validation error audits

enisdenjo · enisdenjo · commit 2aae445070c8 · 2025-01-23T17:22:07.000+01:00
diff --git a/src/audits/server.ts b/src/audits/server.ts
@@ -491,24 +491,69 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] {
         await ressert(res).bodyAsExecutionResult.notToHaveProperty('errors');
       },
     ),
+    ...['string', 0, false, ['array']].map((invalid, index) =>
+      audit(
+        `028${index}`,
+        `MUST use 4xx or 5xx status codes on ${extendedTypeof(
+          invalid,
+        )} {extensions} parameter when accepting application/graphql-response+json`,
+        async () => {
+          const res = await fetchFn(await getUrl(opts.url), {
+            method: 'POST',
+            headers: {
+              'content-type': 'application/json',
+              accept: 'application/graphql-response+json',
+            },
+            body: JSON.stringify({
+              query: '{ __typename }',
+              extensions: invalid,
+            }),
+          });
+          ressert(res).status.toBeBetween(400, 599);
+        },
+      ),
+    ),
+    ...['string', 0, false, ['array']].map((invalid, index) =>
+      audit(
+        `233${index}`,
+        `SHOULD use 4xx status code on ${extendedTypeof(
+          invalid,
+        )} {extensions} parameter when accepting application/graphql-response+json`,
+        async () => {
+          const res = await fetchFn(await getUrl(opts.url), {
+            method: 'POST',
+            headers: {
+              'content-type': 'application/json',
+              accept: 'application/graphql-response+json',
+            },
+            body: JSON.stringify({
+              query: '{ __typename }',
+              extensions: invalid,
+            }),
+          });
+          ressert(res).status.toBeBetween(400, 499);
+        },
+      ),
+    ),
     ...['string', 0, false, ['array']].map((invalid, index) =>
       audit(
         `58B${index}`,
-        `MUST use 400 status code on ${extendedTypeof(
+        `SHOULD use 4xx or 5xx status codes on ${extendedTypeof(
           invalid,
-        )} {extensions} parameter`,
+        )} {extensions} parameter when accepting application/json`,
         async () => {
           const res = await fetchFn(await getUrl(opts.url), {
             method: 'POST',
             headers: {
               'content-type': 'application/json',
+              accept: 'application/json',
             },
             body: JSON.stringify({
               query: '{ __typename }',
               extensions: invalid,
             }),
           });
-          ressert(res).status.toBe(400);
+          ressert(res).status.toBeBetween(400, 599);
         },
       ),
     ),
