Related functions, such as those that make up a library, should provide consistent and usable interfaces. Ralph Waldo Emerson might have said, "A foolish consistency is the hobgoblin of little minds," but inconsistencies in functional interfaces or behavior can lead to erroneous use so we understand this to be a "wise consistency". One aspect of providing a consistent interface is to provide a consistent and usable error checking mechanism API04-C. Provide a consistent and usable error checking mechanism.

Noncompliant Code Example (interface)





Compliant Solution (interface)






Noncompliant Code Example (behavior)



The shared folder and file copy functions in the  VMware virtual infrastructure (VIX) API are inconsistent in the set of characters they allow in folder names. As a result, you can create a shared folder that you subsequently can't use in a file copy function such as VixVM_CopyFileFromHostToGuest(). 



Compliant Solution (behavior)



Try to be consistent in the behavior of related functions that perform operations on common objects, so that an object created or modified by one function can be successfully processed by a downstream invocation of a related function.



Risk Assessment



Failure to do so can result in type errors in the program.







 Rule 


 Severity 


 Likelihood 


 Remediation Cost 


 Priority 


 Level 






 API04-C 


 medium


 unlikely 


 medium 


 P2 


 L3 









Related Vulnerabilities



Search for vulnerabilities resulting from the violation of this rule on the CERT website.



Other Languages



This rule appears in the C++ Secure Coding Standard as API04-CPP. Provide a consistent and usable error checking mechanism.



References



VMware 07 VIX API Version 1.1.1 (for Workstation 6.0.1) Release Notes. 16-August-2007 



\[[Burch 06|AA. C References#Burch06]\]
\[[CERT 06c|AA. C References#CERT 06c]\]
\[[ISO/IEC 9945:2003|AA. C References#ISO/IEC 9945-2003]\]
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21, "String handling <{{string.h}}>"
\[[ISO/IEC 23360-1:2006|AA. C References#ISO/IEC 23360-1-2006]\]
\[[ISO/IEC TR 24731-1:2007|AA. C References#ISO/IEC TR 24731-1-2007]\]
\[[ISO/IEC PDTR 24731-2|AA. C References#ISO/IEC PDTR 24731-2-2007]\]
\[[Miller 99|AA. C References#Miller 99]\]
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 20.4
\[[Seacord 05a|AA. C References#Seacord 05a]\] Chapter 2, "Strings"





      01. Preprocessor (PRE)      02. Declarations and Initialization (DCL)