yiisoft/yii2

View on GitHub
framework/base/Security.php

Summary

Maintainability
C
1 day
Test Coverage

Function generateRandomKey has a Cognitive Complexity of 39 (exceeds 5 allowed). Consider refactoring.
Open

    public function generateRandomKey($length = 32)
    {
        if (!is_int($length)) {
            throw new InvalidArgumentException('First parameter ($length) must be an integer');
        }
Severity: Minor
Found in framework/base/Security.php - About 5 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

The class Security has 15 public methods. Consider refactoring Security to keep number of public methods under 10.
Open

class Security extends Component
{
    /**
     * @var string The cipher to use for encryption and decryption.
     */
Severity: Minor
Found in framework/base/Security.php by phpmd

Since: PHPMD 0.1

A class with too many public methods is probably a good suspect for refactoring, in order to reduce its complexity and find a way to have more fine grained objects. By default it ignores methods starting with 'get' or 'set'.

Source: http://phpmd.org/rules/codesize.txt

The class Security has an overall complexity of 106 which is very high. The configured complexity threshold is 50.
Open

class Security extends Component
{
    /**
     * @var string The cipher to use for encryption and decryption.
     */
Severity: Minor
Found in framework/base/Security.php by phpmd

Since: PHPMD 0.2.5

The Weighted Method Count (WMC) of a class is a good indicator of how much time and effort is required to modify and maintain this class. The WMC metric is defined as the sum of complexities of all methods declared in a class. A large number of methods also means that this class has a greater potential impact on derived classes.

Example:

class Foo {
      public function bar() {
          if ($a == $b)  {
              if ($a1 == $b1) {
                  fiddle();
              } elseif ($a2 == $b2) {
                  fiddle();
              } else {
              }
          }
      }
      public function baz() {
          if ($a == $b) {
              if ($a1 == $b1) {
                  fiddle();
              } elseif ($a2 == $b2) {
                  fiddle();
              } else {
              }
          }
      }
      // Several other complex methods
  }

Source: http://phpmd.org/rules/codesize.txt

Function pbkdf2 has a Cognitive Complexity of 16 (exceeds 5 allowed). Consider refactoring.
Open

    public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
    {
        if (function_exists('hash_pbkdf2')) {
            $outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
            if ($outputKey === false) {
Severity: Minor
Found in framework/base/Security.php - About 2 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Function hkdf has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
Open

    public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
    {
        if (function_exists('hash_hkdf')) {
            $outputKey = hash_hkdf($algo, $inputKey, $length, $info, $salt);
            if ($outputKey === false) {
Severity: Minor
Found in framework/base/Security.php - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method hkdf has 5 arguments (exceeds 4 allowed). Consider refactoring.
Open

    public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
Severity: Minor
Found in framework/base/Security.php - About 35 mins to fix

    Method pbkdf2 has 5 arguments (exceeds 4 allowed). Consider refactoring.
    Open

        public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
    Severity: Minor
    Found in framework/base/Security.php - About 35 mins to fix

      Function decrypt has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
      Open

          protected function decrypt($data, $passwordBased, $secret, $info)
          {
              if (!extension_loaded('openssl')) {
                  throw new InvalidConfigException('Encryption requires the OpenSSL PHP extension');
              }
      Severity: Minor
      Found in framework/base/Security.php - About 25 mins to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      The method hkdf() has an NPath complexity of 1152. The configured NPath complexity threshold is 200.
      Open

          public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
          {
              if (function_exists('hash_hkdf')) {
                  $outputKey = hash_hkdf($algo, $inputKey, $length, $info, $salt);
                  if ($outputKey === false) {
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      Since: PHPMD 0.1

      The NPath complexity of a method is the number of acyclic execution paths through that method. A threshold of 200 is generally considered the point where measures should be taken to reduce complexity.

      Example:

      class Foo {
            function bar() {
                // lots of complicated code
            }
        }

      Source: http://phpmd.org/rules/codesize.txt

      The method generateRandomKey() has 101 lines of code. Current threshold is set to 100. Avoid really long methods.
      Open

          public function generateRandomKey($length = 32)
          {
              if (!is_int($length)) {
                  throw new InvalidArgumentException('First parameter ($length) must be an integer');
              }
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      The method generateRandomKey() has an NPath complexity of 74880. The configured NPath complexity threshold is 200.
      Open

          public function generateRandomKey($length = 32)
          {
              if (!is_int($length)) {
                  throw new InvalidArgumentException('First parameter ($length) must be an integer');
              }
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      Since: PHPMD 0.1

      The NPath complexity of a method is the number of acyclic execution paths through that method. A threshold of 200 is generally considered the point where measures should be taken to reduce complexity.

      Example:

      class Foo {
            function bar() {
                // lots of complicated code
            }
        }

      Source: http://phpmd.org/rules/codesize.txt

      The method pbkdf2() has an NPath complexity of 5832. The configured NPath complexity threshold is 200.
      Open

          public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
          {
              if (function_exists('hash_pbkdf2')) {
                  $outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
                  if ($outputKey === false) {
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      Since: PHPMD 0.1

      The NPath complexity of a method is the number of acyclic execution paths through that method. A threshold of 200 is generally considered the point where measures should be taken to reduce complexity.

      Example:

      class Foo {
            function bar() {
                // lots of complicated code
            }
        }

      Source: http://phpmd.org/rules/codesize.txt

      The method pbkdf2() has a Cyclomatic Complexity of 16. The configured cyclomatic complexity threshold is 10.
      Open

          public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
          {
              if (function_exists('hash_pbkdf2')) {
                  $outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
                  if ($outputKey === false) {
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      Since: PHPMD 0.1

      Complexity is determined by the number of decision points in a method plus one for the method entry. The decision points are 'if', 'while', 'for', and 'case labels'. Generally, 1-4 is low complexity, 5-7 indicates moderate complexity, 8-10 is high complexity, and 11+ is very high complexity.

      Example:

      // Cyclomatic Complexity = 11
        class Foo {
        1   public function example() {
        2       if ($a == $b) {
        3           if ($a1 == $b1) {
                        fiddle();
        4           } elseif ($a2 == $b2) {
                        fiddle();
                    } else {
                        fiddle();
                    }
        5       } elseif ($c == $d) {
        6           while ($c == $d) {
                        fiddle();
                    }
        7        } elseif ($e == $f) {
        8           for ($n = 0; $n < $h; $n++) {
                        fiddle();
                    }
                } else {
                    switch ($z) {
        9               case 1:
                            fiddle();
                            break;
        10              case 2:
                            fiddle();
                            break;
        11              case 3:
                            fiddle();
                            break;
                        default:
                            fiddle();
                            break;
                    }
                }
            }
        }

      Source: http://phpmd.org/rules/codesize.txt

      The method hkdf() has a Cyclomatic Complexity of 13. The configured cyclomatic complexity threshold is 10.
      Open

          public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
          {
              if (function_exists('hash_hkdf')) {
                  $outputKey = hash_hkdf($algo, $inputKey, $length, $info, $salt);
                  if ($outputKey === false) {
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      Since: PHPMD 0.1

      Complexity is determined by the number of decision points in a method plus one for the method entry. The decision points are 'if', 'while', 'for', and 'case labels'. Generally, 1-4 is low complexity, 5-7 indicates moderate complexity, 8-10 is high complexity, and 11+ is very high complexity.

      Example:

      // Cyclomatic Complexity = 11
        class Foo {
        1   public function example() {
        2       if ($a == $b) {
        3           if ($a1 == $b1) {
                        fiddle();
        4           } elseif ($a2 == $b2) {
                        fiddle();
                    } else {
                        fiddle();
                    }
        5       } elseif ($c == $d) {
        6           while ($c == $d) {
                        fiddle();
                    }
        7        } elseif ($e == $f) {
        8           for ($n = 0; $n < $h; $n++) {
                        fiddle();
                    }
                } else {
                    switch ($z) {
        9               case 1:
                            fiddle();
                            break;
        10              case 2:
                            fiddle();
                            break;
        11              case 3:
                            fiddle();
                            break;
                        default:
                            fiddle();
                            break;
                    }
                }
            }
        }

      Source: http://phpmd.org/rules/codesize.txt

      The method generateRandomKey() has a Cyclomatic Complexity of 29. The configured cyclomatic complexity threshold is 10.
      Open

          public function generateRandomKey($length = 32)
          {
              if (!is_int($length)) {
                  throw new InvalidArgumentException('First parameter ($length) must be an integer');
              }
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      Since: PHPMD 0.1

      Complexity is determined by the number of decision points in a method plus one for the method entry. The decision points are 'if', 'while', 'for', and 'case labels'. Generally, 1-4 is low complexity, 5-7 indicates moderate complexity, 8-10 is high complexity, and 11+ is very high complexity.

      Example:

      // Cyclomatic Complexity = 11
        class Foo {
        1   public function example() {
        2       if ($a == $b) {
        3           if ($a1 == $b1) {
                        fiddle();
        4           } elseif ($a2 == $b2) {
                        fiddle();
                    } else {
                        fiddle();
                    }
        5       } elseif ($c == $d) {
        6           while ($c == $d) {
                        fiddle();
                    }
        7        } elseif ($e == $f) {
        8           for ($n = 0; $n < $h; $n++) {
                        fiddle();
                    }
                } else {
                    switch ($z) {
        9               case 1:
                            fiddle();
                            break;
        10              case 2:
                            fiddle();
                            break;
        11              case 3:
                            fiddle();
                            break;
                        default:
                            fiddle();
                            break;
                    }
                }
            }
        }

      Source: http://phpmd.org/rules/codesize.txt

      The method hashData has a boolean flag argument $rawHash, which is a certain sign of a Single Responsibility Principle violation.
      Open

          public function hashData($data, $key, $rawHash = false)
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      Since: PHPMD 1.4.0

      A boolean flag argument is a reliable indicator for a violation of the Single Responsibility Principle (SRP). You can fix this problem by extracting the logic in the boolean flag into its own class or method.

      Example:

      class Foo {
            public function bar($flag = true) {
            }
        }

      Source: http://phpmd.org/rules/cleancode.txt

      The method validateData has a boolean flag argument $rawHash, which is a certain sign of a Single Responsibility Principle violation.
      Open

          public function validateData($data, $key, $rawHash = false)
      Severity: Minor
      Found in framework/base/Security.php by phpmd

      Since: PHPMD 1.4.0

      A boolean flag argument is a reliable indicator for a violation of the Single Responsibility Principle (SRP). You can fix this problem by extracting the logic in the boolean flag into its own class or method.

      Example:

      class Foo {
            public function bar($flag = true) {
            }
        }

      Source: http://phpmd.org/rules/cleancode.txt

      There are no issues that match your filters.

      Category
      Status