QP12 Long Functions
What this means
SiteShadow flagged functions that are very long. Long functions tend to mix responsibilities (validation, auth, data access, business logic), which makes security reviews and safe refactoring harder.
Why it matters
Long functions are harder to understand, review, and secure.
- Security checks get skipped in one branch because the function is too complex.
- Test gaps increase and edge cases slip through.
- Bug fixes regress because changes have unexpected side effects.
Safer examples
1) Split into focused helpers
Separate parsing/validation, authorization, data access, and business rules.
2) Add guard clauses for security checks
Fail early and consistently when auth/validation fails.
3) Add tests around the boundary
Before refactoring, add tests for authz and key behaviors so refactors don't introduce bypasses.
How SiteShadow detects it (high level)
- Uses structural heuristics (function length/complexity) to flag "hard to audit" code.
- Prioritizes long functions in request handlers, auth, and data access paths.
References
- Clean Code: https://www.oreilly.com/library/view/clean-code/9780136083238/
---