Able to crash a server from improper handling of nil params

[bc-donfran]

Describe the bug
When using the go-sdk library, when a no parameters were parsed to the sdk with certain methods. It caused the mcp server to crash. This looks like it could be a vector for effective denial of service. Example of affected methods are: resources/read and prompts/get but other methods are most likely affected as well.

We suspect this is the problematic function: https://github.com/modelcontextprotocol/go-sdk/blob/main/mcp/server.go#L358

To Reproduce
1. Start the MCP service.

2. Send an initialiize
{"jsonrpc":"2.0","id":"1\"{{3*3}}","method":"initialize","protocolVersion":"2025-06-11","params":{"logging":"true"}}

3. Send a resources/read with no parameters.
{"jsonrpc":"2.0","id":"1", "method": "resources/read"}

4. Observe that you get a panic: runtime error: invalid memory address or nil pointer dereference

Expected behavior
Proper handling of params should be done to avoid a panic runtime error and return an appropriate error message.

Logs

mcp-issue-nil-params % go run hello.go 
{"jsonrpc":"2.0","id":"1\"{{3*3}}","method":"initialize","protocolVersion":"2025-06-11","params":{"logging":"true"}}
read: {"jsonrpc":"2.0","id":"1\"{{3*3}}","method":"initialize","params":{"logging":"true"}}
{"jsonrpc":"2.0","id":"1\"{{3*3}}","result":{"capabilities":{"completions":{},"logging":{},"prompts":{"listChanged":true},"resources":{"listChanged":true},"tools":{"listChanged":true}},"protocolVersion":"2025-06-18","serverInfo":{"name":"greeter","version":""}}}
write: {"jsonrpc":"2.0","id":"1\"{{3*3}}","result":{"capabilities":{"completions":{},"logging":{},"prompts":{"listChanged":true},"resources":{"listChanged":true},"tools":{"listChanged":true}},"protocolVersion":"2025-06-18","serverInfo":{"name":"greeter","version":""}}}
{"jsonrpc":"2.0","id":"1", "method": "resources/read"}
read: {"jsonrpc":"2.0","id":"1","method":"resources/read"}
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x8 pc=0x1006269a8]

[davidleitw]

Hi @jba! I'd like to work on fixing this nil params crash. Can I take this issue?

[jba]

Sure!

[davidleitw]

@jba I've submitted a PR that fixes this issue

The fix handles both missing params and explicit JSON null to prevent crashes. Could you please review when you have time? Thanks!

[findleyr]

I'm very sorry @davidleitw, I did not see this issue, and sent a fix for a dupe (#195):
#210

Do you want to repurpose your PR to keep the new test that you added, and ensure it still passes?

[davidleitw]

@findleyr

That's totally fine! I'll repurpose the PR to focus on the additional test coverage. Let me remove the duplicate fix logic and keep only the tests that complement your methodFlags solution.

I'll update it shortly to focus solely on the test improvements.