Alignment with Guidelines and linting rules for OWASP API Security #72
Conversation
…Commonalities v8.0.0 Alignment with Guidelines and linting rules for OWASP API Security
CAMARA Validation — PASS (with warnings)0 errors, 3 warnings, 20 hints | Profile: standard |
| birthdate: | ||
| type: string | ||
| format: date | ||
| maxLength: 64 |
There was a problem hiding this comment.
Thanks, @GillesInnov35 .
The description (below) says: the birthdate of the customer, in RFC 3339 / ISO 8601 calendar date format (YYYY-MM-DD).
So, 64 is too much? Just a comment from my feeling.
There was a problem hiding this comment.
Hi @ToshiWakayama-KDDI , it's aligned to DataTime artifect in https://github.com/camaraproject/Commonalities/tree/main/artifacts/common)/CAMARA_common.yaml
we should be compliant with this CAMARA common rule, WDYT ?
There was a problem hiding this comment.
Hi @GillesInnov35 ,
Got it. In that case, 64 should be fine. Thanks.
There was a problem hiding this comment.
@ToshiWakayama-KDDI , as it is a date and not dateTime format, I think we coud limit the length to 10 characters, the expected length of the field, WDYT ?
There was a problem hiding this comment.
Hi @GillesInnov35 ,
Sorry for the delay. I've been stuck with other internal issues over the last few days.
That would make a lot of sense.
However, since I understand that introducing the 'date' format is still under discussion in Commonalities, we could wait for the new release of the API Design Guide. This means we can implement this change anytime before the M4 milestone.
According to Masa (KDDI), Number Recycling will follow the same plan. Meanwhile, it seems that Tenure has already introduced the 'date' format, as shown below in the snippet derived from the Tenure WIP YAML:
tenureDate:
type: string
description: The date, in RFC 3339 / ISO 8601 compliant format "YYYY-MM-DD", from which continuous tenure of the identified network subscriber is required to be confirmed
format: date
minLength: 10
maxLength: 10
example: "2023-07-03"
|
@ToshiWakayama-KDDI , could you take a look at this PR and if OK approve. Then I'll create another one to address common artifacts. issue #77. Thanks |
ToshiWakayama-KDDI
left a comment
There was a problem hiding this comment.
Thanks, @GillesInnov35 .
Sorry for the delay. I've been stuck with other internal issues over the last few days.
LGTM now.
ToshiWakayama-KDDI
left a comment
There was a problem hiding this comment.
Hi @GillesInnov35 ,
I reset my approval because I found some warnings were not covered by this PR. However, I have just realised those warnings are to be coverered by the other PR. So, I have re-approved the PR. Sorry.
|
Hi @GillesInnov35 , Hi @fernandopradocabrillo , Thanks, |
…ting-rules-for-OWASP-API-Security
|
yes @ToshiWakayama-KDDI, waiting for @fernandopradocabrillo and @HuubAppelboom approval |
|
|
||
| idDocumentExpiryDate: | ||
| type: string | ||
| maxLength: 16 |
There was a problem hiding this comment.
should the maxLenght for idDocumentExpiryDate not be 10 (just like birthdate) ?
HuubAppelboom
left a comment
There was a problem hiding this comment.
Should the idDocumentExpiryDate not also be limited to maxLength 10, just like Birthday ?
ToshiWakayama-KDDI
left a comment
There was a problem hiding this comment.
Thanks, @GillesInnov35 . LGTM.
Alignment with Guidelines and linting rules for OWASP API Security top10 - Commonalities v8.0.0 rules
What type of PR is this?
What this PR does / why we need it:
Align swagger yaml with Commonalities v8.0.0 and Guidelines and linting rules for OWASP API Security top10
Which issue(s) this PR fixes:
Fixes #71