Skip to content

Apply CAMARA Commonalities OWASP recommendations#67

Open
PedroDiez wants to merge 2 commits intomainfrom
apply_camara_commonalities_owasp_recommendations
Open

Apply CAMARA Commonalities OWASP recommendations#67
PedroDiez wants to merge 2 commits intomainfrom
apply_camara_commonalities_owasp_recommendations

Conversation

@PedroDiez
Copy link
Contributor

@PedroDiez PedroDiez commented Mar 11, 2026

What type of PR is this?

  • enhancement/feature

What this PR does / why we need it:

This PR adapts/enhances API Specification to follow CAMARA Commonalities recommendations regarding OWASP checkings. Specifically:

  • x-correlator, phoneNumber and ErrorInfo are aligned with Commonalities
  • idDocument is proposed to have a maxLength of 30 characters

Which issue(s) this PR fixes:

Fixes #64

Special notes for reviewers:

N/A

Changelog input

 Apply CAMARA Commonalities OWASP recommendations in Customer Insights API

Additional documentation

This section can be blank.

docs

@PedroDiez PedroDiez self-assigned this Mar 11, 2026
@PedroDiez PedroDiez added the enhancement New feature or request label Mar 11, 2026
@github-actions
Copy link

github-actions bot commented Mar 11, 2026
edited
Loading

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 2 0 0.01s
✅ API spectral 1 0 1.78s
✅ GHERKIN gherkin-lint 1 0 0.42s
✅ REPOSITORY git_diff yes no 0.0s
✅ REPOSITORY secretlint yes no 0.71s
✅ YAML yamllint 1 0 0.38s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by OX Security

@rartych
Copy link
Contributor

rartych commented Mar 11, 2026

Centralized linting is not updated yet, so I have performed linting locally:

Here is the relevant output:

 275:22  warning  owasp:api4:2023-integer-format        Schema of type integer must specify format (int32 or int64).             components.schemas.ScoringResponse.properties.scoringValue
 275:22  warning  owasp:api4:2023-integer-limit-legacy  Schema of type integer must specify minimum and maximum.                 components.schemas.ScoringResponse.properties.scoringValue

I don't think the limits should be exact limits of specific scoring methods, just to cover all possible values.

@PedroDiez
Copy link
Contributor Author

PedroDiez commented Mar 11, 2026

Centralized linting is not updated yet, so I have performed linting locally:

Here is the relevant output:

 275:22  warning  owasp:api4:2023-integer-format        Schema of type integer must specify format (int32 or int64).             components.schemas.ScoringResponse.properties.scoringValue
 275:22  warning  owasp:api4:2023-integer-limit-legacy  Schema of type integer must specify minimum and maximum.                 components.schemas.ScoringResponse.properties.scoringValue

I don't think the limits should be exact limits of specific scoring methods, just to cover all possible values.

Thanks @rartych for pointing it. I will update the PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KevScarr KevScarr Awaiting requested review from KevScarr KevScarr is a code owner

@rartych rartych Awaiting requested review from rartych rartych is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@PedroDiez PedroDiez

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Applicability of Commonalities OWASP rules in Customer Insights

2 participants

@PedroDiez @rartych