yiisoft/yii2

View on GitHub
framework/base/Security.php

Summary

Maintainability
B
5 hrs
Test Coverage

The class Security has an overall complexity of 85 which is very high. The configured complexity threshold is 50.
Open

class Security extends Component
{
    /**
     * @var string The cipher to use for encryption and decryption.
     */
Severity: Minor
Found in framework/base/Security.php by phpmd

The class Security has 14 public methods. Consider refactoring Security to keep number of public methods under 10.
Open

class Security extends Component
{
    /**
     * @var string The cipher to use for encryption and decryption.
     */
Severity: Minor
Found in framework/base/Security.php by phpmd

TooManyPublicMethods

Since: 0.1

A class with too many public methods is probably a good suspect for refactoring, in order to reduce its complexity and find a way to have more fine grained objects.

By default it ignores methods starting with 'get' or 'set'.

Example

Source https://phpmd.org/rules/codesize.html#toomanypublicmethods

Function pbkdf2 has a Cognitive Complexity of 16 (exceeds 5 allowed). Consider refactoring.
Open

    public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
    {
        if (function_exists('hash_pbkdf2') && PHP_VERSION_ID >= 50500) {
            $outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
            if ($outputKey === false) {
Severity: Minor
Found in framework/base/Security.php - About 2 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Function hkdf has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
Open

    public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
    {
        if (function_exists('hash_hkdf')) {
            $outputKey = hash_hkdf((string)$algo, (string)$inputKey, $length, (string)$info, (string)$salt);
            if ($outputKey === false) {
Severity: Minor
Found in framework/base/Security.php - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method hkdf has 5 arguments (exceeds 4 allowed). Consider refactoring.
Open

    public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
Severity: Minor
Found in framework/base/Security.php - About 35 mins to fix

    Method pbkdf2 has 5 arguments (exceeds 4 allowed). Consider refactoring.
    Open

        public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
    Severity: Minor
    Found in framework/base/Security.php - About 35 mins to fix

      Function decrypt has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
      Open

          protected function decrypt($data, $passwordBased, $secret, $info)
          {
              if (!extension_loaded('openssl')) {
                  throw new InvalidConfigException('Encryption requires the OpenSSL PHP extension');
              }
      Severity: Minor
      Found in framework/base/Security.php - About 25 mins to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      The method pbkdf2() has an NPath complexity of 7776. The configured NPath complexity threshold is 200.
      Open

          public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
          {
              if (function_exists('hash_pbkdf2') && PHP_VERSION_ID >= 50500) {
                  $outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
                  if ($outputKey === false) {
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      NPathComplexity

      Since: 0.1

      The NPath complexity of a method is the number of acyclic execution paths through that method. A threshold of 200 is generally considered the point where measures should be taken to reduce complexity.

      Example

      class Foo {
          function bar() {
              // lots of complicated code
          }
      }

      Source https://phpmd.org/rules/codesize.html#npathcomplexity

      The method hkdf() has an NPath complexity of 1152. The configured NPath complexity threshold is 200.
      Open

          public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
          {
              if (function_exists('hash_hkdf')) {
                  $outputKey = hash_hkdf((string)$algo, (string)$inputKey, $length, (string)$info, (string)$salt);
                  if ($outputKey === false) {
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      NPathComplexity

      Since: 0.1

      The NPath complexity of a method is the number of acyclic execution paths through that method. A threshold of 200 is generally considered the point where measures should be taken to reduce complexity.

      Example

      class Foo {
          function bar() {
              // lots of complicated code
          }
      }

      Source https://phpmd.org/rules/codesize.html#npathcomplexity

      The method hkdf() has a Cyclomatic Complexity of 13. The configured cyclomatic complexity threshold is 10.
      Open

          public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
          {
              if (function_exists('hash_hkdf')) {
                  $outputKey = hash_hkdf((string)$algo, (string)$inputKey, $length, (string)$info, (string)$salt);
                  if ($outputKey === false) {
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      CyclomaticComplexity

      Since: 0.1

      Complexity is determined by the number of decision points in a method plus one for the method entry. The decision points are 'if', 'while', 'for', and 'case labels'. Generally, 1-4 is low complexity, 5-7 indicates moderate complexity, 8-10 is high complexity, and 11+ is very high complexity.

      Example

      // Cyclomatic Complexity = 11
      class Foo {
      1   public function example() {
      2       if ($a == $b) {
      3           if ($a1 == $b1) {
                      fiddle();
      4           } elseif ($a2 == $b2) {
                      fiddle();
                  } else {
                      fiddle();
                  }
      5       } elseif ($c == $d) {
      6           while ($c == $d) {
                      fiddle();
                  }
      7        } elseif ($e == $f) {
      8           for ($n = 0; $n < $h; $n++) {
                      fiddle();
                  }
              } else {
                  switch ($z) {
      9               case 1:
                          fiddle();
                          break;
      10              case 2:
                          fiddle();
                          break;
      11              case 3:
                          fiddle();
                          break;
                      default:
                          fiddle();
                          break;
                  }
              }
          }
      }

      Source https://phpmd.org/rules/codesize.html#cyclomaticcomplexity

      The method pbkdf2() has a Cyclomatic Complexity of 17. The configured cyclomatic complexity threshold is 10.
      Open

          public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
          {
              if (function_exists('hash_pbkdf2') && PHP_VERSION_ID >= 50500) {
                  $outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
                  if ($outputKey === false) {
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      CyclomaticComplexity

      Since: 0.1

      Complexity is determined by the number of decision points in a method plus one for the method entry. The decision points are 'if', 'while', 'for', and 'case labels'. Generally, 1-4 is low complexity, 5-7 indicates moderate complexity, 8-10 is high complexity, and 11+ is very high complexity.

      Example

      // Cyclomatic Complexity = 11
      class Foo {
      1   public function example() {
      2       if ($a == $b) {
      3           if ($a1 == $b1) {
                      fiddle();
      4           } elseif ($a2 == $b2) {
                      fiddle();
                  } else {
                      fiddle();
                  }
      5       } elseif ($c == $d) {
      6           while ($c == $d) {
                      fiddle();
                  }
      7        } elseif ($e == $f) {
      8           for ($n = 0; $n < $h; $n++) {
                      fiddle();
                  }
              } else {
                  switch ($z) {
      9               case 1:
                          fiddle();
                          break;
      10              case 2:
                          fiddle();
                          break;
      11              case 3:
                          fiddle();
                          break;
                      default:
                          fiddle();
                          break;
                  }
              }
          }
      }

      Source https://phpmd.org/rules/codesize.html#cyclomaticcomplexity

      The method hashData has a boolean flag argument $rawHash, which is a certain sign of a Single Responsibility Principle violation.
      Open

          public function hashData($data, $key, $rawHash = false)
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      BooleanArgumentFlag

      Since: 1.4.0

      A boolean flag argument is a reliable indicator for a violation of the Single Responsibility Principle (SRP). You can fix this problem by extracting the logic in the boolean flag into its own class or method.

      Example

      class Foo {
          public function bar($flag = true) {
          }
      }

      Source https://phpmd.org/rules/cleancode.html#booleanargumentflag

      Remove error control operator '@' on line 447.
      Open

          public function validateData($data, $key, $rawHash = false)
          {
              $test = @hash_hmac($this->macHash, '', '', $rawHash);
              if (!$test) {
                  throw new InvalidConfigException('Failed to generate HMAC with hash algorithm: ' . $this->macHash);
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      ErrorControlOperator

      Error suppression should be avoided if possible as it doesn't just suppress the error, that you are trying to stop, but will also suppress errors that you didn't predict would ever occur. Consider changing error_reporting() level and/or setting up your own error handler.

      Example

      function foo($filePath) {
          $file = @fopen($filPath); // hides exceptions
          $key = @$array[$notExistingKey]; // assigns null to $key
      }

      Source http://phpmd.org/rules/cleancode.html#errorcontroloperator

      The method validateData has a boolean flag argument $rawHash, which is a certain sign of a Single Responsibility Principle violation.
      Open

          public function validateData($data, $key, $rawHash = false)
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      BooleanArgumentFlag

      Since: 1.4.0

      A boolean flag argument is a reliable indicator for a violation of the Single Responsibility Principle (SRP). You can fix this problem by extracting the logic in the boolean flag into its own class or method.

      Example

      class Foo {
          public function bar($flag = true) {
          }
      }

      Source https://phpmd.org/rules/cleancode.html#booleanargumentflag

      Remove error control operator '@' on line 367.
      Open

          public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
          {
              if (function_exists('hash_pbkdf2') && PHP_VERSION_ID >= 50500) {
                  $outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
                  if ($outputKey === false) {
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      ErrorControlOperator

      Error suppression should be avoided if possible as it doesn't just suppress the error, that you are trying to stop, but will also suppress errors that you didn't predict would ever occur. Consider changing error_reporting() level and/or setting up your own error handler.

      Example

      function foo($filePath) {
          $file = @fopen($filPath); // hides exceptions
          $key = @$array[$notExistingKey]; // assigns null to $key
      }

      Source http://phpmd.org/rules/cleancode.html#errorcontroloperator

      Remove error control operator '@' on line 309.
      Open

          public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
          {
              if (function_exists('hash_hkdf')) {
                  $outputKey = hash_hkdf((string)$algo, (string)$inputKey, $length, (string)$info, (string)$salt);
                  if ($outputKey === false) {
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      ErrorControlOperator

      Error suppression should be avoided if possible as it doesn't just suppress the error, that you are trying to stop, but will also suppress errors that you didn't predict would ever occur. Consider changing error_reporting() level and/or setting up your own error handler.

      Example

      function foo($filePath) {
          $file = @fopen($filPath); // hides exceptions
          $key = @$array[$notExistingKey]; // assigns null to $key
      }

      Source http://phpmd.org/rules/cleancode.html#errorcontroloperator

      Missing class import via use statement (line '220', column '23').
      Open

                  throw new \yii\base\Exception('OpenSSL failure on encryption: ' . openssl_error_string());
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      MissingImport

      Since: 2.7.0

      Importing all external classes in a file through use statements makes them clearly visible.

      Example

      function make() {
          return new \stdClass();
      }

      Source http://phpmd.org/rules/cleancode.html#MissingImport

      Missing class import via use statement (line '277', column '23').
      Open

                  throw new \yii\base\Exception('OpenSSL failure on decryption: ' . openssl_error_string());
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      MissingImport

      Since: 2.7.0

      Importing all external classes in a file through use statements makes them clearly visible.

      Example

      function make() {
          return new \stdClass();
      }

      Source http://phpmd.org/rules/cleancode.html#MissingImport

      There are no issues that match your filters.

      Category
      Status