logo

Invokable Control Element with Large Number of Outward Calls

Incomplete Base
Structure: Simple
Description

This weakness occurs when a single function, method, or callable code block makes an excessively high number of calls to other objects or components outside its immediate scope. This creates a complex, tightly-coupled web of dependencies that is difficult to manage.

Extended Description

While the specific threshold for "excessively large" can vary by project, the CISQ standard recommends flagging any callable element that references more than five external objects. This high fan-out indicates a design where one component has too much responsibility and knowledge of the system's inner workings, violating principles of modularity and separation of concerns. This complexity directly undermines maintainability and indirectly harms security. It becomes harder to understand the code's impact, trace data flow, or modify one part without breaking others. This increased difficulty in auditing and updating the code slows down vulnerability fixes and raises the risk of introducing new security flaws during changes.
Common Consequences 1
Scope: Other

Impact: Reduce Maintainability
References 1
Automated Source Code Maintainability Measure (ASCMM)
Object Management Group (OMG)
01-2016
https://www.omg.org/spec/ASCMM/(2023-04-07)
ID: REF-960
Related Weaknesses
ChildOf: Improper Adherence to Coding Standards (CWE-710)
Taxonomy Mapping
  • OMG ASCMM