QP07 Clean Code Principles Practices
What this means
SiteShadow flagged signals that basic "clean code" principles may be ignored (unclear naming, tangled responsibilities, hidden side effects). This tends to increase the likelihood of security bugs.
Why it matters
Ignoring basic principles increases defects and hidden security risk.
- Harder to reason about security boundaries (where validation/auth happens).
- More bugs survive code review because intent is unclear.
- Refactors become risky, so vulnerabilities linger longer.
Safer examples
1) Keep security boundaries explicit
Validate at the boundary, authorize at the point of use, and keep those concerns visible.
2) Prefer small functions with clear names
Make it obvious what a function expects and guarantees.
3) Avoid hidden side effects
Side effects make it easy to accidentally bypass checks.
How SiteShadow detects it (high level)
- Uses structural heuristics (complexity, file size, duplication) as maintainability risk indicators.
- Flags patterns that correlate with hidden security problems (tangled responsibilities, exception swallowing).
References
- OWASP Top 10: https://owasp.org/Top10/
---