schemathesis 3.19.7__py3-none-any.whl → 3.20.1__py3-none-any.whl

schemathesis/_compat.py

@@ -1,7 +1,6 @@
 import hypothesis
 import hypothesis_jsonschema._from_schema
 import jsonschema
-import werkzeug
 from hypothesis import strategies as st
 from hypothesis.errors import InvalidArgument
 from packaging import version
@@ -11,7 +10,9 @@ try:
 except ImportError:
     import importlib_metadata as metadata  # type: ignore
 
-if version.parse(werkzeug.__version__) < version.parse("2.1.0"):
+WERKZEUG_VERSION = version.parse(metadata.version("werkzeug"))
+IS_WERKZEUG_ABOVE_3 = WERKZEUG_VERSION >= version.parse("3.0")
+if WERKZEUG_VERSION < version.parse("2.1.0"):
     from werkzeug.wrappers.json import JSONMixin
 else:
 

schemathesis/_hypothesis.py

@@ -12,7 +12,7 @@ from hypothesis_jsonschema._canonicalise import HypothesisRefResolutionError
 
 from .auths import get_auth_storage_from_test
 from .constants import DEFAULT_DEADLINE, DataGenerationMethod
-from .exceptions import InvalidSchema
+from .exceptions import OperationSchemaError
 from .hooks import GLOBAL_HOOK_DISPATCHER, HookContext, HookDispatcher
 from .models import APIOperation, Case
 from .utils import GivenInput, combine_strategies
@@ -63,16 +63,19 @@ def create_test(
     setup_default_deadline(wrapped_test)
     if settings is not None:
         wrapped_test = settings(wrapped_test)
-    existing_settings = getattr(wrapped_test, "_hypothesis_internal_use_settings", None)
-    if existing_settings and Phase.explicit in existing_settings.phases:
-        wrapped_test = add_examples(wrapped_test, operation, hook_dispatcher=hook_dispatcher)
+    existing_settings = _get_hypothesis_settings(wrapped_test)
+    if existing_settings is not None:
+        existing_settings = remove_explain_phase(existing_settings)
+        wrapped_test._hypothesis_internal_use_settings = existing_settings  # type: ignore
+        if Phase.explicit in existing_settings.phases:
+            wrapped_test = add_examples(wrapped_test, operation, hook_dispatcher=hook_dispatcher)
     return wrapped_test
 
 
 def setup_default_deadline(wrapped_test: Callable) -> None:
     # Quite hacky, but it is the simplest way to set up the default deadline value without affecting non-Schemathesis
     # tests globally
-    existing_settings = getattr(wrapped_test, "_hypothesis_internal_use_settings", None)
+    existing_settings = _get_hypothesis_settings(wrapped_test)
     if existing_settings is not None and existing_settings.deadline == hypothesis.settings.default.deadline:
         with warnings.catch_warnings():
             warnings.simplefilter("ignore", HypothesisWarning)
@@ -80,6 +83,18 @@ def setup_default_deadline(wrapped_test: Callable) -> None:
         wrapped_test._hypothesis_internal_use_settings = new_settings  # type: ignore
 
 
+def remove_explain_phase(settings: hypothesis.settings) -> hypothesis.settings:
+    # The "explain" phase is not supported
+    if Phase.explain in settings.phases:
+        phases = tuple(phase for phase in settings.phases if phase != Phase.explain)
+        return hypothesis.settings(settings, phases=phases)
+    return settings
+
+
+def _get_hypothesis_settings(test: Callable) -> Optional[hypothesis.settings]:
+    return getattr(test, "_hypothesis_internal_use_settings", None)
+
+
 def make_async_test(test: Callable) -> Callable:
     def async_run(*args: Any, **kwargs: Any) -> None:
         loop = asyncio.get_event_loop()
@@ -94,7 +109,7 @@ def add_examples(test: Callable, operation: APIOperation, hook_dispatcher: Optio
     """Add examples to the Hypothesis test, if they are specified in the schema."""
     try:
         examples: List[Case] = [get_single_example(strategy) for strategy in operation.get_strategies_from_examples()]
-    except (InvalidSchema, HypothesisRefResolutionError, Unsatisfiable):
+    except (OperationSchemaError, HypothesisRefResolutionError, Unsatisfiable):
         # Invalid schema:
         # In this case, the user didn't pass `--validate-schema=false` and see an error in the output anyway,
         # and no tests will be executed. For this reason, examples can be skipped

schemathesis/_xml.py

@@ -0,0 +1,177 @@
+"""XML serialization."""
+from io import StringIO
+from typing import Any, Dict, List, Union
+from xml.etree import ElementTree
+
+from hypothesis import reject
+
+from .exceptions import UnboundPrefixError
+from .utils import fast_deepcopy
+
+Primitive = Union[str, int, float, bool, None]
+JSON = Union[Primitive, List, Dict[str, Any]]
+DEFAULT_TAG_NAME = "data"
+NAMESPACE_URL = "http://example.com/schema"
+
+
+def _to_xml(value: Any, raw_schema: Dict[str, Any], resolved_schema: Dict[str, Any]) -> Dict[str, Any]:
+    """Serialize a generated Python object as an XML string.
+
+    Schemas may contain additional information for fine-tuned XML serialization.
+
+    :param value: Generated value
+    :param raw_schema: The payload definition with not resolved references.
+    :param resolved_schema: The payload definition with all references resolved.
+    """
+    if isinstance(value, (bytes, str)):
+        return {"data": value}
+    tag = _get_xml_tag(raw_schema, resolved_schema)
+    buffer = StringIO()
+    # Collect all namespaces to ensure that all child nodes with prefixes have proper namespaces in their parent nodes
+    namespace_stack: List[str] = []
+    _write_xml(buffer, value, tag, resolved_schema, namespace_stack)
+    data = buffer.getvalue()
+    if not is_valid_xml(data):
+        reject()
+    return {"data": data.encode("utf8")}
+
+
+_from_string = ElementTree.fromstring
+
+
+def is_valid_xml(data: str) -> bool:
+    try:
+        _from_string(f"<root xmlns:smp='{NAMESPACE_URL}'>{data}</root>")
+        return True
+    except ElementTree.ParseError:
+        return False
+
+
+def _get_xml_tag(raw_schema: Dict[str, Any], resolved_schema: Dict[str, Any]) -> str:
+    # On the top level we need to detect the proper XML tag, in other cases it is known from object properties
+    if resolved_schema.get("xml", {}).get("name"):
+        return resolved_schema["xml"]["name"]
+
+    # Check if the name can be derived from a reference in the raw schema
+    if "$ref" in raw_schema:
+        return _get_tag_name_from_reference(raw_schema["$ref"])
+
+    # Here we don't have any name for the payload schema - no reference or the `xml` property
+    return DEFAULT_TAG_NAME
+
+
+def _write_xml(buffer: StringIO, value: JSON, tag: str, schema: Dict[str, Any], namespace_stack: List[str]) -> None:
+    if isinstance(value, dict):
+        _write_object(buffer, value, tag, schema, namespace_stack)
+    elif isinstance(value, list):
+        _write_array(buffer, value, tag, schema, namespace_stack)
+    else:
+        _write_primitive(buffer, value, tag, schema, namespace_stack)
+
+
+def _validate_prefix(options: Dict[str, Any], namespace_stack: List[str]) -> None:
+    try:
+        prefix = options["prefix"]
+        if prefix not in namespace_stack:
+            raise UnboundPrefixError(prefix)
+    except KeyError:
+        pass
+
+
+def push_namespace_if_any(namespace_stack: List[str], options: Dict[str, Any]) -> None:
+    if "namespace" in options and "prefix" in options:
+        namespace_stack.append(options["prefix"])
+
+
+def pop_namespace_if_any(namespace_stack: List[str], options: Dict[str, Any]) -> None:
+    if "namespace" in options and "prefix" in options:
+        namespace_stack.pop()
+
+
+def _write_object(buffer: StringIO, obj: Dict[str, JSON], tag: str, schema: Dict[str, Any], stack: List[str]) -> None:
+    options = schema.get("xml", {})
+    push_namespace_if_any(stack, options)
+    if "prefix" in options:
+        tag = f"{options['prefix']}:{tag}"
+    buffer.write(f"<{tag}")
+    if "namespace" in options:
+        _write_namespace(buffer, options)
+    attributes = []
+    children_buffer = StringIO()
+    properties = schema.get("properties", {})
+    for child_name, value in obj.items():
+        property_schema = properties.get(child_name, {})
+        child_options = property_schema.get("xml", {})
+        push_namespace_if_any(stack, child_options)
+        child_tag = child_options.get("name", child_name)
+        if child_options.get("prefix"):
+            _validate_prefix(child_options, stack)
+            prefix = child_options["prefix"]
+            child_tag = f"{prefix}:{child_tag}"
+        if child_options.get("attribute", False):
+            attributes.append(f'{child_tag}="{value}"')
+            continue
+        _write_xml(children_buffer, value, child_tag, property_schema, stack)
+        pop_namespace_if_any(stack, child_options)
+
+    if attributes:
+        buffer.write(f" {' '.join(attributes)}")
+    buffer.write(">")
+    buffer.write(children_buffer.getvalue())
+    buffer.write(f"</{tag}>")
+    pop_namespace_if_any(stack, options)
+
+
+def _write_array(buffer: StringIO, obj: List[JSON], tag: str, schema: Dict[str, Any], stack: List[str]) -> None:
+    options = schema.get("xml", {})
+    push_namespace_if_any(stack, options)
+    if options.get("prefix"):
+        tag = f"{options['prefix']}:{tag}"
+    wrapped = options.get("wrapped", False)
+    is_namespace_specified = False
+    if wrapped:
+        buffer.write(f"<{tag}")
+        if "namespace" in options:
+            is_namespace_specified = True
+            _write_namespace(buffer, options)
+        buffer.write(">")
+    # In Open API `items` value should be an object and not an array
+    items = fast_deepcopy(schema.get("items", {}))
+    child_options = items.get("xml", {})
+    child_tag = child_options.get("name", tag)
+    if not is_namespace_specified and "namespace" in options:
+        child_options.setdefault("namespace", options["namespace"])
+    if "prefix" in options:
+        child_options.setdefault("prefix", options["prefix"])
+    items["xml"] = child_options
+    _validate_prefix(child_options, stack)
+    for item in obj:
+        _write_xml(buffer, item, child_tag, items, stack)
+    if wrapped:
+        buffer.write(f"</{tag}>")
+    pop_namespace_if_any(stack, options)
+
+
+def _write_primitive(
+    buffer: StringIO, obj: Primitive, tag: str, schema: Dict[str, Any], namespace_stack: List[str]
+) -> None:
+    xml_options = schema.get("xml", {})
+    # There is no need for modifying the namespace stack, as we know that this function is terminal - it do not recurse
+    # and this element don't have any children. Therefore, checking the prefix is enough
+    _validate_prefix(xml_options, namespace_stack)
+    buffer.write(f"<{tag}")
+    if "namespace" in xml_options:
+        _write_namespace(buffer, xml_options)
+    buffer.write(f">{obj}</{tag}>")
+
+
+def _write_namespace(buffer: StringIO, options: Dict[str, Any]) -> None:
+    buffer.write(" xmlns")
+    if "prefix" in options:
+        buffer.write(f":{options['prefix']}")
+    buffer.write(f'="{options["namespace"]}"')
+
+
+def _get_tag_name_from_reference(reference: str) -> str:
+    """Extract object name from a reference."""
+    return reference.rsplit("/", maxsplit=1)[1]

schemathesis/auths.py

@@ -1,8 +1,10 @@
 """Support for custom API authentication mechanisms."""
+import inspect
 import threading
 import time
+import warnings
 from dataclasses import dataclass, field
-from typing import TYPE_CHECKING, Any, Callable, Generic, List, Optional, Type, TypeVar, Union
+from typing import TYPE_CHECKING, Any, Callable, Generic, List, Optional, Type, TypeVar, Union, overload
 
 import requests.auth
 from typing_extensions import Protocol, runtime_checkable
@@ -32,12 +34,13 @@ class AuthContext:
 
 
 @runtime_checkable
-class AuthProvider(Protocol):
+class AuthProvider(Generic[Auth], Protocol):
     """Get authentication data for an API and set it on the generated test cases."""
 
-    def get(self, context: AuthContext) -> Optional[Auth]:
+    def get(self, case: "Case", context: AuthContext) -> Optional[Auth]:
         """Get the authentication data.
 
+        :param Case case: Generated test case.
         :param AuthContext context: Holds state relevant for the authentication process.
         :return: Any authentication data you find useful for your use case. For example, it could be an access token.
         """
@@ -65,7 +68,7 @@ class RequestsAuth(Generic[Auth]):
 
     auth: requests.auth.AuthBase
 
-    def get(self, _: AuthContext) -> Optional[Auth]:
+    def get(self, _: "Case", __: AuthContext) -> Optional[Auth]:
         return self.auth  # type: ignore[return-value]
 
     def set(self, case: "Case", _: Auth, __: AuthContext) -> None:
@@ -83,7 +86,7 @@ class CachingAuthProvider(Generic[Auth]):
     timer: Callable[[], float] = time.monotonic
     _refresh_lock: threading.Lock = field(default_factory=threading.Lock)
 
-    def get(self, context: AuthContext) -> Optional[Auth]:
+    def get(self, case: "Case", context: AuthContext) -> Optional[Auth]:
         """Get cached auth value."""
         if self.cache_entry is None or self.timer() >= self.cache_entry.expires:
             with self._refresh_lock:
@@ -91,7 +94,7 @@ class CachingAuthProvider(Generic[Auth]):
                     # Another thread updated the cache
                     return self.cache_entry.data
                 # We know that optional auth is possible only inside a higher-level wrapper
-                data: Auth = self.provider.get(context)  # type: ignore[assignment]
+                data: Auth = _provider_get(self.provider, case, context)  # type: ignore[assignment]
                 self.cache_entry = CacheEntry(data=data, expires=self.timer() + self.refresh_interval)
                 return data
         return self.cache_entry.data
@@ -207,9 +210,9 @@ class SelectiveAuthProvider(Generic[Auth]):
     provider: AuthProvider
     filter_set: FilterSet
 
-    def get(self, context: AuthContext) -> Optional[Auth]:
+    def get(self, case: "Case", context: AuthContext) -> Optional[Auth]:
         if self.filter_set.match(context):
-            return self.provider.get(context)
+            return _provider_get(self.provider, case, context)
         return None
 
     def set(self, case: "Case", data: Auth, context: AuthContext) -> None:
@@ -227,6 +230,23 @@ class AuthStorage(Generic[Auth]):
         """Whether there is an auth provider set."""
         return bool(self.providers)
 
+    @overload
+    def __call__(
+        self,
+        *,
+        refresh_interval: Optional[int] = DEFAULT_REFRESH_INTERVAL,
+    ) -> FilterableRegisterAuth:
+        pass
+
+    @overload
+    def __call__(
+        self,
+        provider_class: Type[AuthProvider],
+        *,
+        refresh_interval: Optional[int] = DEFAULT_REFRESH_INTERVAL,
+    ) -> FilterableApplyAuth:
+        pass
+
     def __call__(
         self,
         provider_class: Optional[Type[AuthProvider]] = None,
@@ -281,7 +301,6 @@ class AuthStorage(Generic[Auth]):
             @schemathesis.auth()
             class TokenAuth:
                 def get(self, context):
-                    # This is a real endpoint, try it out!
                     response = requests.post(
                         "https://example.schemathesis.io/api/token/",
                         json={"username": "demo", "password": "test"},
@@ -359,12 +378,31 @@ class AuthStorage(Generic[Auth]):
         if not self.is_defined:
             raise UsageError("No auth provider is defined.")
         for provider in self.providers:
-            data: Optional[Auth] = provider.get(context)
+            data: Optional[Auth] = _provider_get(provider, case, context)
             if data is not None:
                 provider.set(case, data, context)
                 break
 
 
+def _provider_get(auth_provider: AuthProvider, case: "Case", context: AuthContext) -> Optional[Auth]:
+    # A shim to provide a compatibility layer between previously used convention for `AuthProvider.get`
+    # where it used to accept a single `context` argument
+    method = auth_provider.get
+    parameters = inspect.signature(method).parameters
+    if len(parameters) == 1:
+        # Old calling convention
+        warnings.warn(
+            "The method 'get' of your AuthProvider is using the old calling convention, "
+            "which is deprecated and will be removed in Schemathesis 4.0. "
+            "Please update it to accept both 'case' and 'context' as arguments.",
+            DeprecationWarning,
+            stacklevel=1,
+        )
+        return method(context)  # type: ignore
+    # New calling convention
+    return method(case, context)
+
+
 def set_on_case(case: "Case", context: AuthContext, auth_storage: Optional[AuthStorage]) -> None:
     """Set authentication data on this case.
 

schemathesis/cli/__init__.py

@@ -3,7 +3,9 @@ import enum
 import os
 import sys
 import traceback
+import warnings
 from collections import defaultdict
+from contextlib import suppress
 from dataclasses import dataclass
 from enum import Enum
 from queue import Queue
@@ -14,12 +16,14 @@ import click
 import hypothesis
 import requests
 import yaml
+from urllib3.exceptions import InsecureRequestWarning
 
 from .. import checks as checks_module
-from .. import contrib
+from .. import contrib, experimental
 from .. import fixups as _fixups
 from .. import runner, service
 from .. import targets as targets_module
+from ..code_samples import CodeSampleStyle
 from ..constants import (
     API_NAME_ENV_VAR,
     BASE_URL_ENV_VAR,
@@ -29,10 +33,9 @@ from ..constants import (
     HOOKS_MODULE_ENV_VAR,
     HYPOTHESIS_IN_MEMORY_DATABASE_IDENTIFIER,
     WAIT_FOR_SCHEMA_ENV_VAR,
-    CodeSampleStyle,
     DataGenerationMethod,
 )
-from ..exceptions import HTTPError, SchemaLoadingError
+from ..exceptions import SchemaError
 from ..fixups import ALL_FIXUPS
 from ..hooks import GLOBAL_HOOK_DISPATCHER, HookContext, HookDispatcher, HookScope
 from ..models import Case, CheckFunction
@@ -52,6 +55,7 @@ from .debug import DebugOutputHandler
 from .handlers import EventHandler
 from .junitxml import JunitXMLHandler
 from .options import CsvChoice, CsvEnumChoice, CustomHelpMessageChoice, NotSet, OptionalInt
+from .sanitization import SanitizationHandler
 
 try:
     from yaml import CSafeLoader as SafeLoader
@@ -85,6 +89,7 @@ DEPRECATED_PRE_RUN_OPTION_WARNING = (
     f"Use the `{HOOKS_MODULE_ENV_VAR}` environment variable instead"
 )
 CASSETTES_PATH_INVALID_USAGE_MESSAGE = "Can't use `--store-network-log` and `--cassette-path` simultaneously"
+COLOR_OPTIONS_INVALID_USAGE_MESSAGE = "Can't use `--no-color` and `--force-color` simultaneously"
 
 
 def reset_checks() -> None:
@@ -497,6 +502,13 @@ The report data, consisting of a tar gz file with multiple JSON files, is subjec
     help="Force Schemathesis to parse the input schema with the specified spec version.",
     type=click.Choice(["20", "30"]),
 )
+@click.option(
+    "--sanitize-output",
+    type=bool,
+    default=True,
+    show_default=True,
+    help="Enable or disable automatic output sanitization to obscure sensitive data.",
+)
 @click.option(
     "--contrib-unique-data",
     "contrib_unique_data",
@@ -586,6 +598,14 @@ The report data, consisting of a tar gz file with multiple JSON files, is subjec
     group=ParameterGroup.hypothesis,
 )
 @click.option("--no-color", help="Disable ANSI color escape codes.", type=bool, is_flag=True)
+@click.option("--force-color", help="Explicitly tells to enable ANSI color escape codes.", type=bool, is_flag=True)
+@click.option(
+    "--experimental",
+    help="Enable experimental support for specific features.",
+    type=click.Choice([experimental.OPEN_API_3_1.name]),
+    callback=callbacks.convert_experimental,
+    multiple=True,
+)
 @click.option(
     "--schemathesis-io-token",
     help="Schemathesis.io authentication token.",
@@ -618,6 +638,7 @@ def run(
     auth: Optional[Tuple[str, str]],
     auth_type: str,
     headers: Dict[str, str],
+    experimental: list,
     checks: Iterable[str] = DEFAULT_CHECKS_NAMES,
     exclude_checks: Iterable[str] = [],
     data_generation_methods: Tuple[DataGenerationMethod, ...] = DEFAULT_DATA_GENERATION_METHODS,
@@ -652,6 +673,7 @@ def run(
     stateful: Optional[Stateful] = None,
     stateful_recursion_limit: int = DEFAULT_STATEFUL_RECURSION_LIMIT,
     force_schema_version: Optional[str] = None,
+    sanitize_output: bool = True,
     contrib_unique_data: bool = False,
     contrib_openapi_formats_uuid: bool = False,
     hypothesis_database: Optional[str] = None,
@@ -670,6 +692,7 @@ def run(
     schemathesis_io_url: str = service.DEFAULT_URL,
     schemathesis_io_telemetry: bool = True,
     hosts_file: PathLike = service.DEFAULT_HOSTS_PATH,
+    force_color: bool = False,
 ) -> None:
     """Perform schemathesis test against an API specified by SCHEMA.
 
@@ -677,6 +700,10 @@ def run(
 
     API_NAME is an API identifier to upload data to Schemathesis.io.
     """
+    # Enable selected experiments
+    for experiment in experimental:
+        experiment.enable()
+
     report: Optional[Union[ReportToService, click.utils.LazyFile]]
     if report_value is None:
         report = None
@@ -685,7 +712,12 @@ def run(
     else:
         report = REPORT_TO_SERVICE
     started_at = current_datetime()
-    maybe_disable_color(ctx, no_color)
+
+    if no_color and force_color:
+        error_message(COLOR_OPTIONS_INVALID_USAGE_MESSAGE)
+        sys.exit(1)
+    decide_color_output(ctx, no_color, force_color)
+
     check_auth(auth, headers)
     selected_targets = tuple(target for target in targets_module.ALL_TARGETS if target.__name__ in targets)
 
@@ -806,6 +838,7 @@ def run(
         workers_num=workers_num,
         rate_limit=rate_limit,
         show_errors_tracebacks=show_errors_tracebacks,
+        wait_for_schema=wait_for_schema,
         validate_schema=validate_schema,
         cassette_path=cassette_path,
         cassette_preserve_exact_body_bytes=cassette_preserve_exact_body_bytes,
@@ -814,6 +847,7 @@ def run(
         code_sample_style=code_sample_style,
         data_generation_methods=data_generation_methods,
         debug_output_file=debug_output_file,
+        sanitize_output=sanitize_output,
         host_data=host_data,
         client=client,
         report=report,
@@ -944,8 +978,10 @@ def into_event_stream(
             stateful_recursion_limit=stateful_recursion_limit,
             hypothesis_settings=hypothesis_settings,
         ).execute()
+    except SchemaError as error:
+        yield events.InternalError.from_schema_error(error)
     except Exception as exc:
-        yield events.InternalError.from_exc(exc, wait_for_schema)
+        yield events.InternalError.from_exc(exc)
 
 
 def load_schema(config: LoaderConfig) -> BaseSchema:
@@ -961,17 +997,24 @@ def load_schema(config: LoaderConfig) -> BaseSchema:
     return _try_load_schema(config, first, second)
 
 
+def should_try_more(exc: SchemaError) -> bool:
+    # We should not try other loaders for cases when we can't even establish connection
+    return not isinstance(exc.__cause__, requests.exceptions.ConnectionError)
+
+
 def _try_load_schema(
     config: LoaderConfig, first: Callable[[LoaderConfig], BaseSchema], second: Callable[[LoaderConfig], BaseSchema]
 ) -> BaseSchema:
-    try:
-        return first(config)
-    except (HTTPError, SchemaLoadingError) as exc:
+    with warnings.catch_warnings():
+        warnings.simplefilter("ignore", InsecureRequestWarning)
         try:
-            return second(config)
-        except (HTTPError, SchemaLoadingError):
-            # Raise the first loader's error
-            raise exc from None
+            return first(config)
+        except SchemaError as exc:
+            if should_try_more(exc):
+                with suppress(Exception):
+                    return second(config)
+            # Re-raise the original error
+            raise exc
 
 
 def _load_graphql_schema(config: LoaderConfig) -> GraphQLSchema:
@@ -1095,6 +1138,7 @@ def execute(
     workers_num: int,
     rate_limit: Optional[str],
     show_errors_tracebacks: bool,
+    wait_for_schema: Optional[float],
     validate_schema: bool,
     cassette_path: Optional[click.utils.LazyFile],
     cassette_preserve_exact_body_bytes: bool,
@@ -1103,6 +1147,7 @@ def execute(
     code_sample_style: CodeSampleStyle,
     data_generation_methods: Tuple[DataGenerationMethod, ...],
     debug_output_file: Optional[click.utils.LazyFile],
+    sanitize_output: bool,
     host_data: service.hosts.HostData,
     client: Optional[service.ServiceClient],
     report: Optional[Union[ReportToService, click.utils.LazyFile]],
@@ -1156,11 +1201,14 @@ def execute(
             cassettes.CassetteWriter(cassette_path, preserve_exact_body_bytes=cassette_preserve_exact_body_bytes)
         )
     handlers.append(get_output_handler(workers_num))
+    if sanitize_output:
+        handlers.insert(0, SanitizationHandler())
     execution_context = ExecutionContext(
         hypothesis_settings=hypothesis_settings,
         workers_num=workers_num,
         rate_limit=rate_limit,
         show_errors_tracebacks=show_errors_tracebacks,
+        wait_for_schema=wait_for_schema,
         validate_schema=validate_schema,
         cassette_path=cassette_path.name if cassette_path is not None else None,
         junit_xml_file=junit_xml.name if junit_xml is not None else None,
@@ -1195,9 +1243,10 @@ def execute(
 
 
 def handle_service_error(exc: requests.HTTPError, api_name: str) -> NoReturn:
-    if exc.response.status_code == 403:
-        error_message(exc.response.json()["detail"])
-    elif exc.response.status_code == 404:
+    response = cast(requests.Response, exc.response)
+    if response.status_code == 403:
+        error_message(response.json()["detail"])
+    elif response.status_code == 404:
         error_message(f"API with name `{api_name}` not found!")
     else:
         output.default.display_service_error(service.Error(exc))
@@ -1221,6 +1270,7 @@ def get_exit_code(event: events.ExecutionEvent) -> int:
 @click.option("--uri", help="A regexp that filters interactions by their request URI.", type=str)
 @click.option("--method", help="A regexp that filters interactions by their request method.", type=str)
 @click.option("--no-color", help="Disable ANSI color escape codes.", type=bool, is_flag=True)
+@click.option("--force-color", help="Explicitly tells to enable ANSI color escape codes.", type=bool, is_flag=True)
 @click.option("--verbosity", "-v", help="Increase verbosity of the output.", count=True)
 @with_request_tls_verify
 @with_request_cert
@@ -1238,13 +1288,18 @@ def replay(
     request_tls_verify: bool = True,
     request_cert: Optional[str] = None,
     request_cert_key: Optional[str] = None,
+    force_color: bool = False,
 ) -> None:
     """Replay a cassette.
 
     Cassettes in VCR-compatible format can be replayed.
     For example, ones that are recorded with ``store-network-log`` option of `st run` command.
     """
-    maybe_disable_color(ctx, no_color)
+    if no_color and force_color:
+        error_message(COLOR_OPTIONS_INVALID_USAGE_MESSAGE)
+        sys.exit(1)
+    decide_color_output(ctx, no_color, force_color)
+
     click.secho(f"{bold('Replaying cassette')}: {cassette_path}")
     with open(cassette_path, "rb") as fd:
         cassette = yaml.load(fd, Loader=SafeLoader)
@@ -1313,7 +1368,8 @@ def login(token: str, hostname: str, hosts_file: str, protocol: str, request_tls
         service.hosts.store(token, hostname, hosts_file)
         success_message(f"Logged in into {hostname} as " + bold(username))
     except requests.HTTPError as exc:
-        detail = exc.response.json()["detail"]
+        response = cast(requests.Response, exc.response)
+        detail = response.json()["detail"]
         error_message(f"Failed to login into {hostname}: " + bold(detail))
         sys.exit(1)
 
@@ -1358,8 +1414,10 @@ def bold(message: str) -> str:
     return click.style(message, bold=True)
 
 
-def maybe_disable_color(ctx: click.Context, no_color: bool) -> None:
-    if no_color or "NO_COLOR" in os.environ:
+def decide_color_output(ctx: click.Context, no_color: bool, force_color: bool) -> None:
+    if force_color:
+        ctx.color = True
+    elif no_color or "NO_COLOR" in os.environ:
         ctx.color = False