CWE-1126

Declaration of Variable with Unnecessarily Wide Scope. [Bad-Coding-Practices, Improper-Adherence-To-Coding-Standards]

Required inputs: IR

The source code declares a variable in one scope, but the variable is only used within a narrower scope.

This issue makes it more difficult to understand and/or maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.

Excerpts from CWE [https://cwe.mitre.org], Copyright (C) 2006-2026, the MITRE Corporation. See section 9.4. "3rd-Party Licenses" in the documentation for full details.

Possible Messages

Key	Text	Severity	Disabled
locality_block	{} can be declared in a more local scope.	None	False
locality_function	Global {} can be declared inside function.	None	False
locality_function_static	Global {} can be declared as local static inside function.	None	False
locality_loop_init	{} can be declared in the for-loop’s initialization.	None	False
var_file_static	{} can be declared static in primary file.	None	False

Options

• This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity

• The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

allow_moving_to_other_primary_file

allow_moving_to_other_primary_file : bool = False

When a variable is only used in a single file X, but currently implemented in a different file Y, this controls whether the check suggests to move it into X and make it static there.

 

check_loop_counter

check_loop_counter : bool = False

Whether to report for-loop counters being declared before the loop that could be declared in the for-init part instead from C99 on.

 

consider_constructors_as_capturing

consider_constructors_as_capturing : bool = False

Whether passing a variable into a constructor is considered capturing it. This influences the check if making a global variable local would introduce a leaking reference: If the constructed object would outlive the local variable, making the variable local will not be suggested. If the option is set to false, passing variables into constructors has no effect on the analysis.

 

exclude_c_function_locals

exclude_c_function_locals : bool = False

If True, then the violation for C function local variables is disabled

 

exclude_function_locals

exclude_function_locals : bool = True

If true, variables that could even be function-local are not reported.

 

exclude_undefined

exclude_undefined : bool = True

Whether only-declared symbols should be reported as well.

 

move_global_const_into_function

move_global_const_into_function : bool = True

Controls suggestions for global constants that could be declared locally in a function.

 

only_check_unit_locals

only_check_unit_locals : bool = False

Whether only global static variables should be checked. Note: this option is automatically activated during single-file analysis.