Missing or nullable required fields break every downstream system that depends on them: a product without a name can't be indexed by search engines, a missing price silently renders as $0.00 or crashes checkout, and an absent image produces broken layout holes that erode customer trust. ISO 25010:2011 functional-correctness requires that a system produces correct outputs; a schema that permits null names or prices fails that baseline. CWE-1279 (Improper Preserved Integrity of Hardware Configuration) maps to this class of structural omission — when the data model doesn't enforce what the business treats as mandatory, inconsistencies accumulate across catalog, cart, and fulfillment.
High because missing required fields produce silent data corruption that propagates to checkout, search indexes, and fulfillment — defects visible to customers before they're visible to developers.
Define all four required fields as non-nullable in prisma/schema.prisma and run prisma migrate dev to enforce the constraint at the database layer — not just in application code.
model Product {
id String @id @default(cuid())
name String @db.VarChar(255)
description String @db.Text
price Decimal @db.Decimal(10, 2)
images String[]
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
}
In src/app/api/products/route.ts, add a Zod schema that rejects requests missing any of the four fields before the database write.
ID: ecommerce-catalog.product-data.required-fields
Severity: high
What to look for: Count all fields in the product schema or ORM model (prisma/schema.prisma, database migration files, or TypeScript type definition in src/types/ or src/models/). Enumerate which of these 4 required fields are present: name, description, price, image. For each field found, note whether it is marked as non-nullable or required in the schema definition.
Pass criteria: All 4 required fields (name, description, price, image) are present in the product model and enforced as non-nullable or marked as required — at least 4 non-nullable fields must be found. Report: "X of 4 required fields found, all non-nullable" where X must be 4 to pass.
Fail criteria: Any of the 4 required fields is missing from the schema, or any required field is marked as optional (? in Prisma, NULL allowed in SQL, Optional in TypeScript) when it should be required.
Skip (N/A) when: Never — all e-commerce products require these fields.
Cross-reference: For data model completeness beyond required fields, the Database Design & Operations audit covers schema normalization and migration patterns.
Cross-reference: For image optimization and delivery, the Performance Core audit covers image loading strategies and CDN configuration.
Cross-reference: For product description SEO quality, the SEO Fundamentals audit covers meta description and content quality patterns.
Detail on fail: Name the specific missing or optional fields. Example: "Product model has name and price but image is optional and description is missing — 2 of 4 required fields enforced"
Remediation: Define a complete product schema in prisma/schema.prisma:
model Product {
id String @id @default(cuid())
name String @db.VarChar(255)
description String @db.Text
price Decimal @db.Decimal(10, 2)
images String[]
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
}
Ensure all fields are non-nullable. If a field is allowed to be empty (e.g., description can be blank), document this decision — but at least the field must exist in the schema.