The class Security has 14 public methods. Consider refactoring Security to keep number of public methods under 10. Open
class Security extends Component
{
/**
* @var string The cipher to use for encryption and decryption.
*/
- Read upRead up
- Exclude checks
TooManyPublicMethods
Since: 0.1
A class with too many public methods is probably a good suspect for refactoring, in order to reduce its complexity and find a way to have more fine grained objects.
By default it ignores methods starting with 'get' or 'set'.
Example
Source https://phpmd.org/rules/codesize.html#toomanypublicmethods
The class Security has an overall complexity of 85 which is very high. The configured complexity threshold is 50. Open
class Security extends Component
{
/**
* @var string The cipher to use for encryption and decryption.
*/
- Exclude checks
Function pbkdf2
has a Cognitive Complexity of 16 (exceeds 5 allowed). Consider refactoring. Open
public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
{
if (function_exists('hash_pbkdf2') && PHP_VERSION_ID >= 50500) {
$outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
if ($outputKey === false) {
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Function hkdf
has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring. Open
public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
{
if (function_exists('hash_hkdf')) {
$outputKey = hash_hkdf((string)$algo, (string)$inputKey, $length, (string)$info, (string)$salt);
if ($outputKey === false) {
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method hkdf
has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
Method pbkdf2
has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
Function decrypt
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
protected function decrypt($data, $passwordBased, $secret, $info)
{
if (!extension_loaded('openssl')) {
throw new InvalidConfigException('Encryption requires the OpenSSL PHP extension');
}
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
The method pbkdf2() has an NPath complexity of 7776. The configured NPath complexity threshold is 200. Open
public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
{
if (function_exists('hash_pbkdf2') && PHP_VERSION_ID >= 50500) {
$outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
if ($outputKey === false) {
- Read upRead up
- Exclude checks
NPathComplexity
Since: 0.1
The NPath complexity of a method is the number of acyclic execution paths through that method. A threshold of 200 is generally considered the point where measures should be taken to reduce complexity.
Example
class Foo {
function bar() {
// lots of complicated code
}
}
Source https://phpmd.org/rules/codesize.html#npathcomplexity
The method hkdf() has an NPath complexity of 1152. The configured NPath complexity threshold is 200. Open
public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
{
if (function_exists('hash_hkdf')) {
$outputKey = hash_hkdf((string)$algo, (string)$inputKey, $length, (string)$info, (string)$salt);
if ($outputKey === false) {
- Read upRead up
- Exclude checks
NPathComplexity
Since: 0.1
The NPath complexity of a method is the number of acyclic execution paths through that method. A threshold of 200 is generally considered the point where measures should be taken to reduce complexity.
Example
class Foo {
function bar() {
// lots of complicated code
}
}
Source https://phpmd.org/rules/codesize.html#npathcomplexity
The method hkdf() has a Cyclomatic Complexity of 13. The configured cyclomatic complexity threshold is 10. Open
public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
{
if (function_exists('hash_hkdf')) {
$outputKey = hash_hkdf((string)$algo, (string)$inputKey, $length, (string)$info, (string)$salt);
if ($outputKey === false) {
- Read upRead up
- Exclude checks
CyclomaticComplexity
Since: 0.1
Complexity is determined by the number of decision points in a method plus one for the method entry. The decision points are 'if', 'while', 'for', and 'case labels'. Generally, 1-4 is low complexity, 5-7 indicates moderate complexity, 8-10 is high complexity, and 11+ is very high complexity.
Example
// Cyclomatic Complexity = 11
class Foo {
1 public function example() {
2 if ($a == $b) {
3 if ($a1 == $b1) {
fiddle();
4 } elseif ($a2 == $b2) {
fiddle();
} else {
fiddle();
}
5 } elseif ($c == $d) {
6 while ($c == $d) {
fiddle();
}
7 } elseif ($e == $f) {
8 for ($n = 0; $n < $h; $n++) {
fiddle();
}
} else {
switch ($z) {
9 case 1:
fiddle();
break;
10 case 2:
fiddle();
break;
11 case 3:
fiddle();
break;
default:
fiddle();
break;
}
}
}
}
Source https://phpmd.org/rules/codesize.html#cyclomaticcomplexity
The method pbkdf2() has a Cyclomatic Complexity of 17. The configured cyclomatic complexity threshold is 10. Open
public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
{
if (function_exists('hash_pbkdf2') && PHP_VERSION_ID >= 50500) {
$outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
if ($outputKey === false) {
- Read upRead up
- Exclude checks
CyclomaticComplexity
Since: 0.1
Complexity is determined by the number of decision points in a method plus one for the method entry. The decision points are 'if', 'while', 'for', and 'case labels'. Generally, 1-4 is low complexity, 5-7 indicates moderate complexity, 8-10 is high complexity, and 11+ is very high complexity.
Example
// Cyclomatic Complexity = 11
class Foo {
1 public function example() {
2 if ($a == $b) {
3 if ($a1 == $b1) {
fiddle();
4 } elseif ($a2 == $b2) {
fiddle();
} else {
fiddle();
}
5 } elseif ($c == $d) {
6 while ($c == $d) {
fiddle();
}
7 } elseif ($e == $f) {
8 for ($n = 0; $n < $h; $n++) {
fiddle();
}
} else {
switch ($z) {
9 case 1:
fiddle();
break;
10 case 2:
fiddle();
break;
11 case 3:
fiddle();
break;
default:
fiddle();
break;
}
}
}
}
Source https://phpmd.org/rules/codesize.html#cyclomaticcomplexity
The method validateData has a boolean flag argument $rawHash, which is a certain sign of a Single Responsibility Principle violation. Open
public function validateData($data, $key, $rawHash = false)
- Read upRead up
- Exclude checks
BooleanArgumentFlag
Since: 1.4.0
A boolean flag argument is a reliable indicator for a violation of the Single Responsibility Principle (SRP). You can fix this problem by extracting the logic in the boolean flag into its own class or method.
Example
class Foo {
public function bar($flag = true) {
}
}
Source https://phpmd.org/rules/cleancode.html#booleanargumentflag
The method hashData has a boolean flag argument $rawHash, which is a certain sign of a Single Responsibility Principle violation. Open
public function hashData($data, $key, $rawHash = false)
- Read upRead up
- Exclude checks
BooleanArgumentFlag
Since: 1.4.0
A boolean flag argument is a reliable indicator for a violation of the Single Responsibility Principle (SRP). You can fix this problem by extracting the logic in the boolean flag into its own class or method.
Example
class Foo {
public function bar($flag = true) {
}
}
Source https://phpmd.org/rules/cleancode.html#booleanargumentflag
Remove error control operator '@' on line 368. Open
public function pbkdf2($algo, $password, $salt, $iterations, $length = 0)
{
if (function_exists('hash_pbkdf2') && PHP_VERSION_ID >= 50500) {
$outputKey = hash_pbkdf2($algo, $password, $salt, $iterations, $length, true);
if ($outputKey === false) {
- Read upRead up
- Exclude checks
ErrorControlOperator
Error suppression should be avoided if possible as it doesn't just suppress the error, that you are trying to stop, but will also suppress errors that you didn't predict would ever occur. Consider changing error_reporting() level and/or setting up your own error handler.
Example
function foo($filePath) {
$file = @fopen($filPath); // hides exceptions
$key = @$array[$notExistingKey]; // assigns null to $key
}
Source http://phpmd.org/rules/cleancode.html#errorcontroloperator
Missing class import via use statement (line '278', column '23'). Open
throw new \yii\base\Exception('OpenSSL failure on decryption: ' . openssl_error_string());
- Read upRead up
- Exclude checks
MissingImport
Since: 2.7.0
Importing all external classes in a file through use statements makes them clearly visible.
Example
function make() {
return new \stdClass();
}
Source http://phpmd.org/rules/cleancode.html#MissingImport
Remove error control operator '@' on line 310. Open
public function hkdf($algo, $inputKey, $salt = null, $info = null, $length = 0)
{
if (function_exists('hash_hkdf')) {
$outputKey = hash_hkdf((string)$algo, (string)$inputKey, $length, (string)$info, (string)$salt);
if ($outputKey === false) {
- Read upRead up
- Exclude checks
ErrorControlOperator
Error suppression should be avoided if possible as it doesn't just suppress the error, that you are trying to stop, but will also suppress errors that you didn't predict would ever occur. Consider changing error_reporting() level and/or setting up your own error handler.
Example
function foo($filePath) {
$file = @fopen($filPath); // hides exceptions
$key = @$array[$notExistingKey]; // assigns null to $key
}
Source http://phpmd.org/rules/cleancode.html#errorcontroloperator
Remove error control operator '@' on line 448. Open
public function validateData($data, $key, $rawHash = false)
{
$test = @hash_hmac($this->macHash, '', '', $rawHash);
if (!$test) {
throw new InvalidConfigException('Failed to generate HMAC with hash algorithm: ' . $this->macHash);
- Read upRead up
- Exclude checks
ErrorControlOperator
Error suppression should be avoided if possible as it doesn't just suppress the error, that you are trying to stop, but will also suppress errors that you didn't predict would ever occur. Consider changing error_reporting() level and/or setting up your own error handler.
Example
function foo($filePath) {
$file = @fopen($filPath); // hides exceptions
$key = @$array[$notExistingKey]; // assigns null to $key
}
Source http://phpmd.org/rules/cleancode.html#errorcontroloperator
Missing class import via use statement (line '221', column '23'). Open
throw new \yii\base\Exception('OpenSSL failure on encryption: ' . openssl_error_string());
- Read upRead up
- Exclude checks
MissingImport
Since: 2.7.0
Importing all external classes in a file through use statements makes them clearly visible.
Example
function make() {
return new \stdClass();
}