You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Below is a summary of compliance checks for this PR:
Security Compliance
⚪
Missing schema validation
Description: The new description for AddressHBL introduces an ICS2 requirement implying that either streetNumber or POBox should be provided, but the schema does not enforce this with validation (e.g., oneOf with required constraints), allowing payloads that do not meet the stated requirement. EBL_v3.0.3.yaml [4286-4345]
Referred Code
AddressHBL:
type: objecttitle: Address House B/Ldescription: | An object for storing address related information. Either **Street number** or **PO Box** should be provided to meet **ICS2** filing requirements.properties:
street:
type: stringmaxLength: 70description: The name of the street.example: RuijggoordwegstreetNumber:
type: stringmaxLength: 50description: The number of the street.example: '100'floor:
type: stringpattern: ^\S(?:.*\S)?$maxLength: 50description: |... (clipped 39 lines)
Add a comment to the transport document reference in Shipping Instructions indicating it should be provided to meet ICS2 filing requirements.
Add a comment to the Buyer, Seller, and Notify Parties address objects in the SI stating that either Street number or PO Box should be provided to meet ICS2 filing requirements.
Codebase Duplication Compliance
⚪
Codebase context is not defined
Follow the guide to enable codebase context checks.
Custom Compliance
🟢
Generic: Meaningful Naming and Self-Documenting Code
Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting
Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance.
Status: No auditing: The PR adds and updates OpenAPI schema descriptions and references without introducing any logging for critical actions, but as this is a schema file changes may not require audit logs.
Referred Code
A unique number allocated by the shipping line, for the shipper to indicate which `transportDocumentReference` should be linked with this `Shipping Instructions`. When available, the `transportDocumentReference` should be provided to meet **ICS2** filing requirements.example: HHL71800000transportDocumentTypeCode:
type: stringdescription: | Specifies the type of the transport document - `BOL` (Bill of Lading) - `SWB` (Sea Waybill)enum:
- BOL
- SWBexample: SWBisShippedOnBoardType:
type: booleandescription: | Specifies whether the Transport Document is a received for shipment, or shipped on board.example: truefreightPaymentTermCode:
type: stringdescription: | An indicator of whether freight and ancillary fees for the main transport are prepaid (`PRE`) or collect (`COL`). When prepaid the charges are the responsibility of the shipper or the Invoice payer on behalf of the shipper (if provided). When collect, the charges are the responsibility of the consignee or the Invoice payer on behalf of the consignee (if provided).... (clipped 2378 lines)
Generic: Robust Error Handling and Edge Case Management
Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation
Status: No errors handled: The changes are schema description and reference updates with no executable error handling; if validation logic relies on these schemas, confirm that edge cases (e.g., missing streetNumber and POBox) are enforced at runtime.
Referred Code
AddressHBL:
type: objecttitle: Address House B/Ldescription: | An object for storing address related information. Either **Street number** or **PO Box** should be provided to meet **ICS2** filing requirements.properties:
street:
type: stringmaxLength: 70description: The name of the street.example: RuijggoordwegstreetNumber:
type: stringmaxLength: 50description: The number of the street.example: '100'floor:
type: stringpattern: ^\S(?:.*\S)?$maxLength: 50description: |... (clipped 38 lines)
Generic: Security-First Input Validation and Data Handling
Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities
Status: Validation ambiguity: The new AddressHBL description states either Street number or PO Box should be provided, but the schema required list still includes street and does not enforce mutuality between streetNumber and POBox; this may require additional validation rules not visible here.
Referred Code
An object for storing address related information. Either **Street number** or **PO Box** should be provided to meet **ICS2** filing requirements.properties:
street:
type: stringmaxLength: 70description: The name of the street.example: RuijggoordwegstreetNumber:
type: stringmaxLength: 50description: The number of the street.example: '100'floor:
type: stringpattern: ^\S(?:.*\S)?$maxLength: 50description: | The floor of the street number.example: N/ApostCode:
type: string... (clipped 34 lines)
Instead of creating a duplicate AddressHBL schema just to change its description, reuse the original Address schema. Apply the new description directly where Address is referenced in the Buyer, Seller, and NotifyParty schemas to avoid code duplication and maintenance issues.
AddressHBL:
type: objecttitle: Address House B/Ldescription: | An object for storing address related information. Either **Street number** or **PO Box** should be provided to meet **ICS2** filing requirements.properties:
street:
type: stringmaxLength: 70description: The name of the street.... (clipped 50 lines)
# ebl/v3/EBL_v3.0.3.yamlcomponents:
schemas:
AddressHBL: # New duplicated schematype: objectdescription: | An object for storing address related information. Either **Street number** or **PO Box** should be provided to meet **ICS2** filing requirements.properties:
street: ...streetNumber: ...# ... all other properties from AddressBuyer:
properties:
address:
$ref: '#/components/schemas/AddressHBL'# uses duplicated schema
After:
# ebl/v3/EBL_v3.0.3.yamlcomponents:
schemas:
# No AddressHBL schema is needed.Buyer:
properties:
address:
# Re-use existing Address schema and add/override descriptionallOf:
- $ref: '#/components/schemas/Address'description: | An object for storing address related information. Either **Street number** or **PO Box** should be provided to meet **ICS2** filing requirements.
Suggestion importance[1-10]: 9
__
Why: The suggestion correctly identifies a significant design flaw (schema duplication) and proposes a standard, more maintainable solution using schema composition, which is a critical improvement.
High
Possible issue
Enforce conditional requirement in schema
Enforce the conditional requirement in the AddressHBL schema that either streetNumber or POBox must be provided by using the anyOf keyword.
AddressHBL:
type: object
title: Address House B/L
description: |
An object for storing address related information. Either **Street number** or **PO Box** should be provided to meet **ICS2** filing requirements.
properties:
street:
type: string
maxLength: 70
description: The name of the street.
example: Ruijggoordweg
streetNumber:
type: string
maxLength: 50
description: The number of the street.
example: '100'
floor:
type: string
pattern: ^\S(?:.*\S)?$
maxLength: 50
description: |
The floor of the street number.
example: N/A
postCode:
type: string
maxLength: 10
description: The post code of the address.
example: 1047 HM
POBox:
type: string
maxLength: 20
description: A numbered box at a post office where a person or business can have mail or parcels delivered.
example: '123'
city:
type: string
pattern: ^\S(?:.*\S)?$
maxLength: 35
description: |
The name of the city.
example: Amsterdam
stateRegion:
type: string
maxLength: 65
description: The name of the state/region.
example: North Holland
countryCode:
type: string
pattern: ^[A-Z]{2}$
minLength: 2
maxLength: 2
description: |
The 2 characters for the country code using [ISO 3166-1 alpha-2](https://www.iso.org/obp/ui/#iso:pub:PUB500001:en)
**Note:** In case the `countryCode` is unknown it is possible to use the code `ZZ`.
example: NL
required:
- street
- city
- countryCode
+ anyOf:+ - required: [ streetNumber ]+ - required: [ POBox ]
Apply / Chat
Suggestion importance[1-10]: 8
__
Why: The suggestion correctly identifies a discrepancy between the schema's description and its validation rules and proposes the correct fix using anyOf to enforce the conditional requirement, which is crucial for ICS2 compliance.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
SD-2504: Includes the following change:
Buyer,SellerandNotifyPartieson the House B/LtransportDocumentReferneceand ICS2 requirementsThe
AddressHBLobject is a copy of theAddressobject - only difference is the description where extra information (only relevant to HBL) is added.