schemathesis 3.13.0__py3-none-any.whl → 4.4.2__py3-none-any.whl

schemathesis/specs/graphql/__init__.py

@@ -1 +0,0 @@
-from .loaders import from_asgi, from_dict, from_file, from_path, from_url, from_wsgi

schemathesis/specs/graphql/nodes.py

@@ -0,0 +1,27 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from graphql import ValueNode
+
+# Re-export `hypothesis_graphql` helpers
+
+__all__ = [  # noqa: F822
+    "Boolean",
+    "Enum",
+    "Float",
+    "Int",
+    "List",
+    "Null",
+    "Object",
+    "String",
+]
+
+
+def __getattr__(name: str) -> ValueNode | None:
+    if name in __all__:
+        import hypothesis_graphql.nodes
+
+        return getattr(hypothesis_graphql.nodes, name)
+    raise AttributeError(f"module {__name__!r} has no attribute {name!r}")

schemathesis/specs/graphql/scalars.py

@@ -0,0 +1,86 @@
+from __future__ import annotations
+
+from functools import lru_cache
+from typing import TYPE_CHECKING
+
+from schemathesis.core.errors import IncorrectUsage
+
+if TYPE_CHECKING:
+    import graphql
+    from hypothesis import strategies as st
+
+CUSTOM_SCALARS: dict[str, st.SearchStrategy[graphql.ValueNode]] = {}
+
+
+def scalar(name: str, strategy: st.SearchStrategy[graphql.ValueNode]) -> None:
+    r"""Register a custom Hypothesis strategy for generating GraphQL scalar values.
+
+    Args:
+        name: Scalar name that matches your GraphQL schema scalar definition
+        strategy: Hypothesis strategy that generates GraphQL AST ValueNode objects
+
+    Example:
+        ```python
+        import schemathesis
+        from hypothesis import strategies as st
+        from schemathesis.graphql import nodes
+
+        # Register email scalar
+        schemathesis.graphql.scalar("Email", st.emails().map(nodes.String))
+
+        # Register positive integer scalar
+        schemathesis.graphql.scalar(
+            "PositiveInt",
+            st.integers(min_value=1).map(nodes.Int)
+        )
+
+        # Register phone number scalar
+        schemathesis.graphql.scalar(
+            "Phone",
+            st.from_regex(r"\+1-\d{3}-\d{3}-\d{4}").map(nodes.String)
+        )
+        ```
+
+    Schema usage:
+        ```graphql
+        scalar Email
+        scalar PositiveInt
+
+        type Query {
+          getUser(email: Email!, rating: PositiveInt!): User
+        }
+        ```
+
+    """
+    from hypothesis.strategies import SearchStrategy
+
+    if not isinstance(name, str):
+        raise IncorrectUsage(f"Scalar name {name!r} must be a string")
+    if not isinstance(strategy, SearchStrategy):
+        raise IncorrectUsage(
+            f"{strategy!r} must be a Hypothesis strategy which generates AST nodes matching this scalar"
+        )
+    CUSTOM_SCALARS[name] = strategy
+
+
+@lru_cache
+def get_extra_scalar_strategies() -> dict[str, st.SearchStrategy]:
+    """Get all extra GraphQL strategies."""
+    from hypothesis import strategies as st
+
+    from . import nodes
+
+    dates = st.dates().map(str)
+    times = st.times().map("%sZ".__mod__)
+
+    return {
+        "Date": dates.map(nodes.String),
+        "Time": times.map(nodes.String),
+        "DateTime": st.tuples(dates, times).map("T".join).map(nodes.String),
+        "IP": st.ip_addresses().map(str).map(nodes.String),
+        "IPv4": st.ip_addresses(v=4).map(str).map(nodes.String),
+        "IPv6": st.ip_addresses(v=6).map(str).map(nodes.String),
+        "BigInt": st.integers().map(nodes.Int),
+        "Long": st.integers(min_value=-(2**63), max_value=2**63 - 1).map(nodes.Int),
+        "UUID": st.uuids().map(str).map(nodes.String),
+    }

schemathesis/specs/graphql/schemas.py

@@ -1,166 +1,438 @@
-from functools import partial
-from typing import Any, Dict, Generator, List, Optional, Sequence, Tuple, Type, TypeVar, Union, cast
+from __future__ import annotations
+
+import enum
+import time
+from dataclasses import dataclass
+from difflib import get_close_matches
+from enum import unique
+from types import SimpleNamespace
+from typing import (
+    TYPE_CHECKING,
+    Any,
+    Callable,
+    Generator,
+    Iterator,
+    Mapping,
+    NoReturn,
+    Union,
+    cast,
+)
 from urllib.parse import urlsplit
 
-import attr
-import graphql
-import requests
 from hypothesis import strategies as st
-from hypothesis.strategies import SearchStrategy
-from hypothesis_graphql import strategies as gql_st
 from requests.structures import CaseInsensitiveDict
 
-from ...checks import not_a_server_error
-from ...constants import DataGenerationMethod
-from ...exceptions import InvalidSchema
-from ...hooks import HookDispatcher
-from ...models import APIOperation, Case, CheckFunction, OperationDefinition
-from ...schemas import BaseSchema
-from ...stateful import Stateful, StatefulTest
-from ...types import Body, Cookies, Headers, NotSet, PathParameters, Query
-from ...utils import NOT_SET, GenericResponse, Ok, Result
-
-
-@attr.s(slots=True, repr=False)  # pragma: no mutate
-class GraphQLCase(Case):
-    def as_requests_kwargs(
-        self, base_url: Optional[str] = None, headers: Optional[Dict[str, str]] = None
-    ) -> Dict[str, Any]:
-        final_headers = self._get_headers(headers)
-        base_url = self._get_base_url(base_url)
-        kwargs: Dict[str, Any] = {"method": self.method, "url": base_url, "headers": final_headers}
-        # There is no direct way to have bytes here, but it is a useful pattern to support.
-        # It also unifies GraphQLCase with its Open API counterpart where bytes may come from external examples
-        if isinstance(self.body, bytes):
-            kwargs["data"] = self.body
-            # Assume that the payload is JSON, not raw GraphQL queries
-            kwargs["headers"].setdefault("Content-Type", "application/json")
-        else:
-            kwargs["json"] = {"query": self.body}
-        return kwargs
-
-    def as_werkzeug_kwargs(self, headers: Optional[Dict[str, str]] = None) -> Dict[str, Any]:
-        final_headers = self._get_headers(headers)
-        return {
-            "method": self.method,
-            "path": self.operation.schema.get_full_path(self.formatted_path),
-            # Convert to a regular dictionary, as we use `CaseInsensitiveDict` which is not supported by Werkzeug
-            "headers": dict(final_headers),
-            "query_string": self.query,
-            "json": {"query": self.body},
-        }
-
-    def validate_response(
-        self,
-        response: GenericResponse,
-        checks: Tuple[CheckFunction, ...] = (),
-        additional_checks: Tuple[CheckFunction, ...] = (),
-        code_sample_style: Optional[str] = None,
-    ) -> None:
-        checks = checks or (not_a_server_error,)
-        checks += additional_checks
-        return super().validate_response(response, checks, code_sample_style=code_sample_style)
-
-    def call_asgi(
-        self,
-        app: Any = None,
-        base_url: Optional[str] = None,
-        headers: Optional[Dict[str, str]] = None,
-        **kwargs: Any,
-    ) -> requests.Response:
-        return super().call_asgi(app=app, base_url=base_url, headers=headers, **kwargs)
+from schemathesis import auths
+from schemathesis.core import NOT_SET, NotSet, Specification
+from schemathesis.core.errors import InvalidSchema, OperationNotFound
+from schemathesis.core.parameters import ParameterLocation
+from schemathesis.core.result import Ok, Result
+from schemathesis.generation import GenerationMode
+from schemathesis.generation.case import Case
+from schemathesis.generation.meta import (
+    CaseMetadata,
+    ComponentInfo,
+    ExamplesPhaseData,
+    FuzzingPhaseData,
+    GenerationInfo,
+    PhaseInfo,
+    TestPhase,
+)
+from schemathesis.hooks import HookContext, HookDispatcher, apply_to_all_dispatchers
+from schemathesis.schemas import (
+    APIOperation,
+    APIOperationMap,
+    ApiStatistic,
+    BaseSchema,
+    OperationDefinition,
+)
+
+from .scalars import CUSTOM_SCALARS, get_extra_scalar_strategies
+
+if TYPE_CHECKING:
+    import graphql
+    from hypothesis.strategies import SearchStrategy
+
+    from schemathesis.auths import AuthStorage
+
 
+@unique
+class RootType(enum.Enum):
+    QUERY = enum.auto()
+    MUTATION = enum.auto()
+
+
+@dataclass(repr=False)
+class GraphQLOperationDefinition(OperationDefinition):
+    field_name: str
+    type_: graphql.GraphQLType
+    root_type: RootType
+
+    __slots__ = ("raw", "field_name", "type_", "root_type")
+
+    def _repr_pretty_(self, *args: Any, **kwargs: Any) -> None: ...
+
+    @property
+    def is_query(self) -> bool:
+        return self.root_type == RootType.QUERY
+
+    @property
+    def is_mutation(self) -> bool:
+        return self.root_type == RootType.MUTATION
 
-C = TypeVar("C", bound=Case)
 
+class GraphQLResponses:
+    def find_by_status_code(self, status_code: int) -> None:
+        return None  # pragma: no cover
 
-@attr.s()  # pragma: no mutate
+    def add(self, status_code: str, definition: dict[str, Any]) -> None:
+        return None  # pragma: no cover
+
+
+@dataclass
 class GraphQLSchema(BaseSchema):
+    def __repr__(self) -> str:
+        return f"<{self.__class__.__name__}>"
+
+    def __iter__(self) -> Iterator[str]:
+        schema = self.client_schema
+        for operation_type in (
+            schema.query_type,
+            schema.mutation_type,
+        ):
+            if operation_type is not None:
+                yield operation_type.name
+
+    def _get_operation_map(self, key: str) -> APIOperationMap:
+        schema = self.client_schema
+        for root_type, operation_type in (
+            (RootType.QUERY, schema.query_type),
+            (RootType.MUTATION, schema.mutation_type),
+        ):
+            if operation_type and operation_type.name == key:
+                map = APIOperationMap(self, {})
+                map._data = FieldMap(map, root_type, operation_type)
+                return map
+        raise KeyError(key)
+
+    def find_operation_by_label(self, label: str) -> APIOperation | None:
+        if label.startswith(("Query.", "Mutation.")):
+            ty, field = label.split(".", maxsplit=1)
+            try:
+                return self[ty][field]
+            except KeyError:
+                return None
+        return None
+
+    def on_missing_operation(self, item: str, exc: KeyError) -> NoReturn:
+        raw_schema = self.raw_schema["__schema"]
+        type_names = [type_def["name"] for type_def in raw_schema.get("types", [])]
+        matches = get_close_matches(item, type_names)
+        message = f"`{item}` type not found"
+        if matches:
+            message += f". Did you mean `{matches[0]}`?"
+        raise OperationNotFound(message=message, item=item) from exc
+
     def get_full_path(self, path: str) -> str:
         return self.base_path
 
-    @property  # pragma: no mutate
-    def verbose_name(self) -> str:
-        return "GraphQL"
+    @property
+    def specification(self) -> Specification:
+        return Specification.graphql(version="")
 
     @property
     def client_schema(self) -> graphql.GraphQLSchema:
-        return graphql.build_client_schema(self.raw_schema)
+        import graphql
+
+        if not hasattr(self, "_client_schema"):
+            self._client_schema = graphql.build_client_schema(self.raw_schema)
+        return self._client_schema
 
     @property
     def base_path(self) -> str:
-        if self.base_url:
-            return urlsplit(self.base_url).path
+        if self.config.base_url:
+            return urlsplit(self.config.base_url).path
         return self._get_base_path()
 
     def _get_base_path(self) -> str:
         return cast(str, urlsplit(self.location).path)
 
-    @property
-    def operations_count(self) -> int:
+    def _measure_statistic(self) -> ApiStatistic:
+        statistic = ApiStatistic()
         raw_schema = self.raw_schema["__schema"]
-        if "queryType" not in raw_schema:
-            return 0
-        query_type_name = raw_schema["queryType"]["name"]
-        for type_def in raw_schema.get("types", []):
-            if type_def["name"] == query_type_name:
-                return len(type_def["fields"])
-        return 0
+        dummy_operation = APIOperation(
+            base_url=self.get_base_url(),
+            path=self.base_path,
+            label="",
+            method="POST",
+            schema=self,
+            responses=GraphQLResponses(),
+            security=None,
+            definition=None,  # type: ignore[arg-type, var-annotated]
+        )
+
+        for type_name in ("queryType", "mutationType"):
+            type_def = raw_schema.get(type_name)
+            if type_def is not None:
+                query_type_name = type_def["name"]
+                for type_def in raw_schema.get("types", []):
+                    if type_def["name"] == query_type_name:
+                        for field in type_def["fields"]:
+                            statistic.operations.total += 1
+                            dummy_operation.label = f"{query_type_name}.{field['name']}"
+                            if not self._should_skip(dummy_operation):
+                                statistic.operations.selected += 1
+        return statistic
 
     def get_all_operations(self) -> Generator[Result[APIOperation, InvalidSchema], None, None]:
         schema = self.client_schema
-        if schema.query_type is None:
-            return
-        for field_name, definition in schema.query_type.fields.items():
-            yield Ok(
-                APIOperation(
-                    base_url=self.get_base_url(),
-                    path=self.base_path,
-                    verbose_name=field_name,
-                    method="POST",
-                    app=self.app,
-                    schema=self,
-                    # Parameters are not yet supported
-                    definition=OperationDefinition(raw=definition, resolved=definition, scope="", parameters=[]),
-                    case_cls=GraphQLCase,
-                )
-            )
+        for root_type, operation_type in (
+            (RootType.QUERY, schema.query_type),
+            (RootType.MUTATION, schema.mutation_type),
+        ):
+            if operation_type is None:
+                continue
+            for field_name, field_ in operation_type.fields.items():
+                operation = self._build_operation(root_type, operation_type, field_name, field_)
+                if self._should_skip(operation):
+                    continue
+                yield Ok(operation)
+
+    def _should_skip(
+        self,
+        operation: APIOperation,
+        _ctx_cache: SimpleNamespace = SimpleNamespace(operation=None),
+    ) -> bool:
+        _ctx_cache.operation = operation
+        return not self.filter_set.match(_ctx_cache)
+
+    def _build_operation(
+        self,
+        root_type: RootType,
+        operation_type: graphql.GraphQLObjectType,
+        field_name: str,
+        field: graphql.GraphQlField,
+    ) -> APIOperation:
+        return APIOperation(
+            base_url=self.get_base_url(),
+            path=self.base_path,
+            label=f"{operation_type.name}.{field_name}",
+            method="POST",
+            app=self.app,
+            schema=self,
+            responses=GraphQLResponses(),
+            security=None,
+            # Parameters are not yet supported
+            definition=GraphQLOperationDefinition(
+                raw=field,
+                type_=operation_type,
+                field_name=field_name,
+                root_type=root_type,
+            ),
+        )
 
     def get_case_strategy(
         self,
         operation: APIOperation,
-        hooks: Optional[HookDispatcher] = None,
-        data_generation_method: DataGenerationMethod = DataGenerationMethod.default(),
+        hooks: HookDispatcher | None = None,
+        auth_storage: AuthStorage | None = None,
+        generation_mode: GenerationMode = GenerationMode.POSITIVE,
+        **kwargs: Any,
     ) -> SearchStrategy:
-        constructor = partial(GraphQLCase, operation=operation, data_generation_method=data_generation_method)
-        return st.builds(constructor, body=gql_st.query(self.client_schema, fields=[operation.verbose_name]))
-
-    def get_strategies_from_examples(self, operation: APIOperation) -> List[SearchStrategy[Case]]:
-        return []
+        return graphql_cases(
+            operation=operation,
+            hooks=hooks,
+            auth_storage=auth_storage,
+            generation_mode=generation_mode,
+            **kwargs,
+        )
 
-    def get_stateful_tests(
-        self, response: GenericResponse, operation: APIOperation, stateful: Optional[Stateful]
-    ) -> Sequence[StatefulTest]:
+    def get_strategies_from_examples(self, operation: APIOperation, **kwargs: Any) -> list[SearchStrategy[Case]]:
         return []
 
     def make_case(
         self,
         *,
-        case_cls: Type[C],
         operation: APIOperation,
-        path_parameters: Optional[PathParameters] = None,
-        headers: Optional[Headers] = None,
-        cookies: Optional[Cookies] = None,
-        query: Optional[Query] = None,
-        body: Union[Body, NotSet] = NOT_SET,
-        media_type: Optional[str] = None,
-    ) -> C:
-        return case_cls(
+        method: str | None = None,
+        path: str | None = None,
+        path_parameters: dict[str, Any] | None = None,
+        headers: dict[str, Any] | CaseInsensitiveDict | None = None,
+        cookies: dict[str, Any] | None = None,
+        query: dict[str, Any] | None = None,
+        body: list | dict[str, Any] | str | int | float | bool | bytes | NotSet = NOT_SET,
+        media_type: str | None = None,
+        meta: CaseMetadata | None = None,
+    ) -> Case:
+        return Case(
             operation=operation,
-            path_parameters=path_parameters,
-            headers=CaseInsensitiveDict(headers) if headers is not None else headers,
-            cookies=cookies,
-            query=query,
+            method=method or operation.method.upper(),
+            path=path or operation.path,
+            path_parameters=path_parameters or {},
+            headers=CaseInsensitiveDict() if headers is None else CaseInsensitiveDict(headers),
+            cookies=cookies or {},
+            query=query or {},
             body=body,
-            media_type=media_type,
+            media_type=media_type or "application/json",
+            meta=meta,
         )
+
+    def get_tags(self, operation: APIOperation) -> list[str] | None:
+        return None
+
+    def validate(self) -> None:
+        return None
+
+
+@dataclass
+class FieldMap(Mapping):
+    """Container for accessing API operations.
+
+    Provides a more specific error message if API operation is not found.
+    """
+
+    _parent: APIOperationMap
+    _root_type: RootType
+    _operation_type: graphql.GraphQLObjectType
+
+    __slots__ = ("_parent", "_root_type", "_operation_type")
+
+    def __len__(self) -> int:
+        return len(self._operation_type.fields)
+
+    def __iter__(self) -> Iterator[str]:
+        return iter(self._operation_type.fields)
+
+    def _init_operation(self, field_name: str) -> APIOperation:
+        schema = cast(GraphQLSchema, self._parent._schema)
+        operation_type = self._operation_type
+        field_ = operation_type.fields[field_name]
+        return schema._build_operation(self._root_type, operation_type, field_name, field_)
+
+    def __getitem__(self, item: str) -> APIOperation:
+        try:
+            return self._init_operation(item)
+        except KeyError as exc:
+            field_names = list(self._operation_type.fields)
+            matches = get_close_matches(item, field_names)
+            message = f"`{item}` field not found"
+            if matches:
+                message += f". Did you mean `{matches[0]}`?"
+            raise KeyError(message) from exc
+
+
+@st.composite  # type: ignore[misc]
+def graphql_cases(
+    draw: Callable,
+    *,
+    operation: APIOperation,
+    hooks: HookDispatcher | None = None,
+    auth_storage: auths.AuthStorage | None = None,
+    generation_mode: GenerationMode = GenerationMode.POSITIVE,
+    path_parameters: NotSet | dict[str, Any] = NOT_SET,
+    headers: NotSet | dict[str, Any] = NOT_SET,
+    cookies: NotSet | dict[str, Any] = NOT_SET,
+    query: NotSet | dict[str, Any] = NOT_SET,
+    body: Any = NOT_SET,
+    media_type: str | None = None,
+    phase: TestPhase = TestPhase.FUZZING,
+) -> Any:
+    import graphql
+    from hypothesis_graphql import strategies as gql_st
+
+    start = time.monotonic()
+    definition = cast(GraphQLOperationDefinition, operation.definition)
+    strategy_factory = {
+        RootType.QUERY: gql_st.queries,
+        RootType.MUTATION: gql_st.mutations,
+    }[definition.root_type]
+    hook_context = HookContext(operation=operation)
+    custom_scalars = {**get_extra_scalar_strategies(), **CUSTOM_SCALARS}
+    generation = operation.schema.config.generation_for(operation=operation, phase="fuzzing")
+    strategy = strategy_factory(
+        operation.schema.client_schema,  # type: ignore[attr-defined]
+        fields=[definition.field_name],
+        custom_scalars=custom_scalars,
+        print_ast=_noop,
+        allow_x00=generation.allow_x00,
+        allow_null=generation.graphql_allow_null,
+        codec=generation.codec,
+    )
+    strategy = apply_to_all_dispatchers(operation, hook_context, hooks, strategy, "body").map(graphql.print_ast)
+    body = draw(strategy)
+
+    path_parameters_ = _generate_parameter(
+        ParameterLocation.PATH, path_parameters, draw, operation, hook_context, hooks
+    )
+    headers_ = _generate_parameter(ParameterLocation.HEADER, headers, draw, operation, hook_context, hooks)
+    cookies_ = _generate_parameter(ParameterLocation.COOKIE, cookies, draw, operation, hook_context, hooks)
+    query_ = _generate_parameter(ParameterLocation.QUERY, query, draw, operation, hook_context, hooks)
+
+    _phase_data = {
+        TestPhase.EXAMPLES: ExamplesPhaseData(
+            description="Positive test case",
+            parameter=None,
+            parameter_location=None,
+            location=None,
+        ),
+        TestPhase.FUZZING: FuzzingPhaseData(
+            description="Positive test case",
+            parameter=None,
+            parameter_location=None,
+            location=None,
+        ),
+    }[phase]
+    phase_data = cast(Union[ExamplesPhaseData, FuzzingPhaseData], _phase_data)
+    instance = operation.Case(
+        path_parameters=path_parameters_,
+        headers=headers_,
+        cookies=cookies_,
+        query=query_,
+        body=body,
+        _meta=CaseMetadata(
+            generation=GenerationInfo(
+                time=time.monotonic() - start,
+                mode=generation_mode,
+            ),
+            phase=PhaseInfo(name=phase, data=phase_data),
+            components={
+                kind: ComponentInfo(mode=generation_mode)
+                for kind, value in [
+                    (ParameterLocation.QUERY, query_),
+                    (ParameterLocation.PATH, path_parameters_),
+                    (ParameterLocation.HEADER, headers_),
+                    (ParameterLocation.COOKIE, cookies_),
+                    (ParameterLocation.BODY, body),
+                ]
+                if value is not NOT_SET
+            },
+        ),
+        media_type=media_type or "application/json",
+    )
+    context = auths.AuthContext(
+        operation=operation,
+        app=operation.app,
+    )
+    auths.set_on_case(instance, context, auth_storage)
+    return instance
+
+
+def _generate_parameter(
+    location: ParameterLocation,
+    explicit: NotSet | dict[str, Any],
+    draw: Callable,
+    operation: APIOperation,
+    context: HookContext,
+    hooks: HookDispatcher | None,
+) -> Any:
+    # Schemathesis does not generate anything but `body` for GraphQL, hence use `None`
+    container = location.container_name
+    if isinstance(explicit, NotSet):
+        strategy = apply_to_all_dispatchers(operation, context, hooks, st.none(), container)
+    else:
+        strategy = apply_to_all_dispatchers(operation, context, hooks, st.just(explicit), container)
+    return draw(strategy)
+
+
+def _noop(node: graphql.Node) -> graphql.Node:
+    return node