Skip to content

fix: add forbidden-pattern check to ToolUpdate.validate_description (…#3785

Merged
crivetimihai merged 3 commits intoIBM:mainfrom
omorros:fix/tool-update-missing-forbidden-pattern-check-3773
Mar 22, 2026
Merged

fix: add forbidden-pattern check to ToolUpdate.validate_description (…#3785
crivetimihai merged 3 commits intoIBM:mainfrom
omorros:fix/tool-update-missing-forbidden-pattern-check-3773

Conversation

@omorros
Copy link
Copy Markdown
Contributor

@omorros omorros commented Mar 22, 2026

🔗 Related Issue

Closes #3773

📝 Summary

ToolUpdate.validate_description was missing the forbidden-pattern check (&&, ;, ||, $(, |, > , < ) that ToolCreate.validate_description enforces. This allowed a tool registered with a safe description to later have its description updated to include shell metacharacters, bypassing the validation enforced at creation time. This PR adds the same check to ToolUpdate.validate_description.

🏷️ Type of Change

[ x] Bug fix
[ ] Feature / Enhancement
[ ] Documentation
[ ] Refactor
[ ] Chore (deps, CI, tooling)
[ ] Other (describe below)

🧪 Verification

Check Command Status
Lint suite make lint
Unit tests make test
Coverage ≥ 80% make coverage

✅ Checklist

[x] Code formatted (make black isort pre-commit)
[x] Tests added/updated for changes
[ ] Documentation updated (if applicable)
[x] No secrets or credentials committed

📓 Notes (optional)

Added 4 unit tests in test_schemas_validators_extra.py:
Parametrized test rejecting all 7 forbidden patterns on ToolUpdate, safe description acceptance test, None passthrough test, and parity test verifying
ToolCreate and ToolUpdate reject the same pattern set.

omorros and others added 3 commits March 22, 2026 09:10
@omorros @crivetimihai
fix: add forbidden-pattern check to ToolUpdate.validate_description (I…
8fe9cb1 
…BM#3773)

Signed-off-by: Oriol Morros Vilaseca <OM368@student.aru.ac.uk>
@crivetimihai
fix: respect VALIDATION_STRICT in ToolUpdate.validate_description
113bc45 
The original PR added the forbidden-pattern check to ToolUpdate but
hardcoded it to always raise, ignoring settings.validation_strict.
This created an asymmetry with ToolCreate (which respects the setting),
meaning tools created with VALIDATION_STRICT=false could not be updated.

Align ToolUpdate with ToolCreate: check settings.validation_strict and
log a warning instead of raising when the setting is false.

Expand tests to mirror TestToolCreateDescriptionValidationStrict,
covering strict-mode rejection, non-strict-mode warnings, single-warning
logging, safe/None passthrough in both modes, and pattern parity.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
@crivetimihai
test: add edge-case tests for ToolUpdate forbidden-pattern validation
073bb50 
Add tests for empty string, forbidden patterns at string boundaries
(start/end), and exact MAX_DESCRIPTION_LENGTH descriptions to verify
boundary behavior matches ToolCreate.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
@crivetimihai crivetimihai force-pushed the fix/tool-update-missing-forbidden-pattern-check-3773 branch from fb407d0 to 073bb50 Compare March 22, 2026 09:28
@crivetimihai
Copy link
Copy Markdown
Member

crivetimihai commented Mar 22, 2026

Thanks for the contribution @omorros! The forbidden-pattern check for ToolUpdate.validate_description is a good catch — closing the gap where a tool could bypass creation-time validation via update.

I rebased onto main and made two additional commits:

  1. fix: respect VALIDATION_STRICT in ToolUpdate.validate_description — The original implementation always raised ValueError, ignoring settings.validation_strict. This broke symmetry with ToolCreate, which allows descriptions with Markdown syntax (e.g. > blockquote, cmd | grep) when VALIDATION_STRICT=false. Fixed to gate on the setting and log a warning in non-strict mode, matching ToolCreate exactly.

  2. test: add edge-case tests for ToolUpdate forbidden-pattern validation — Expanded the test class to mirror TestToolCreateDescriptionValidationStrict (strict rejection, non-strict acceptance with warning, single-warning logging, both-mode passthrough) and added boundary tests (empty string, patterns at start/end of string, exact MAX_DESCRIPTION_LENGTH).

All 75 tests in the file pass.

crivetimihai
crivetimihai approved these changes Mar 22, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@crivetimihai crivetimihai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — forbidden-pattern check correctly mirrors ToolCreate with VALIDATION_STRICT support. Tests comprehensive.

@crivetimihai crivetimihai merged commit 34fd62d into IBM:main Mar 22, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crivetimihai crivetimihai crivetimihai approved these changes

@kevalmahajan kevalmahajan Awaiting requested review from kevalmahajan kevalmahajan is a code owner

@madhav165 madhav165 Awaiting requested review from madhav165 madhav165 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG]: ToolUpdate.validate_description missing forbidden-pattern check present in ToolCreate

2 participants

@omorros @crivetimihai