CWE-1043

Data Element Aggregating an Excessively Large Number of Non-Primitive Elements. [Bad-Coding-Practices, Complexity-Issues, Improper-Adherence-To-Coding-Standards]

Required inputs: IR

The product uses a data element that has an excessively large number of sub-elements with non-primitive data types such as structures or aggregated objects.

This issue can make the product perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.

While the interpretation of "excessively large" may vary for each product or developer, CISQ recommends a default of 5 sub-elements.

Excerpts from CWE [https://cwe.mitre.org], Copyright (C) 2006-2026, the MITRE Corporation. See section 9.4. "3rd-Party Licenses" in the documentation for full details.

Possible Messages

Key	Text	Severity	Disabled
too_may_elements	Data element aggregating {} non-primitive elements. Limit is {}.	None	False

Options

• This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity

• The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

limit

limit : int = 5

Limit of non-primitive elements acceptable for data elements