Skip to content

Alignment with Guidelines and linting rules for OWASP API Security #72

Merged
GillesInnov35 merged 17 commits into
mainfrom
Commonalities-Alignment---Guidelines-and-linting-rules-for-OWASP-API-Security
Jul 6, 2026
Merged

Alignment with Guidelines and linting rules for OWASP API Security #72
GillesInnov35 merged 17 commits into
mainfrom
Commonalities-Alignment---Guidelines-and-linting-rules-for-OWASP-API-Security

Conversation

@GillesInnov35

Copy link
Copy Markdown
Contributor

Alignment with Guidelines and linting rules for OWASP API Security top10 - Commonalities v8.0.0 rules

What type of PR is this?

  • correction

What this PR does / why we need it:

Align swagger yaml with Commonalities v8.0.0 and Guidelines and linting rules for OWASP API Security top10

Which issue(s) this PR fixes:

Fixes #71

…Commonalities v8.0.0

Alignment with Guidelines and linting rules for OWASP API Security
@camara-validation

camara-validation Bot commented Jun 1, 2026

Copy link
Copy Markdown

CAMARA Validation — PASS (with warnings)

0 errors, 3 warnings, 20 hints | Profile: standard

View full results

Comment thread code/API_definitions/kyc-match.yaml Outdated
Comment thread code/API_definitions/kyc-match.yaml Outdated
Comment thread code/API_definitions/kyc-match.yaml Outdated
Comment thread code/API_definitions/kyc-match.yaml Outdated
birthdate:
type: string
format: date
maxLength: 64

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @GillesInnov35 .
The description (below) says: the birthdate of the customer, in RFC 3339 / ISO 8601 calendar date format (YYYY-MM-DD).
So, 64 is too much? Just a comment from my feeling.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @ToshiWakayama-KDDI , it's aligned to DataTime artifect in https://github.com/camaraproject/Commonalities/tree/main/artifacts/common)/CAMARA_common.yaml
we should be compliant with this CAMARA common rule, WDYT ?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @GillesInnov35 ,
Got it. In that case, 64 should be fine. Thanks.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ToshiWakayama-KDDI , as it is a date and not dateTime format, I think we coud limit the length to 10 characters, the expected length of the field, WDYT ?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @GillesInnov35 ,
Sorry for the delay. I've been stuck with other internal issues over the last few days.

That would make a lot of sense.

However, since I understand that introducing the 'date' format is still under discussion in Commonalities, we could wait for the new release of the API Design Guide. This means we can implement this change anytime before the M4 milestone.

According to Masa (KDDI), Number Recycling will follow the same plan. Meanwhile, it seems that Tenure has already introduced the 'date' format, as shown below in the snippet derived from the Tenure WIP YAML:

tenureDate:
type: string
description: The date, in RFC 3339 / ISO 8601 compliant format "YYYY-MM-DD", from which continuous tenure of the identified network subscriber is required to be confirmed
format: date
minLength: 10
maxLength: 10
example: "2023-07-03"

@GillesInnov35

Copy link
Copy Markdown
Contributor Author

@ToshiWakayama-KDDI , could you take a look at this PR and if OK approve. Then I'll create another one to address common artifacts. issue #77. Thanks
Gilles

@ToshiWakayama-KDDI ToshiWakayama-KDDI self-requested a review June 27, 2026 02:57

@ToshiWakayama-KDDI ToshiWakayama-KDDI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @GillesInnov35 .
Sorry for the delay. I've been stuck with other internal issues over the last few days.
LGTM now.

@ToshiWakayama-KDDI ToshiWakayama-KDDI self-requested a review June 29, 2026 14:03

@ToshiWakayama-KDDI ToshiWakayama-KDDI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @GillesInnov35 ,
I reset my approval because I found some warnings were not covered by this PR. However, I have just realised those warnings are to be coverered by the other PR. So, I have re-approved the PR. Sorry.

@ToshiWakayama-KDDI

ToshiWakayama-KDDI commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Hi @GillesInnov35 , Hi @fernandopradocabrillo ,
Can we proceed with this PR, as the M3 deadline has passed?

Thanks,

@GillesInnov35

GillesInnov35 commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

yes @ToshiWakayama-KDDI, waiting for @fernandopradocabrillo and @HuubAppelboom approval

Comment thread code/API_definitions/kyc-match.yaml Outdated

idDocumentExpiryDate:
type: string
maxLength: 16

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should the maxLenght for idDocumentExpiryDate not be 10 (just like birthdate) ?

@HuubAppelboom HuubAppelboom left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should the idDocumentExpiryDate not also be limited to maxLength 10, just like Birthday ?

@ToshiWakayama-KDDI ToshiWakayama-KDDI self-requested a review July 6, 2026 07:20

@ToshiWakayama-KDDI ToshiWakayama-KDDI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @GillesInnov35 . LGTM.

@ToshiWakayama-KDDI ToshiWakayama-KDDI self-requested a review July 6, 2026 07:24
@GillesInnov35 GillesInnov35 merged commit e746840 into main Jul 6, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Alignment with Guidelines and linting rules for OWASP API Security Top 10

3 participants