)
- Uses structural heuristics (branch count/complexity) to flag code that is difficult to reason about.
- Prioritizes complex code in request handling, auth, and data access paths.
References
- Cyclomatic Complexity: https://en.wikipedia.org/wiki/Cyclomatic_complexity
---