schemathesis 3.13.0__py3-none-any.whl → 4.4.2__py3-none-any.whl

schemathesis/specs/openapi/_hypothesis.py

@@ -1,118 +1,74 @@
-import json
-import re
-import string
-from base64 import b64encode
-from contextlib import contextmanager, suppress
-from copy import deepcopy
-from typing import Any, Callable, Dict, Generator, Iterable, Optional, Tuple, Union
+from __future__ import annotations
+
+import time
+from dataclasses import dataclass
+from typing import Any, Callable, Iterable, Optional, Union, cast
 from urllib.parse import quote_plus
-from weakref import WeakKeyDictionary
 
+import jsonschema.protocols
+from hypothesis import event, note, reject
 from hypothesis import strategies as st
 from hypothesis_jsonschema import from_schema
-from requests.auth import _basic_auth_str
 from requests.structures import CaseInsensitiveDict
 
-from ... import utils
-from ...constants import DataGenerationMethod
-from ...exceptions import InvalidSchema
-from ...hooks import GLOBAL_HOOK_DISPATCHER, HookContext, HookDispatcher
-from ...models import APIOperation, Case
-from ...types import NotSet
-from ...utils import NOT_SET, compose
-from .constants import LOCATION_TO_CONTAINER
-from .negative import negative_schema
-from .parameters import OpenAPIBody, parameters_to_json_schema
-from .utils import is_header_location
-
-HEADER_FORMAT = "_header_value"
-PARAMETERS = frozenset(("path_parameters", "headers", "cookies", "query", "body"))
-SLASH = "/"
-STRING_FORMATS: Dict[str, st.SearchStrategy] = {}
-StrategyFactory = Callable[[Dict[str, Any], str, str, Optional[str]], st.SearchStrategy]
-
-
-def register_string_format(name: str, strategy: st.SearchStrategy) -> None:
-    """Register a new strategy for generating data for specific string "format".
-
-    :param str name: Format name. It should correspond the one used in the API schema as the "format" keyword value.
-    :param strategy: Hypothesis strategy you'd like to use to generate values for this format.
-    """
-    if not isinstance(name, str):
-        raise TypeError(f"name must be of type {str}, not {type(name)}")
-    if not isinstance(strategy, st.SearchStrategy):
-        raise TypeError(f"strategy must be of type {st.SearchStrategy}, not {type(strategy)}")
-
-    STRING_FORMATS[name] = strategy
-
-
-def init_default_strategies() -> None:
-    """Register all default "format" strategies."""
-    register_string_format("binary", st.binary())
-    register_string_format("byte", st.binary().map(lambda x: b64encode(x).decode()))
-
-    def make_basic_auth_str(item: Tuple[str, str]) -> str:
-        return _basic_auth_str(*item)
-
-    latin1_text = st.text(alphabet=st.characters(min_codepoint=0, max_codepoint=255))
-
-    # RFC 7230, Section 3.2.6
-    register_string_format(
-        "_header_name",
-        st.text(min_size=1, alphabet=st.sampled_from("!#$%&'*+-.^_`|~" + string.digits + string.ascii_letters)),
-    )
-    # Define valid characters here to avoid filtering them out in `is_valid_header` later
-    header_value = st.text(alphabet=st.characters(min_codepoint=0, max_codepoint=255, blacklist_characters="\n\r"))
-    # Header values with leading non-visible chars can't be sent with `requests`
-    register_string_format(HEADER_FORMAT, header_value.map(str.lstrip))
-    register_string_format("_basic_auth", st.tuples(latin1_text, latin1_text).map(make_basic_auth_str))  # type: ignore
-    register_string_format(
-        "_bearer_auth",
-        header_value.map("Bearer {}".format),
-    )
-
-
-def is_valid_header(headers: Dict[str, Any]) -> bool:
-    """Verify if the generated headers are valid."""
-    for name, value in headers.items():
-        if not utils.is_latin_1_encodable(value):
-            return False
-        if utils.has_invalid_characters(name, value):
-            return False
-    return True
-
-
-def is_illegal_surrogate(item: Any) -> bool:
-    def check(value: Any) -> bool:
-        return isinstance(value, str) and bool(re.search(r"[\ud800-\udfff]", value))
-
-    if isinstance(item, list):
-        return any(check(item_) for item_ in item)
-    return check(item)
-
-
-def is_valid_query(query: Dict[str, Any]) -> bool:
-    """Surrogates are not allowed in a query string.
+from schemathesis.config import GenerationConfig
+from schemathesis.core import NOT_SET, media_types
+from schemathesis.core.control import SkipTest
+from schemathesis.core.errors import SERIALIZERS_SUGGESTION_MESSAGE, MalformedMediaType, SerializationNotPossible
+from schemathesis.core.jsonschema.types import JsonSchema
+from schemathesis.core.parameters import ParameterLocation
+from schemathesis.core.transport import prepare_urlencoded
+from schemathesis.generation.meta import (
+    CaseMetadata,
+    ComponentInfo,
+    ExamplesPhaseData,
+    FuzzingPhaseData,
+    GenerationInfo,
+    PhaseInfo,
+    StatefulPhaseData,
+    TestPhase,
+)
+from schemathesis.openapi.generation.filters import is_valid_urlencoded
+from schemathesis.schemas import APIOperation
+from schemathesis.specs.openapi.adapter.parameters import FORM_MEDIA_TYPES, OpenApiBody, OpenApiParameterSet
+from schemathesis.specs.openapi.negative.mutations import MutationMetadata
+
+from ... import auths
+from ...generation import GenerationMode
+from ...hooks import HookContext, HookDispatcher, apply_to_all_dispatchers
+from .formats import (
+    DEFAULT_HEADER_EXCLUDE_CHARACTERS,
+    HEADER_FORMAT,
+    STRING_FORMATS,
+    get_default_format_strategies,
+    header_values,
+)
+from .media_types import MEDIA_TYPES
+from .negative import GeneratedValue, negative_schema
+from .negative.utils import can_negate
 
-    `requests` and `werkzeug` will fail to send it to the application.
-    """
-    for name, value in query.items():
-        if is_illegal_surrogate(name) or is_illegal_surrogate(value):
-            return False
-    return True
+SLASH = "/"
+StrategyFactory = Callable[
+    [JsonSchema, str, ParameterLocation, Optional[str], GenerationConfig, type[jsonschema.protocols.Validator]],
+    st.SearchStrategy,
+]
 
 
-@st.composite  # type: ignore
-def get_case_strategy(  # pylint: disable=too-many-locals
-    draw: Callable,
+@st.composite  # type: ignore[misc]
+def openapi_cases(
+    draw: st.DrawFn,
+    *,
     operation: APIOperation,
-    hooks: Optional[HookDispatcher] = None,
-    data_generation_method: DataGenerationMethod = DataGenerationMethod.default(),
-    path_parameters: Union[NotSet, Dict[str, Any]] = NOT_SET,
-    headers: Union[NotSet, Dict[str, Any]] = NOT_SET,
-    cookies: Union[NotSet, Dict[str, Any]] = NOT_SET,
-    query: Union[NotSet, Dict[str, Any]] = NOT_SET,
+    hooks: HookDispatcher | None = None,
+    auth_storage: auths.AuthStorage | None = None,
+    generation_mode: GenerationMode = GenerationMode.POSITIVE,
+    path_parameters: dict[str, Any] | None = None,
+    headers: dict[str, Any] | None = None,
+    cookies: dict[str, Any] | None = None,
+    query: dict[str, Any] | None = None,
     body: Any = NOT_SET,
+    media_type: str | None = None,
+    phase: TestPhase = TestPhase.FUZZING,
 ) -> Any:
     """A strategy that creates `Case` instances.
 
@@ -126,254 +82,573 @@ def get_case_strategy(  # pylint: disable=too-many-locals
     The primary purpose of this behavior is to prevent sending incomplete explicit examples by generating missing parts
     as it works with `body`.
     """
-    to_strategy = DATA_GENERATION_METHOD_TO_STRATEGY_FACTORY[data_generation_method]
-
-    context = HookContext(operation)
-
-    with detect_invalid_schema(operation):
-        path_parameters_value = get_parameters_value(
-            path_parameters, "path", draw, operation, context, hooks, to_strategy
-        )
-        headers_value = get_parameters_value(headers, "header", draw, operation, context, hooks, to_strategy)
-        cookies_value = get_parameters_value(cookies, "cookie", draw, operation, context, hooks, to_strategy)
-        query_value = get_parameters_value(query, "query", draw, operation, context, hooks, to_strategy)
-
-        media_type = None
-        if body is NOT_SET:
-            if operation.body:
-                parameter = draw(st.sampled_from(operation.body.items))
-                strategy = _get_body_strategy(parameter, to_strategy, operation)
-                strategy = apply_hooks(operation, context, hooks, strategy, "body")
-                media_type = parameter.media_type
-                body = draw(strategy)
+    start = time.monotonic()
+
+    generation_config = operation.schema.config.generation_for(operation=operation, phase=phase.value)
+
+    ctx = HookContext(operation=operation)
+
+    path_parameters_ = generate_parameter(
+        ParameterLocation.PATH, path_parameters, operation, draw, ctx, hooks, generation_mode, generation_config
+    )
+    headers_ = generate_parameter(
+        ParameterLocation.HEADER, headers, operation, draw, ctx, hooks, generation_mode, generation_config
+    )
+    cookies_ = generate_parameter(
+        ParameterLocation.COOKIE, cookies, operation, draw, ctx, hooks, generation_mode, generation_config
+    )
+    query_ = generate_parameter(
+        ParameterLocation.QUERY, query, operation, draw, ctx, hooks, generation_mode, generation_config
+    )
+
+    if body is NOT_SET:
+        if operation.body:
+            body_generator = generation_mode
+            if generation_mode.is_negative:
+                # Consider only schemas that are possible to negate
+                candidates = [item for item in operation.body.items if can_negate(item.optimized_schema)]
+                # Not possible to negate body, fallback to positive data generation
+                if not candidates:
+                    candidates = operation.body.items
+                    body_generator = GenerationMode.POSITIVE
+            else:
+                candidates = operation.body.items
+            parameter = draw(st.sampled_from(candidates))
+            strategy = _get_body_strategy(parameter, operation, generation_config, draw, body_generator)
+            strategy = apply_hooks(operation, ctx, hooks, strategy, ParameterLocation.BODY)
+            # Parameter may have a wildcard media type. In this case, choose any supported one
+            possible_media_types = sorted(
+                operation.schema.transport.get_matching_media_types(parameter.media_type), key=lambda x: x[0]
+            )
+            if not possible_media_types:
+                all_media_types = operation.get_request_payload_content_types()
+                if all(
+                    operation.schema.transport.get_first_matching_media_type(media_type) is None
+                    for media_type in all_media_types
+                ):
+                    # None of media types defined for this operation are not supported
+                    raise SerializationNotPossible.from_media_types(*all_media_types) from None
+                # Other media types are possible - avoid choosing this media type in the future
+                event_text = f"Can't serialize data to `{parameter.media_type}`."
+                note(f"{event_text} {SERIALIZERS_SUGGESTION_MESSAGE}")
+                event(event_text)
+                reject()
+            media_type, _ = draw(st.sampled_from(possible_media_types))
+            if media_type is not None and media_types.parse(media_type) == (
+                "application",
+                "x-www-form-urlencoded",
+            ):
+                if body_generator.is_negative:
+                    # For negative strategies, unwrap GeneratedValue, apply transformation, then rewrap
+                    strategy = strategy.map(
+                        lambda x: GeneratedValue(prepare_urlencoded(x.value), x.meta)
+                        if isinstance(x, GeneratedValue)
+                        else prepare_urlencoded(x)
+                    ).filter(lambda x: is_valid_urlencoded(x.value if isinstance(x, GeneratedValue) else x))
+                else:
+                    strategy = strategy.map(prepare_urlencoded).filter(is_valid_urlencoded)
+            body_result = draw(strategy)
+            body_metadata = None
+            # Negative strategy returns GeneratedValue, positive returns just value
+            if isinstance(body_result, GeneratedValue):
+                body_metadata = body_result.meta
+                body_result = body_result.value
+            body_ = ValueContainer(value=body_result, location="body", generator=body_generator, meta=body_metadata)
         else:
-            media_types = operation.get_request_payload_content_types() or ["application/json"]
-            # Take the first available media type.
-            # POSSIBLE IMPROVEMENT:
-            #   - Test examples for each available media type on Open API 2.0;
-            #   - On Open API 3.0, media types are explicit, and each example has it.
-            #     We can pass `OpenAPIBody.media_type` here from the examples handling code.
-            media_type = media_types[0]
-
-    if operation.schema.validate_schema and operation.method.upper() == "GET" and operation.body:
-        raise InvalidSchema("Body parameters are defined for GET request.")
-    return Case(
-        operation=operation,
+            body_ = ValueContainer(value=body, location="body", generator=None, meta=None)
+    else:
+        # This explicit body payload comes for a media type that has a custom strategy registered
+        # Such strategies only support binary payloads, otherwise they can't be serialized
+        if not isinstance(body, bytes) and media_type and _find_media_type_strategy(media_type) is not None:
+            all_media_types = operation.get_request_payload_content_types()
+            raise SerializationNotPossible.from_media_types(*all_media_types)
+        body_ = ValueContainer(value=body, location="body", generator=None, meta=None)
+
+    # If we need to generate negative cases but no generated values were negated, then skip the whole test
+    if generation_mode.is_negative and not any_negated_values([query_, cookies_, headers_, path_parameters_, body_]):
+        if generation_config.modes == [GenerationMode.NEGATIVE]:
+            raise SkipTest("Impossible to generate negative test cases")
+        else:
+            reject()
+
+    # Extract mutation metadata from negated values and create phase-appropriate data
+    if generation_mode.is_negative:
+        negated_container = None
+        for container in [query_, cookies_, headers_, path_parameters_, body_]:
+            if container.generator == GenerationMode.NEGATIVE and container.meta is not None:
+                negated_container = container
+                break
+
+        if negated_container and negated_container.meta:
+            metadata = negated_container.meta
+            location_map = {
+                "query": ParameterLocation.QUERY,
+                "path_parameters": ParameterLocation.PATH,
+                "headers": ParameterLocation.HEADER,
+                "cookies": ParameterLocation.COOKIE,
+                "body": ParameterLocation.BODY,
+            }
+            parameter_location = location_map.get(negated_container.location)
+            _phase_data = {
+                TestPhase.EXAMPLES: ExamplesPhaseData(
+                    description=metadata.description,
+                    parameter=metadata.parameter,
+                    parameter_location=parameter_location,
+                    location=metadata.location,
+                ),
+                TestPhase.FUZZING: FuzzingPhaseData(
+                    description=metadata.description,
+                    parameter=metadata.parameter,
+                    parameter_location=parameter_location,
+                    location=metadata.location,
+                ),
+                TestPhase.STATEFUL: StatefulPhaseData(
+                    description=metadata.description,
+                    parameter=metadata.parameter,
+                    parameter_location=parameter_location,
+                    location=metadata.location,
+                ),
+            }[phase]
+            phase_data = cast(Union[ExamplesPhaseData, FuzzingPhaseData, StatefulPhaseData], _phase_data)
+        else:
+            _phase_data = {
+                TestPhase.EXAMPLES: ExamplesPhaseData(
+                    description="Schema mutated",
+                    parameter=None,
+                    parameter_location=None,
+                    location=None,
+                ),
+                TestPhase.FUZZING: FuzzingPhaseData(
+                    description="Schema mutated",
+                    parameter=None,
+                    parameter_location=None,
+                    location=None,
+                ),
+                TestPhase.STATEFUL: StatefulPhaseData(
+                    description="Schema mutated",
+                    parameter=None,
+                    parameter_location=None,
+                    location=None,
+                ),
+            }[phase]
+            phase_data = cast(Union[ExamplesPhaseData, FuzzingPhaseData, StatefulPhaseData], _phase_data)
+    else:
+        _phase_data = {
+            TestPhase.EXAMPLES: ExamplesPhaseData(
+                description="Positive test case",
+                parameter=None,
+                parameter_location=None,
+                location=None,
+            ),
+            TestPhase.FUZZING: FuzzingPhaseData(
+                description="Positive test case",
+                parameter=None,
+                parameter_location=None,
+                location=None,
+            ),
+            TestPhase.STATEFUL: StatefulPhaseData(
+                description="Positive test case",
+                parameter=None,
+                parameter_location=None,
+                location=None,
+            ),
+        }[phase]
+        phase_data = cast(Union[ExamplesPhaseData, FuzzingPhaseData, StatefulPhaseData], _phase_data)
+
+    instance = operation.Case(
         media_type=media_type,
-        path_parameters=path_parameters_value,
-        headers=CaseInsensitiveDict(headers_value) if headers_value is not None else headers_value,
-        cookies=cookies_value,
-        query=query_value,
-        body=body,
-        data_generation_method=data_generation_method,
+        path_parameters=path_parameters_.value or {},
+        headers=headers_.value or CaseInsensitiveDict(),
+        cookies=cookies_.value or {},
+        query=query_.value or {},
+        body=body_.value,
+        _meta=CaseMetadata(
+            generation=GenerationInfo(
+                time=time.monotonic() - start,
+                mode=generation_mode,
+            ),
+            phase=PhaseInfo(name=phase, data=phase_data),
+            components={
+                kind: ComponentInfo(mode=value.generator)
+                for kind, value in [
+                    (ParameterLocation.QUERY, query_),
+                    (ParameterLocation.PATH, path_parameters_),
+                    (ParameterLocation.HEADER, headers_),
+                    (ParameterLocation.COOKIE, cookies_),
+                    (ParameterLocation.BODY, body_),
+                ]
+                if value.generator is not None
+            },
+        ),
     )
+    auth_context = auths.AuthContext(
+        operation=operation,
+        app=operation.app,
+    )
+    auths.set_on_case(instance, auth_context, auth_storage)
+    return instance
 
 
-YAML_PARSING_ISSUE_MESSAGE = (
-    "The API schema contains non-string keys. "
-    "If you store your schema in YAML, it is likely caused by unquoted keys parsed as "
-    "non-strings. For example, `on` is parsed as boolean `true`, "
-    "but `'on'` (with quotes) is a string `'on'`. See more information at https://noyaml.com/."
-)
+OPTIONAL_BODY_RATE = 0.05
 
 
-@contextmanager
-def detect_invalid_schema(operation: APIOperation) -> Generator[None, None, None]:
-    """Detect common issues with schemas."""
-    try:
-        yield
-    except TypeError as exc:
-        if is_yaml_parsing_issue(operation):
-            raise InvalidSchema(YAML_PARSING_ISSUE_MESSAGE) from exc
-        raise
-
+def _find_media_type_strategy(content_type: str) -> st.SearchStrategy[bytes] | None:
+    """Find a registered strategy for a content type, supporting wildcard patterns."""
+    # Try exact match first
+    if content_type in MEDIA_TYPES:
+        return MEDIA_TYPES[content_type]
 
-def is_yaml_parsing_issue(operation: APIOperation) -> bool:
-    """Detect whether the API operation has problems because of YAML syntax.
-
-    For example, unquoted 'on' is parsed as `True`.
-    """
     try:
-        # Sorting keys involves their comparison, when there is a non-string value, it leads to a TypeError
-        json.dumps(operation.schema.raw_schema, sort_keys=True)
-    except TypeError:
-        return True
-    return False
+        main, sub = media_types.parse(content_type)
+    except MalformedMediaType:
+        return None
+
+    # Check registered media types for wildcard matches
+    for registered_type, strategy in MEDIA_TYPES.items():
+        try:
+            target_main, target_sub = media_types.parse(registered_type)
+        except MalformedMediaType:
+            continue
+        # Match if both main and sub types are compatible
+        # "*" in either the requested or registered type acts as a wildcard
+        main_match = main == "*" or target_main == "*" or main == target_main
+        sub_match = sub == "*" or target_sub == "*" or sub == target_sub
+        if main_match and sub_match:
+            return strategy
+
+    return None
+
+
+def _build_form_strategy_with_encoding(
+    parameter: OpenApiBody,
+    operation: APIOperation,
+    generation_config: GenerationConfig,
+    generation_mode: GenerationMode,
+) -> st.SearchStrategy | None:
+    """Build a strategy for form bodies that have custom encoding contentType.
 
+    Supports wildcard media type matching (e.g., "image/*" matches "image/png").
 
-_BODY_STRATEGIES_CACHE: WeakKeyDictionary = WeakKeyDictionary()
+    Returns `None` if no custom encoding with registered strategies is found.
+    """
+    schema = parameter.optimized_schema
+    if not isinstance(schema, dict) or schema.get("type") != "object":
+        return None
+
+    properties = schema.get("properties", {})
+    if not properties:
+        return None
+
+    # Check which properties have custom content types with registered strategies
+    custom_property_strategies = {}
+    for property_name in properties:
+        content_type = parameter.get_property_content_type(property_name)
+
+        if content_type is not None and not isinstance(content_type, str):
+            # Happens in broken schemas
+            continue  # type: ignore[unreachable]
+
+        if content_type:
+            # Handle multiple content types (e.g., "image/png, image/jpeg")
+            content_types = [ct.strip() for ct in content_type.split(",")]
+            strategies_for_types = []
+            for ct in content_types:
+                strategy = _find_media_type_strategy(ct)
+                if strategy is not None:
+                    strategies_for_types.append(strategy)
+
+            if strategies_for_types:
+                custom_property_strategies[property_name] = st.one_of(*strategies_for_types)
+
+    if not custom_property_strategies:
+        return None
+
+    # Build strategies for properties
+    property_strategies = {}
+    for property_name, subschema in properties.items():
+        if property_name in custom_property_strategies:
+            property_strategies[property_name] = custom_property_strategies[property_name]
+        else:
+            from schemathesis.specs.openapi.schemas import BaseOpenAPISchema
+
+            assert isinstance(operation.schema, BaseOpenAPISchema)
+            strategy_factory = GENERATOR_MODE_TO_STRATEGY_FACTORY[generation_mode]
+            property_strategies[property_name] = strategy_factory(
+                subschema,
+                operation.label,
+                ParameterLocation.BODY,
+                parameter.media_type,
+                generation_config,
+                operation.schema.adapter.jsonschema_validator_cls,
+            )
+
+    # Build fixed dictionary strategy with optional properties
+    required = set(schema.get("required", []))
+    required_strategies = {k: v for k, v in property_strategies.items() if k in required}
+    optional_strategies = {k: st.just(NOT_SET) | v for k, v in property_strategies.items() if k not in required}
+
+    @st.composite  # type: ignore[misc]
+    def build_body(draw: st.DrawFn) -> dict[str, Any]:
+        body: dict[str, Any] = {}
+        # Generate required properties
+        for key, strategy in required_strategies.items():
+            body[key] = draw(strategy)
+        # Generate optional properties, filtering out NOT_SET
+        for key, strategy in optional_strategies.items():
+            value = draw(strategy)
+            if value is not NOT_SET:
+                body[key] = value
+        return body
+
+    return build_body()
 
 
 def _get_body_strategy(
-    parameter: OpenAPIBody,
-    to_strategy: StrategyFactory,
+    parameter: OpenApiBody,
     operation: APIOperation,
+    generation_config: GenerationConfig,
+    draw: st.DrawFn,
+    generation_mode: GenerationMode,
 ) -> st.SearchStrategy:
-    # The cache key relies on object ids, which means that the parameter should not be mutated
-    # Note, the parent schema is not included as each parameter belong only to one schema
-    if parameter in _BODY_STRATEGIES_CACHE and to_strategy in _BODY_STRATEGIES_CACHE[parameter]:
-        return _BODY_STRATEGIES_CACHE[parameter][to_strategy]
-    schema = parameter.as_json_schema()
-    schema = operation.schema.prepare_schema(schema)
-    strategy = to_strategy(schema, operation.verbose_name, "body", parameter.media_type)
-    if not parameter.is_required:
+    # Check for custom encoding in form bodies (multipart/form-data or application/x-www-form-urlencoded)
+    if parameter.media_type in FORM_MEDIA_TYPES:
+        custom_strategy = _build_form_strategy_with_encoding(parameter, operation, generation_config, generation_mode)
+        if custom_strategy is not None:
+            return custom_strategy
+
+    # Check for custom media type strategy
+    custom_strategy = _find_media_type_strategy(parameter.media_type)
+    if custom_strategy is not None:
+        return custom_strategy
+
+    # Use the cached strategy from the parameter
+    strategy = parameter.get_strategy(operation, generation_config, generation_mode)
+
+    # It is likely will be rejected, hence choose it rarely
+    if (
+        not parameter.is_required
+        and draw(st.floats(min_value=0.0, max_value=1.0, allow_infinity=False, allow_nan=False, allow_subnormal=False))
+        < OPTIONAL_BODY_RATE
+    ):
         strategy |= st.just(NOT_SET)
-    _BODY_STRATEGIES_CACHE.setdefault(parameter, {})[to_strategy] = strategy
     return strategy
 
 
 def get_parameters_value(
-    value: Union[NotSet, Dict[str, Any]],
-    location: str,
-    draw: Callable,
+    value: dict[str, Any] | None,
+    location: ParameterLocation,
+    draw: st.DrawFn,
     operation: APIOperation,
-    context: HookContext,
-    hooks: Optional[HookDispatcher],
-    to_strategy: StrategyFactory,
-) -> Optional[Dict[str, Any]]:
+    ctx: HookContext,
+    hooks: HookDispatcher | None,
+    generation_mode: GenerationMode,
+    generation_config: GenerationConfig,
+) -> tuple[dict[str, Any] | None, Any]:
     """Get the final value for the specified location.
 
     If the value is not set, then generate it from the relevant strategy. Otherwise, check what is missing in it and
     generate those parts.
     """
-    if isinstance(value, NotSet):
-        strategy = get_parameters_strategy(operation, to_strategy, location)
-        strategy = apply_hooks(operation, context, hooks, strategy, location)
-        return draw(strategy)
-    strategy = get_parameters_strategy(operation, to_strategy, location, exclude=value.keys())
-    strategy = apply_hooks(operation, context, hooks, strategy, location)
-    value = deepcopy(value)
-    value.update(draw(strategy))
-    return value
+    if value is None:
+        strategy = get_parameters_strategy(operation, generation_mode, location, generation_config)
+        strategy = apply_hooks(operation, ctx, hooks, strategy, location)
+        result = draw(strategy)
+        # Negative strategy returns GeneratedValue, positive returns just value
+        if isinstance(result, GeneratedValue):
+            return result.value, result.meta
+        return result, None
+    strategy = get_parameters_strategy(operation, generation_mode, location, generation_config, exclude=value.keys())
+    strategy = apply_hooks(operation, ctx, hooks, strategy, location)
+    new = draw(strategy)
+    metadata = None
+    # Negative strategy returns GeneratedValue, positive returns just value
+    if isinstance(new, GeneratedValue):
+        new, metadata = new.value, new.meta
+    if new is not None:
+        copied = dict(value)
+        copied.update(new)
+        return copied, metadata
+    return value, metadata
+
+
+@dataclass
+class ValueContainer:
+    """Container for a value generated by a data generator or explicitly provided."""
+
+    value: Any
+    location: str
+    generator: GenerationMode | None
+    meta: MutationMetadata | None
+
+    __slots__ = ("value", "location", "generator", "meta")
+
+    @property
+    def is_generated(self) -> bool:
+        """If value was generated."""
+        return self.generator is not None and (self.location == "body" or self.value is not None)
+
+
+def any_negated_values(values: list[ValueContainer]) -> bool:
+    """Check if any generated values are negated."""
+    return any(value.generator == GenerationMode.NEGATIVE for value in values if value.is_generated)
+
+
+def generate_parameter(
+    location: ParameterLocation,
+    explicit: dict[str, Any] | None,
+    operation: APIOperation,
+    draw: st.DrawFn,
+    ctx: HookContext,
+    hooks: HookDispatcher | None,
+    generator: GenerationMode,
+    generation_config: GenerationConfig,
+) -> ValueContainer:
+    """Generate a value for a parameter.
+
+    Fallback to positive data generator if parameter can not be negated.
+    """
+    if generator.is_negative and (
+        (location == ParameterLocation.PATH and not can_negate_path_parameters(operation))
+        or (location.is_in_header and not can_negate_headers(operation, location))
+    ):
+        # If we can't negate any parameter, generate positive ones
+        # If nothing else will be negated, then skip the test completely
+        generator = GenerationMode.POSITIVE
+    value, metadata = get_parameters_value(
+        explicit, location, draw, operation, ctx, hooks, generator, generation_config
+    )
+    used_generator: GenerationMode | None = generator
+    if value == explicit:
+        # When we pass `explicit`, then its parts are excluded from generation of the final value
+        # If the final value is the same, then other parameters were generated at all
+        if value is not None and location == ParameterLocation.PATH:
+            value = quote_all(value)
+        used_generator = None
+    return ValueContainer(value=value, location=location, generator=used_generator, meta=metadata)
+
+
+def can_negate_path_parameters(operation: APIOperation) -> bool:
+    """Check if any path parameter can be negated."""
+    # No path parameters to negate
+    parameters = cast(OpenApiParameterSet, operation.path_parameters).schema["properties"]
+    if not parameters:
+        return True
+    return any(can_negate(parameter) for parameter in parameters.values())
 
 
-_PARAMETER_STRATEGIES_CACHE: WeakKeyDictionary = WeakKeyDictionary()
+def can_negate_headers(operation: APIOperation, location: ParameterLocation) -> bool:
+    """Check if any header can be negated."""
+    container = getattr(operation, location.container_name)
+    # No headers to negate
+    headers = container.schema["properties"]
+    if not headers:
+        return True
+    return any(
+        header not in ({"type": "string"}, {"type": "string", "format": HEADER_FORMAT}) for header in headers.values()
+    )
 
 
 def get_parameters_strategy(
     operation: APIOperation,
-    to_strategy: StrategyFactory,
-    location: str,
+    generation_mode: GenerationMode,
+    location: ParameterLocation,
+    generation_config: GenerationConfig,
     exclude: Iterable[str] = (),
 ) -> st.SearchStrategy:
     """Create a new strategy for the case's component from the API operation parameters."""
-    parameters = getattr(operation, LOCATION_TO_CONTAINER[location])
-    if parameters:
-        # The cache key relies on object ids, which means that the parameter should not be mutated
-        nested_cache_key = (to_strategy, location, tuple(sorted(exclude)))
-        if operation in _PARAMETER_STRATEGIES_CACHE and nested_cache_key in _PARAMETER_STRATEGIES_CACHE[operation]:
-            return _PARAMETER_STRATEGIES_CACHE[operation][nested_cache_key]
-        schema = parameters_to_json_schema(parameters)
-        if not operation.schema.validate_schema and location == "path":
-            # If schema validation is disabled, we try to generate data even if the parameter definition
-            # contains errors.
-            # In this case, we know that the `required` keyword should always be `True`.
-            schema["required"] = list(schema["properties"])
-        schema = operation.schema.prepare_schema(schema)
-        for name in exclude:
-            # Values from `exclude` are not necessarily valid for the schema - they come from user-defined examples
-            # that may be invalid
-            schema["properties"].pop(name, None)
-            with suppress(ValueError):
-                schema["required"].remove(name)
-        strategy = to_strategy(schema, operation.verbose_name, location, None)
-        serialize = operation.get_parameter_serializer(location)
-        if serialize is not None:
-            strategy = strategy.map(serialize)
-        filter_func = {
-            "path": is_valid_path,
-            "header": is_valid_header,
-            "cookie": is_valid_header,
-            "query": is_valid_query,
-        }[location]
-        # Headers with special format do not need filtration
-        if not (is_header_location(location) and _can_skip_header_filter(schema)):
-            strategy = strategy.filter(filter_func)
-        # Path & query parameters will be cast to string anyway, but having their JSON equivalents for
-        # `True` / `False` / `None` improves chances of them passing validation in apps that expect boolean / null types
-        # and not aware of Python-specific representation of those types
-        map_func = {
-            "path": compose(quote_all, jsonify_python_specific_types),
-            "query": jsonify_python_specific_types,
-        }.get(location)
-        if map_func:
-            strategy = strategy.map(map_func)  # type: ignore
-        _PARAMETER_STRATEGIES_CACHE.setdefault(operation, {})[nested_cache_key] = strategy
-        return strategy
+    container = getattr(operation, location.container_name)
+    if container:
+        return container.get_strategy(operation, generation_config, generation_mode, exclude)
     # No parameters defined for this location
     return st.none()
 
 
-def _jsonify_leaves(value: Any) -> Any:
-    if isinstance(value, dict):
-        for key, sub_item in value.items():
-            value[key] = _jsonify_leaves(sub_item)
-    elif isinstance(value, list):
-        value = [_jsonify_leaves(sub_item) for sub_item in value]
-    elif isinstance(value, bool):
-        return "true" if value else "false"
-    elif value is None:
-        return "null"
+def jsonify_python_specific_types(value: dict[str, Any]) -> dict[str, Any]:
+    """Convert Python-specific values to their JSON equivalents."""
+    stack: list = [value]
+    while stack:
+        item = stack.pop()
+        if isinstance(item, dict):
+            for key, sub_item in item.items():
+                if isinstance(sub_item, bool):
+                    item[key] = "true" if sub_item else "false"
+                elif sub_item is None:
+                    item[key] = "null"
+                elif isinstance(sub_item, dict):
+                    stack.append(sub_item)
+                elif isinstance(sub_item, list):
+                    stack.extend(item)
+        elif isinstance(item, list):
+            stack.extend(item)
     return value
 
 
-def jsonify_python_specific_types(value: Dict[str, Any]) -> Dict[str, Any]:
-    """Convert Python-specific values to their JSON equivalents."""
-    return _jsonify_leaves(value)
+def _build_custom_formats(generation_config: GenerationConfig) -> dict[str, st.SearchStrategy]:
+    custom_formats = {**get_default_format_strategies(), **STRING_FORMATS}
+    header_values_kwargs = {}
+    if generation_config.exclude_header_characters is not None:
+        header_values_kwargs["exclude_characters"] = generation_config.exclude_header_characters
+        if not generation_config.allow_x00:
+            header_values_kwargs["exclude_characters"] += "\x00"
+    elif not generation_config.allow_x00:
+        header_values_kwargs["exclude_characters"] = DEFAULT_HEADER_EXCLUDE_CHARACTERS + "\x00"
+    if generation_config.codec is not None:
+        header_values_kwargs["codec"] = generation_config.codec
+    if header_values_kwargs:
+        custom_formats[HEADER_FORMAT] = header_values(**header_values_kwargs)
+    return custom_formats
 
 
 def make_positive_strategy(
-    schema: Dict[str, Any], operation_name: str, location: str, media_type: Optional[str]
+    schema: JsonSchema,
+    operation_name: str,
+    location: ParameterLocation,
+    media_type: str | None,
+    generation_config: GenerationConfig,
+    validator_cls: type[jsonschema.protocols.Validator],
 ) -> st.SearchStrategy:
     """Strategy for generating values that fit the schema."""
-    if is_header_location(location):
-        # We try to enforce the right header values via "format"
-        # This way, only allowed values will be used during data generation, which reduces the amount of filtering later
-        # If a property schema contains `pattern` it leads to heavy filtering and worse performance - therefore, skip it
-        for sub_schema in schema.get("properties", {}).values():
-            if list(sub_schema) == ["type"]:
-                sub_schema.setdefault("format", HEADER_FORMAT)
-    return from_schema(schema, custom_formats=STRING_FORMATS)
+    custom_formats = _build_custom_formats(generation_config)
+    return from_schema(
+        schema,
+        custom_formats=custom_formats,
+        allow_x00=generation_config.allow_x00,
+        codec=generation_config.codec,
+    )
 
 
-def _can_skip_header_filter(schema: Dict[str, Any]) -> bool:
+def _can_skip_header_filter(schema: dict[str, Any]) -> bool:
     # All headers should contain HEADER_FORMAT in order to avoid header filter
     return all(sub_schema.get("format") == HEADER_FORMAT for sub_schema in schema.get("properties", {}).values())
 
 
 def make_negative_strategy(
-    schema: Dict[str, Any], operation_name: str, location: str, media_type: Optional[str]
+    schema: JsonSchema,
+    operation_name: str,
+    location: ParameterLocation,
+    media_type: str | None,
+    generation_config: GenerationConfig,
+    validator_cls: type[jsonschema.protocols.Validator],
 ) -> st.SearchStrategy:
+    custom_formats = _build_custom_formats(generation_config)
     return negative_schema(
-        schema, operation_name=operation_name, location=location, media_type=media_type, custom_formats=STRING_FORMATS
+        schema,
+        operation_name=operation_name,
+        location=location,
+        media_type=media_type,
+        custom_formats=custom_formats,
+        generation_config=generation_config,
+        validator_cls=validator_cls,
     )
 
 
-DATA_GENERATION_METHOD_TO_STRATEGY_FACTORY = {
-    DataGenerationMethod.positive: make_positive_strategy,
-    DataGenerationMethod.negative: make_negative_strategy,
+GENERATOR_MODE_TO_STRATEGY_FACTORY = {
+    GenerationMode.POSITIVE: make_positive_strategy,
+    GenerationMode.NEGATIVE: make_negative_strategy,
 }
 
 
-def is_valid_path(parameters: Dict[str, Any]) -> bool:
-    """Empty strings ("") are excluded from path by urllib3.
-
-    A path containing to "/" or "%2F" will lead to ambiguous path resolution in
-    many frameworks and libraries, such behaviour have been observed in both
-    WSGI and ASGI applications.
-
-    In this case one variable in the path template will be empty, which will lead to 404 in most of the cases.
-    Because of it this case doesn't bring much value and might lead to false positives results of Schemathesis runs.
-    """
-    disallowed_values = (SLASH, "")
-
-    return not any(
-        (value in disallowed_values or is_illegal_surrogate(value) or isinstance(value, str) and SLASH in value)
-        for value in parameters.values()
-    )
-
-
-def quote_all(parameters: Dict[str, Any]) -> Dict[str, Any]:
+def quote_all(parameters: dict[str, Any]) -> dict[str, Any]:
     """Apply URL quotation for all values in a dictionary."""
     # Even though, "." is an unreserved character, it has a special meaning in "." and ".." strings.
     # It will change the path:
@@ -381,37 +656,23 @@ def quote_all(parameters: Dict[str, Any]) -> Dict[str, Any]:
     #   - http://localhost/foo/../ -> http://localhost/
     # Which is not desired as we need to test precisely the original path structure.
 
-    def quote(value: str) -> str:
-        quoted = quote_plus(value)
-        if quoted == ".":
-            return "%2E"
-        if quoted == "..":
-            return "%2E%2E"
-        return quoted
-
-    return {key: quote(value) if isinstance(value, str) else value for key, value in parameters.items()}
+    for key, value in parameters.items():
+        if isinstance(value, str):
+            if value == ".":
+                parameters[key] = "%2E"
+            elif value == "..":
+                parameters[key] = "%2E%2E"
+            else:
+                parameters[key] = quote_plus(value)
+    return parameters
 
 
 def apply_hooks(
     operation: APIOperation,
-    context: HookContext,
-    hooks: Optional[HookDispatcher],
+    ctx: HookContext,
+    hooks: HookDispatcher | None,
     strategy: st.SearchStrategy,
-    location: str,
-) -> st.SearchStrategy:
-    """Apply all `before_generate_` hooks related to the given location."""
-    strategy = _apply_hooks(context, GLOBAL_HOOK_DISPATCHER, strategy, location)
-    strategy = _apply_hooks(context, operation.schema.hooks, strategy, location)
-    if hooks is not None:
-        strategy = _apply_hooks(context, hooks, strategy, location)
-    return strategy
-
-
-def _apply_hooks(
-    context: HookContext, hooks: HookDispatcher, strategy: st.SearchStrategy, location: str
+    location: ParameterLocation,
 ) -> st.SearchStrategy:
-    """Apply all `before_generate_` hooks related to the given location & dispatcher."""
-    container = LOCATION_TO_CONTAINER[location]
-    for hook in hooks.get_all_by_name(f"before_generate_{container}"):
-        strategy = hook(context, strategy)
-    return strategy
+    """Apply all hooks related to the given location."""
+    return apply_to_all_dispatchers(operation, ctx, hooks, strategy, location.container_name)