CWE-1064

Invocable Control Element with Signature Containing an Excessive Number of Parameters. [Complexity-Issues, Improper-Adherence-To-Coding-Standards]

Required inputs: IR

The product contains a function, subroutine, or method whose signature has an unnecessarily large number of parameters/arguments.

This issue makes it more difficult to understand and/or maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.

While the interpretation of "large number of parameters." may vary for each product or developer, CISQ recommends a default maximum of 7 parameters/arguments.

Excerpts from CWE [https://cwe.mitre.org], Copyright (C) 2006-2026, the MITRE Corporation. See section 9.4. "3rd-Party Licenses" in the documentation for full details.

Possible Messages

Key	Text	Severity	Disabled
excessive_parameter_number	Function with {} parameters more than {}.	None	False

Options

• This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity

• This rule shares the following common metric options: macro_library_patterns, opaque_macros

• The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

ignore_inherited

ignore_inherited : bool = False

Do not report functions inheriting a inacceptable number of parameters.

 

maxparams

maxparams : int = 7

Maximum acceptable number of parameters.