feat(audits/server): Test that null is allowed for body parameters (#28)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: enisdenjo <badurinadenis@gmail.com>

Author: 3 people

README.md

@@ -735,7 +735,6 @@ If you want a feature-full server with bleeding edge technologies, you're recomm
 | [hotchocolate](https://chillicream.com/docs/hotchocolate)          | [✅ Compliant](/implementations/hotchocolate/README.md)  |
 | [postgraphile](https://www.graphile.org/postgraphile/)             | [✅ Compliant](/implementations/postgraphile/README.md)  |
 | [apollo-server](https://www.apollographql.com/docs/apollo-server/) | [✅ Compliant](/implementations/apollo-server/README.md) |
-| [mercurius](https://mercurius.dev)                                 | [✅ Compliant](/implementations/mercurius/README.md)     |
 
 ## [Documentation](docs/)
 

implementations/apollo-server/README.md

@@ -2,8 +2,8 @@ _* This report was auto-generated by graphql-http_
 
 # GraphQL over HTTP audit report
 
-- **73** audits in total
-- ✅ **37** pass
+- **79** audits in total
+- ✅ **43** pass
 - ⚠️ **36** warnings (optional)
 
 ## Passing
@@ -27,23 +27,29 @@ _* This report was auto-generated by graphql-http_
 18. MUST allow string {query} parameter when accepting application/json
 19. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
 20. MUST allow string {operationName} parameter when accepting application/json
-21. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
-22. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
-23. MUST allow map {variables} parameter when accepting application/json
-24. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
-25. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
-26. MUST allow map {extensions} parameter when accepting application/json
-27. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
-28. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
-29. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
-30. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
-31. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
-32. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
-33. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
-34. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
-35. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
-36. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
-37. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+21. SHOULD allow null {variables} parameter when accepting application/graphql-response+json
+22. MUST allow null {variables} parameter when accepting application/json
+23. SHOULD allow null {operationName} parameter when accepting application/graphql-response+json
+24. MUST allow null {operationName} parameter when accepting application/json
+25. SHOULD allow null {extensions} parameter when accepting application/graphql-response+json
+26. MUST allow null {extensions} parameter when accepting application/json
+27. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
+28. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
+29. MUST allow map {variables} parameter when accepting application/json
+30. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
+31. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
+32. MUST allow map {extensions} parameter when accepting application/json
+33. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+34. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
+35. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+36. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
+37. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
+38. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+39. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+40. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
+41. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+42. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+43. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
 
 ## Warnings
 The server _SHOULD_ support these, but is not required.

implementations/express-graphql/README.md

@@ -2,8 +2,8 @@ _* This report was auto-generated by graphql-http_
 
 # GraphQL over HTTP audit report
 
-- **73** audits in total
-- ✅ **40** pass
+- **79** audits in total
+- ✅ **46** pass
 - ⚠️ **33** warnings (optional)
 
 ## Passing
@@ -28,25 +28,31 @@ _* This report was auto-generated by graphql-http_
 19. MUST allow string {query} parameter when accepting application/json
 20. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
 21. MUST allow string {operationName} parameter when accepting application/json
-22. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
-23. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
-24. MUST allow map {variables} parameter when accepting application/json
-25. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
-26. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
-27. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
-28. MUST allow map {extensions} parameter when accepting application/json
-29. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
-30. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
-31. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
-32. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
-33. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
-34. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
-35. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
-36. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
-37. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
-38. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
-39. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
-40. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+22. SHOULD allow null {variables} parameter when accepting application/graphql-response+json
+23. MUST allow null {variables} parameter when accepting application/json
+24. SHOULD allow null {operationName} parameter when accepting application/graphql-response+json
+25. MUST allow null {operationName} parameter when accepting application/json
+26. SHOULD allow null {extensions} parameter when accepting application/graphql-response+json
+27. MUST allow null {extensions} parameter when accepting application/json
+28. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
+29. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
+30. MUST allow map {variables} parameter when accepting application/json
+31. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
+32. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
+33. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
+34. MUST allow map {extensions} parameter when accepting application/json
+35. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+36. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
+37. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
+38. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+39. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
+40. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
+41. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+42. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+43. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
+44. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+45. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+46. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
 
 ## Warnings
 The server _SHOULD_ support these, but is not required.

implementations/graph-client/README.md

@@ -2,8 +2,8 @@ _* This report was auto-generated by graphql-http_
 
 # GraphQL over HTTP audit report
 
-- **73** audits in total
-- ✅ **71** pass
+- **79** audits in total
+- ✅ **77** pass
 - ⚠️ **2** warnings (optional)
 
 ## Passing
@@ -40,44 +40,50 @@ _* This report was auto-generated by graphql-http_
 31. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
 32. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
 33. MUST allow string {operationName} parameter when accepting application/json
-34. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
-35. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
-36. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
-37. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
-38. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
-39. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
-40. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
-41. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
-42. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
-43. MUST allow map {variables} parameter when accepting application/json
-44. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
-45. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
-46. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
-47. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
-48. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
-49. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
-50. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
-51. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
-52. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
-53. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
-54. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
-55. MUST allow map {extensions} parameter when accepting application/json
-56. SHOULD use 200 status code on JSON parsing failure when accepting application/json
-57. SHOULD use 200 status code if parameters are invalid when accepting application/json
-58. SHOULD use 200 status code on document parsing failure when accepting application/json
-59. SHOULD use 200 status code on document validation failure when accepting application/json
-60. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
-61. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
-62. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
-63. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
-64. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
-65. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
-66. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
-67. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
-68. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
-69. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
-70. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
-71. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+34. SHOULD allow null {variables} parameter when accepting application/graphql-response+json
+35. MUST allow null {variables} parameter when accepting application/json
+36. SHOULD allow null {operationName} parameter when accepting application/graphql-response+json
+37. MUST allow null {operationName} parameter when accepting application/json
+38. SHOULD allow null {extensions} parameter when accepting application/graphql-response+json
+39. MUST allow null {extensions} parameter when accepting application/json
+40. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
+41. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
+42. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
+43. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
+44. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
+45. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
+46. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
+47. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
+48. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
+49. MUST allow map {variables} parameter when accepting application/json
+50. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
+51. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
+52. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
+53. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
+54. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
+55. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
+56. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
+57. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
+58. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
+59. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
+60. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
+61. MUST allow map {extensions} parameter when accepting application/json
+62. SHOULD use 200 status code on JSON parsing failure when accepting application/json
+63. SHOULD use 200 status code if parameters are invalid when accepting application/json
+64. SHOULD use 200 status code on document parsing failure when accepting application/json
+65. SHOULD use 200 status code on document validation failure when accepting application/json
+66. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+67. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
+68. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
+69. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+70. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
+71. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
+72. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+73. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+74. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
+75. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+76. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+77. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
 
 ## Warnings
 The server _SHOULD_ support these, but is not required.