require-tool-schema
ESLint rule documentation for require-tool-schema
📡 Live from GitHub — This documentation is fetched directly from require-tool-schema.md and cached for 6 hours.
Ensures all AI tools have Zod schema validation for input parameters.
Get weather
📊 Rule Details
| Property | Value |
|---|---|
| Type | suggestion |
| Severity | 🟡 HIGH |
| OWASP Agentic | ASI02: Tool Misuse & Exploitation |
| CWE | CWE-20: Improper Input Validation |
| CVSS | 7.0 |
| Config Default | warn (recommended), error (strict) |
🔍 What This Rule Detects
This rule identifies AI tools that lack input schema validation. Without schema validation, AI models can pass arbitrary data to tool execute functions, enabling exploitation.
❌ Incorrect Code
// No schema
const tools = {
weather: {
execute: async (params) => getWeather(params.location),
},
};
// Missing inputSchema in tool() helper
const myTool = tool({
description: 'Get weather',
execute: async (params) => getWeather(params.location),
});✅ Correct Code
// With inputSchema
const tools = {
weather: {
inputSchema: z.object({
location: z.string().max(100),
}),
execute: async ({ location }) => getWeather(location),
},
};
// Using tool() helper with schema
const weatherTool = tool({
description: 'Get weather',
inputSchema: z.object({
location: z.string().max(100),
unit: z.enum(['celsius', 'fahrenheit']).optional(),
}),
execute: async ({ location, unit }) => getWeather(location, unit),
});⚙️ Options
| Option | Type | Default | Description |
|---|---|---|---|
schemaPropertyNames | string[] | ['inputSchema', 'parameters', 'schema'] | Property names considered as valid schemas |
🛡️ Why This Matters
Without input validation, AI agents can:
- Pass malicious data - Inject SQL, paths, or commands
- Bypass business logic - Skip validation rules
- Cause DoS - Pass extremely large or nested data
- Exploit type confusion - Pass unexpected data types
🔗 Related Rules
require-tool-confirmation- Require confirmation for destructive toolsrequire-output-filtering- Filter tool output
Known False Negatives
The following patterns are not detected due to static analysis limitations:
Schema from Variable
Why: Schema stored in variables is not analyzed.
// ❌ NOT DETECTED - Schema from variable
const schema = z.object({ location: z.string() });
const tools = { weather: { inputSchema: schema, execute: fn } };Mitigation: Define schemas inline in tool definitions.
Dynamic Tool Definitions
Why: Dynamically created tools are not checked.
// ❌ NOT DETECTED - Dynamic tool creation
const tools = createTools(toolConfigs); // May not have schemasMitigation: Apply rule to tool factory functions.
Weak Schema Validation
Why: Schema quality is not assessed.
// ❌ NOT DETECTED - Overly permissive schema
const tools = {
execute: {
inputSchema: z.object({}).passthrough(), // Allows any extra fields!
execute: fn,
},
};Mitigation: Use strict schemas. Avoid .passthrough().
Tool Helper Wrappers
Why: Custom tool helpers may not be recognized.
// ❌ NOT DETECTED - Custom helper
const weatherTool = createTool({
name: 'weather',
handler: getWeather, // No schema visible
});Mitigation: Configure schemaPropertyNames for custom helpers.
📚 References
Error Message Format
The rule provides LLM-optimized error messages (Compact 2-line format) with actionable security guidance:
🔒 CWE-20 OWASP:A06 CVSS:7.5 | Improper Input Validation detected | HIGH [SOC2,PCI-DSS,HIPAA,GDPR,ISO27001]
Fix: Review and apply the recommended fix | https://owasp.org/Top10/A06_2021/Message Components
| Component | Purpose | Example |
|---|---|---|
| Risk Standards | Security benchmarks | CWE-20 OWASP:A06 CVSS:7.5 |
| Issue Description | Specific vulnerability | Improper Input Validation detected |
| Severity & Compliance | Impact assessment | HIGH [SOC2,PCI-DSS,HIPAA,GDPR,ISO27001] |
| Fix Instruction | Actionable remediation | Follow the remediation steps below |
| Technical Truth | Official reference | OWASP Top 10 |