QP13 Large Classes
What this means
SiteShadow flagged very large classes that likely violate single-responsibility boundaries. In security-sensitive systems, large classes often hide privilege decisions, data access, and risky side effects.
Why it matters
Large classes are difficult to test and often hide security-sensitive behavior.
- Hidden authz decisions buried in large methods are easy to bypass.
- Inconsistent validation because inputs enter the class in many ways.
- Harder refactors mean vulnerabilities linger longer.
Safer examples
1) Split by responsibility
Separate "controller/service/repository" roles and keep security boundaries explicit.
2) Extract policy and validation into shared components
Centralize authorization checks and validation rather than sprinkling them across methods.
3) Add tests per responsibility
After splitting, test each component's contract (especially auth and data access).
How SiteShadow detects it (high level)
- Uses structural heuristics (class size/method count) to flag "hard to audit" hotspots.
- Prioritizes classes used in request handling, auth, and sensitive data flows.
References
- SOLID Principles: https://en.wikipedia.org/wiki/SOLID
---