schemathesis 3.29.2__py3-none-any.whl → 3.30.1__py3-none-any.whl

schemathesis/specs/openapi/checks.py

@@ -1,4 +1,6 @@
 from __future__ import annotations
+
+from dataclasses import dataclass
 from typing import TYPE_CHECKING, Any, Generator, NoReturn
 
 from ... import failures
@@ -6,15 +8,17 @@ from ...exceptions import (
     get_headers_error,
     get_malformed_media_type_error,
     get_missing_content_type_error,
+    get_negative_rejection_error,
     get_response_type_error,
     get_status_code_error,
+    get_use_after_free_error,
 )
 from ...transports.content_types import parse_content_type
 from .utils import expand_status_code
 
 if TYPE_CHECKING:
-    from ...transports.responses import GenericResponse
     from ...models import Case
+    from ...transports.responses import GenericResponse
 
 
 def status_code_conformance(response: GenericResponse, case: Case) -> bool | None:
@@ -30,7 +34,7 @@ def status_code_conformance(response: GenericResponse, case: Case) -> bool | Non
     if response.status_code not in allowed_status_codes:
         defined_status_codes = list(map(str, responses))
         responses_list = ", ".join(defined_status_codes)
-        exc_class = get_status_code_error(response.status_code)
+        exc_class = get_status_code_error(case.operation.verbose_name, response.status_code)
         raise exc_class(
             failures.UndefinedStatusCode.title,
             context=failures.UndefinedStatusCode(
@@ -59,7 +63,7 @@ def content_type_conformance(response: GenericResponse, case: Case) -> bool | No
     content_type = response.headers.get("Content-Type")
     if not content_type:
         formatted_content_types = [f"\n- `{content_type}`" for content_type in documented_content_types]
-        raise get_missing_content_type_error()(
+        raise get_missing_content_type_error(case.operation.verbose_name)(
             failures.MissingContentType.title,
             context=failures.MissingContentType(
                 message=f"The following media types are documented in the schema:{''.join(formatted_content_types)}",
@@ -70,14 +74,16 @@ def content_type_conformance(response: GenericResponse, case: Case) -> bool | No
         try:
             expected_main, expected_sub = parse_content_type(option)
         except ValueError as exc:
-            _reraise_malformed_media_type(exc, "Schema", option, option)
+            _reraise_malformed_media_type(case, exc, "Schema", option, option)
         try:
             received_main, received_sub = parse_content_type(content_type)
         except ValueError as exc:
-            _reraise_malformed_media_type(exc, "Response", content_type, option)
+            _reraise_malformed_media_type(case, exc, "Response", content_type, option)
         if (expected_main, expected_sub) == (received_main, received_sub):
             return None
-    exc_class = get_response_type_error(f"{expected_main}_{expected_sub}", f"{received_main}_{received_sub}")
+    exc_class = get_response_type_error(
+        case.operation.verbose_name, f"{expected_main}_{expected_sub}", f"{received_main}_{received_sub}"
+    )
     raise exc_class(
         failures.UndefinedContentType.title,
         context=failures.UndefinedContentType(
@@ -88,9 +94,9 @@ def content_type_conformance(response: GenericResponse, case: Case) -> bool | No
     )
 
 
-def _reraise_malformed_media_type(exc: ValueError, location: str, actual: str, defined: str) -> NoReturn:
+def _reraise_malformed_media_type(case: Case, exc: ValueError, location: str, actual: str, defined: str) -> NoReturn:
     message = f"Media type for {location} is incorrect\n\nReceived: {actual}\nDocumented: {defined}"
-    raise get_malformed_media_type_error(message)(
+    raise get_malformed_media_type_error(case.operation.verbose_name, message)(
         failures.MalformedMediaType.title,
         context=failures.MalformedMediaType(message=message, actual=actual, defined=defined),
     ) from exc
@@ -114,7 +120,7 @@ def response_headers_conformance(response: GenericResponse, case: Case) -> bool
         return None
     formatted_headers = [f"\n- `{header}`" for header in missing_headers]
     message = f"The following required headers are missing from the response:{''.join(formatted_headers)}"
-    exc_class = get_headers_error(message)
+    exc_class = get_headers_error(case.operation.verbose_name, message)
     raise exc_class(
         failures.MissingHeaders.title,
         context=failures.MissingHeaders(message=message, missing_headers=missing_headers),
@@ -127,3 +133,90 @@ def response_schema_conformance(response: GenericResponse, case: Case) -> bool |
     if not isinstance(case.operation.schema, BaseOpenAPISchema):
         return True
     return case.operation.validate_response(response)
+
+
+def negative_data_rejection(response: GenericResponse, case: Case) -> bool | None:
+    from .schemas import BaseOpenAPISchema
+
+    if not isinstance(case.operation.schema, BaseOpenAPISchema):
+        return True
+    if case.data_generation_method and case.data_generation_method.is_negative and 200 <= response.status_code < 300:
+        exc_class = get_negative_rejection_error(case.operation.verbose_name, response.status_code)
+        raise exc_class(
+            failures.AcceptedNegativeData.title,
+            context=failures.AcceptedNegativeData(message="Negative data was not rejected as expected by the API"),
+        )
+    return None
+
+
+def use_after_free(response: GenericResponse, original: Case) -> bool | None:
+    from ...transports.responses import get_reason
+    from .schemas import BaseOpenAPISchema
+
+    if not isinstance(original.operation.schema, BaseOpenAPISchema):
+        return True
+    if response.status_code == 404 or not original.source:
+        return None
+    response = original.source.response
+    case = original.source.case
+    while True:
+        # Find the most recent successful DELETE call that corresponds to the current operation
+        if case.operation.method.lower() == "delete" and 200 <= response.status_code < 300:
+            if _is_prefix_operation(
+                ResourcePath(case.path, case.path_parameters or {}),
+                ResourcePath(original.path, original.path_parameters or {}),
+            ):
+                free = f"{case.operation.method.upper()} {case.formatted_path}"
+                usage = f"{original.operation.method} {original.formatted_path}"
+                exc_class = get_use_after_free_error(case.operation.verbose_name)
+                reason = get_reason(response.status_code)
+                message = (
+                    "The API did not return a `HTTP 404 Not Found` response "
+                    f"(got `HTTP {response.status_code} {reason}`) for a resource that was previously deleted.\n\nThe resource was deleted with `{free}`"
+                )
+                raise exc_class(
+                    failures.UseAfterFree.title,
+                    context=failures.UseAfterFree(
+                        message=message,
+                        free=free,
+                        usage=usage,
+                    ),
+                )
+        if case.source is None:
+            break
+        response = case.source.response
+        case = case.source.case
+    return None
+
+
+@dataclass
+class ResourcePath:
+    """A path to a resource with variables."""
+
+    value: str
+    variables: dict[str, str]
+
+    __slots__ = ("value", "variables")
+
+    def get(self, key: str) -> str:
+        return self.variables[key.lstrip("{").rstrip("}")]
+
+
+def _is_prefix_operation(lhs: ResourcePath, rhs: ResourcePath) -> bool:
+    lhs_parts = lhs.value.rstrip("/").split("/")
+    rhs_parts = rhs.value.rstrip("/").split("/")
+
+    # Left has more parts, can't be a prefix
+    if len(lhs_parts) > len(rhs_parts):
+        return False
+
+    for left, right in zip(lhs_parts, rhs_parts):
+        if left.startswith("{") and right.startswith("{"):
+            if str(lhs.get(left)) != str(rhs.get(right)):
+                return False
+        elif left != right and left.rstrip("s") != right.rstrip("s"):
+            # Parts don't match, not a prefix
+            return False
+
+    # If we've reached this point, the LHS path is a prefix of the RHS path
+    return True

schemathesis/specs/openapi/converter.py

@@ -1,9 +1,10 @@
 from __future__ import annotations
+
 from itertools import chain
 from typing import Any, Callable
 
-from ...internal.jsonschema import traverse_schema
 from ...internal.copy import fast_deepcopy
+from ...internal.jsonschema import traverse_schema
 
 
 def to_json_schema(

schemathesis/specs/openapi/definitions.py

@@ -1,6 +1,7 @@
 # These schemas are copied from https://github.com/OAI/OpenAPI-Specification/tree/master/schemas
 from __future__ import annotations
-from typing import Any, TYPE_CHECKING
+
+from typing import TYPE_CHECKING, Any
 
 from ..._lazy_import import lazy_import
 

schemathesis/specs/openapi/examples.py

@@ -10,15 +10,14 @@ import requests
 from hypothesis.strategies import SearchStrategy
 from hypothesis_jsonschema import from_schema
 
+from ..._hypothesis import get_single_example
 from ...constants import DEFAULT_RESPONSE_TIMEOUT
 from ...models import APIOperation, Case
-from ..._hypothesis import get_single_example
 from ._hypothesis import get_case_strategy, get_default_format_strategies
-from .formats import STRING_FORMATS
 from .constants import LOCATION_TO_CONTAINER
+from .formats import STRING_FORMATS
 from .parameters import OpenAPIBody, OpenAPIParameter
 
-
 if TYPE_CHECKING:
     from ...generation import GenerationConfig
 
@@ -43,9 +42,7 @@ class BodyExample:
 Example = Union[ParameterExample, BodyExample]
 
 
-def get_strategies_from_examples(
-    operation: APIOperation[OpenAPIParameter, Case], examples_field: str = "examples"
-) -> list[SearchStrategy[Case]]:
+def get_strategies_from_examples(operation: APIOperation[OpenAPIParameter, Case]) -> list[SearchStrategy[Case]]:
     """Build a set of strategies that generate test cases based on explicit examples in the schema."""
     maps = {}
     for location, container in LOCATION_TO_CONTAINER.items():
@@ -183,7 +180,7 @@ def extract_inner_examples(
 ) -> Generator[Any, None, None]:
     """Extract exact examples values from the `examples` dictionary."""
     for name, example in examples.items():
-        if "$ref" in unresolved_definition[name]:
+        if "$ref" in unresolved_definition[name] and "value" not in example and "externalValue" not in example:
             # The example here is a resolved example and should be yielded as is
             yield example
         if isinstance(example, dict):
@@ -214,8 +211,9 @@ def extract_from_schemas(operation: APIOperation[OpenAPIParameter, Case]) -> Gen
     for alternative in operation.body:
         alternative = cast(OpenAPIBody, alternative)
         schema = alternative.as_json_schema(operation)
-        for value in extract_from_schema(operation, schema, alternative.example_field, alternative.examples_field):
-            yield BodyExample(value=value, media_type=alternative.media_type)
+        for example_field, examples_field in (("example", "examples"), ("x-example", "x-examples")):
+            for value in extract_from_schema(operation, schema, example_field, examples_field):
+                yield BodyExample(value=value, media_type=alternative.media_type)
 
 
 def extract_from_schema(

schemathesis/specs/openapi/expressions/__init__.py

@@ -3,14 +3,19 @@
 https://swagger.io/docs/specification/links/#runtime-expressions
 """
 
+from __future__ import annotations
+
+import json
 from typing import Any
 
 from . import lexer, nodes, parser
 from .context import ExpressionContext
 
 
-def evaluate(expr: Any, context: ExpressionContext) -> str:
+def evaluate(expr: Any, context: ExpressionContext, evaluate_nested: bool = False) -> Any:
     """Evaluate runtime expression in context."""
+    if isinstance(expr, (dict, list)) and evaluate_nested:
+        return _evaluate_nested(expr, context)
     if not isinstance(expr, str):
         # Can be a non-string constant
         return expr
@@ -18,4 +23,26 @@ def evaluate(expr: Any, context: ExpressionContext) -> str:
     if len(parts) == 1:
         return parts[0]  # keep the return type the same as the internal value type
     # otherwise, concatenate into a string
-    return "".join(map(str, parts))
+    return "".join(str(part) for part in parts if part is not None)
+
+
+def _evaluate_nested(expr: dict[str, Any] | list, context: ExpressionContext) -> Any:
+    if isinstance(expr, dict):
+        return {
+            _evaluate_object_key(key, context): evaluate(value, context, evaluate_nested=True)
+            for key, value in expr.items()
+        }
+    return [evaluate(item, context, evaluate_nested=True) for item in expr]
+
+
+def _evaluate_object_key(key: str, context: ExpressionContext) -> Any:
+    evaluated = evaluate(key, context)
+    if isinstance(evaluated, str):
+        return evaluated
+    if isinstance(evaluated, bool):
+        return "true" if evaluated else "false"
+    if isinstance(evaluated, (int, float)):
+        return str(evaluated)
+    if evaluated is None:
+        return "null"
+    return json.dumps(evaluated)

schemathesis/specs/openapi/expressions/context.py

@@ -1,8 +1,8 @@
 from __future__ import annotations
+
 from dataclasses import dataclass
 from typing import TYPE_CHECKING
 
-
 if TYPE_CHECKING:
     from ....models import Case
     from ....transports.responses import GenericResponse

schemathesis/specs/openapi/expressions/extractors.py

@@ -0,0 +1,23 @@
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass
+
+
+@dataclass
+class Extractor:
+    def extract(self, value: str) -> str | None:
+        raise NotImplementedError
+
+
+@dataclass
+class RegexExtractor(Extractor):
+    """Extract value via a regex."""
+
+    value: re.Pattern
+
+    def extract(self, value: str) -> str | None:
+        match = self.value.search(value)
+        if match is None:
+            return None
+        return match.group(1)

schemathesis/specs/openapi/expressions/lexer.py

@@ -20,33 +20,34 @@ class Token:
     """Lexical token that may occur in a runtime expression."""
 
     value: str
+    end: int
     type_: TokenType
 
     # Helpers for cleaner instantiation
 
     @classmethod
-    def variable(cls, value: str) -> "Token":
-        return cls(value, TokenType.VARIABLE)
+    def variable(cls, value: str, end: int) -> "Token":
+        return cls(value, end, TokenType.VARIABLE)
 
     @classmethod
-    def string(cls, value: str) -> "Token":
-        return cls(value, TokenType.STRING)
+    def string(cls, value: str, end: int) -> "Token":
+        return cls(value, end, TokenType.STRING)
 
     @classmethod
-    def pointer(cls, value: str) -> "Token":
-        return cls(value, TokenType.POINTER)
+    def pointer(cls, value: str, end: int) -> "Token":
+        return cls(value, end, TokenType.POINTER)
 
     @classmethod
-    def lbracket(cls) -> "Token":
-        return cls("{", TokenType.LBRACKET)
+    def lbracket(cls, end: int) -> "Token":
+        return cls("{", end, TokenType.LBRACKET)
 
     @classmethod
-    def rbracket(cls) -> "Token":
-        return cls("}", TokenType.RBRACKET)
+    def rbracket(cls, end: int) -> "Token":
+        return cls("}", end, TokenType.RBRACKET)
 
     @classmethod
-    def dot(cls) -> "Token":
-        return cls(".", TokenType.DOT)
+    def dot(cls, end: int) -> "Token":
+        return cls(".", end, TokenType.DOT)
 
     # Helpers for simpler type comparison
 
@@ -103,15 +104,15 @@ def tokenize(expression: str) -> TokenGenerator:
         if current_symbol() == "$":
             start = cursor
             move_until(lambda: is_eol() or current_symbol() in stop_symbols)
-            yield Token.variable(expression[start:cursor])
+            yield Token.variable(expression[start:cursor], cursor - 1)
         elif current_symbol() == ".":
-            yield Token.dot()
+            yield Token.dot(cursor)
             move()
         elif current_symbol() == "{":
-            yield Token.lbracket()
+            yield Token.lbracket(cursor)
             move()
         elif current_symbol() == "}":
-            yield Token.rbracket()
+            yield Token.rbracket(cursor)
             move()
         elif current_symbol() == "#":
             start = cursor
@@ -126,8 +127,8 @@ def tokenize(expression: str) -> TokenGenerator:
             # `ID_{$response.body#/foo}_{$response.body#/bar}`
             # Which is much easier if we treat `}` as a closing bracket of an embedded runtime expression
             move_until(lambda: is_eol() or current_symbol() == "}")
-            yield Token.pointer(expression[start:cursor])
+            yield Token.pointer(expression[start:cursor], cursor - 1)
         else:
             start = cursor
             move_until(lambda: is_eol() or current_symbol() in stop_symbols)
-            yield Token.string(expression[start:cursor])
+            yield Token.string(expression[start:cursor], cursor - 1)

schemathesis/specs/openapi/expressions/nodes.py

@@ -1,6 +1,7 @@
 """Expression nodes description and evaluation logic."""
 
 from __future__ import annotations
+
 from dataclasses import dataclass
 from enum import Enum, unique
 from typing import Any
@@ -9,6 +10,7 @@ from requests.structures import CaseInsensitiveDict
 
 from .. import references
 from .context import ExpressionContext
+from .extractors import Extractor
 
 
 @dataclass
@@ -74,6 +76,7 @@ class NonBodyRequest(Node):
 
     location: str
     parameter: str
+    extractor: Extractor | None = None
 
     def evaluate(self, context: ExpressionContext) -> str:
         container: dict | CaseInsensitiveDict = {
@@ -83,7 +86,12 @@ class NonBodyRequest(Node):
         }[self.location] or {}
         if self.location == "header":
             container = CaseInsensitiveDict(container)
-        return container[self.parameter]
+        value = container.get(self.parameter)
+        if value is None:
+            return ""
+        if self.extractor is not None:
+            return self.extractor.extract(value) or ""
+        return value
 
 
 @dataclass
@@ -96,7 +104,10 @@ class BodyRequest(Node):
         document = context.case.body
         if self.pointer is None:
             return document
-        return references.resolve_pointer(document, self.pointer[1:])
+        resolved = references.resolve_pointer(document, self.pointer[1:])
+        if resolved is references.UNRESOLVABLE:
+            return None
+        return resolved
 
 
 @dataclass
@@ -104,9 +115,15 @@ class HeaderResponse(Node):
     """A node for `$response.header` expressions."""
 
     parameter: str
+    extractor: Extractor | None = None
 
     def evaluate(self, context: ExpressionContext) -> str:
-        return context.response.headers[self.parameter]
+        value = context.response.headers.get(self.parameter)
+        if value is None:
+            return ""
+        if self.extractor is not None:
+            return self.extractor.extract(value) or ""
+        return value
 
 
 @dataclass
@@ -125,4 +142,7 @@ class BodyResponse(Node):
         if self.pointer is None:
             # We need the parsed document - data will be serialized before sending to the application
             return document
-        return references.resolve_pointer(document, self.pointer[1:])
+        resolved = references.resolve_pointer(document, self.pointer[1:])
+        if resolved is references.UNRESOLVABLE:
+            return None
+        return resolved

schemathesis/specs/openapi/expressions/parser.py

@@ -1,8 +1,10 @@
 from __future__ import annotations
+
+import re
 from functools import lru_cache
 from typing import Generator
 
-from . import lexer, nodes
+from . import extractors, lexer, nodes
 from .errors import RuntimeExpressionError, UnknownToken
 
 
@@ -53,7 +55,8 @@ def _parse_request(tokens: lexer.TokenGenerator, expr: str) -> nodes.BodyRequest
     if location.value in ("query", "path", "header"):
         skip_dot(tokens, f"$request.{location.value}")
         parameter = take_string(tokens, expr)
-        return nodes.NonBodyRequest(location.value, parameter)
+        extractor = take_extractor(tokens, expr, parameter.end)
+        return nodes.NonBodyRequest(location.value, parameter.value, extractor)
     if location.value == "body":
         try:
             token = next(tokens)
@@ -70,7 +73,8 @@ def _parse_response(tokens: lexer.TokenGenerator, expr: str) -> nodes.HeaderResp
     if location.value == "header":
         skip_dot(tokens, f"$response.{location.value}")
         parameter = take_string(tokens, expr)
-        return nodes.HeaderResponse(parameter)
+        extractor = take_extractor(tokens, expr, parameter.end)
+        return nodes.HeaderResponse(parameter.value, extractor=extractor)
     if location.value == "body":
         try:
             token = next(tokens)
@@ -87,8 +91,25 @@ def skip_dot(tokens: lexer.TokenGenerator, name: str) -> None:
         raise RuntimeExpressionError(f"`{name}` expression should be followed by a dot (`.`). Got: {token.value}")
 
 
-def take_string(tokens: lexer.TokenGenerator, expr: str) -> str:
+def take_string(tokens: lexer.TokenGenerator, expr: str) -> lexer.Token:
     parameter = next(tokens)
     if not parameter.is_string:
         raise RuntimeExpressionError(f"Invalid expression: {expr}")
-    return parameter.value
+    return parameter
+
+
+def take_extractor(tokens: lexer.TokenGenerator, expr: str, current_end: int) -> extractors.Extractor | None:
+    rest = expr[current_end + 1 :]
+    if not rest or rest.startswith("}"):
+        return None
+    extractor = next(tokens)
+    if not extractor.value.startswith("#regex:"):
+        raise RuntimeExpressionError(f"Invalid extractor: {expr}")
+    pattern = extractor.value[len("#regex:") :]
+    try:
+        compiled = re.compile(pattern)
+    except re.error as exc:
+        raise RuntimeExpressionError(f"Invalid regex extractor: {exc}") from None
+    if compiled.groups != 1:
+        raise RuntimeExpressionError("Regex extractor should have exactly one capturing group")
+    return extractors.RegexExtractor(compiled)

schemathesis/specs/openapi/filters.py

@@ -1,4 +1,5 @@
 from __future__ import annotations
+
 import re
 
 from ...types import Filter

schemathesis/specs/openapi/links.py

@@ -7,7 +7,7 @@ from __future__ import annotations
 
 from dataclasses import dataclass, field
 from difflib import get_close_matches
-from typing import TYPE_CHECKING, Any, Generator, NoReturn, Sequence, Union
+from typing import TYPE_CHECKING, Any, Generator, NoReturn, Sequence, TypedDict, Union
 
 from jsonschema import RefResolver
 
@@ -21,7 +21,7 @@ from ...types import NotSet
 from . import expressions
 from .constants import LOCATION_TO_CONTAINER
 from .parameters import OpenAPI20Body, OpenAPI30Body, OpenAPIParameter
-from .references import Unresolvable, RECURSION_DEPTH_LIMIT
+from .references import RECURSION_DEPTH_LIMIT, Unresolvable
 
 if TYPE_CHECKING:
     from ...transports.responses import GenericResponse
@@ -32,6 +32,7 @@ class Link(StatefulTest):
     operation: APIOperation
     parameters: dict[str, Any]
     request_body: Any = NOT_SET
+    merge_body: bool = True
 
     def __post_init__(self) -> None:
         if self.request_body is not NOT_SET and not self.operation.body:
@@ -51,6 +52,7 @@ class Link(StatefulTest):
             operation = source_operation.schema.get_operation_by_id(definition["operationId"])  # type: ignore
         else:
             operation = source_operation.schema.get_operation_by_reference(definition["operationRef"])  # type: ignore
+        extension = definition.get(SCHEMATHESIS_LINK_EXTENSION)
         return cls(
             # Pylint can't detect that the API operation is always defined at this point
             # E.g. if there is no matching operation or no operations at all, then a ValueError will be risen
@@ -58,6 +60,7 @@ class Link(StatefulTest):
             operation=operation,
             parameters=definition.get("parameters", {}),
             request_body=definition.get("requestBody", NOT_SET),  # `None` might be a valid value - `null`
+            merge_body=extension.get("merge_body", True) if extension is not None else True,
         )
 
     def parse(self, case: Case, response: GenericResponse) -> ParsedData:
@@ -69,10 +72,9 @@ class Link(StatefulTest):
             if isinstance(evaluated, Unresolvable):
                 raise UnresolvableLink(f"Unresolvable reference in the link: {expression}")
             parameters[parameter] = evaluated
-        # https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.3.md#link-object
-        # > A literal value or {expression} to use as a request body when calling the target operation.
-        # In this case all literals will be passed as is, and expressions will be evaluated
-        body = expressions.evaluate(self.request_body, context)
+        body = expressions.evaluate(self.request_body, context, evaluate_nested=True)
+        if self.merge_body:
+            body = merge_body(case.body, body)
         return ParsedData(parameters=parameters, body=body)
 
     def make_operation(self, collected: list[ParsedData]) -> APIOperation:
@@ -170,6 +172,13 @@ def get_links(response: GenericResponse, operation: APIOperation, field: str) ->
     return [Link.from_definition(name, definition, operation) for name, definition in links.items()]
 
 
+SCHEMATHESIS_LINK_EXTENSION = "x-schemathesis"
+
+
+class SchemathesisLink(TypedDict):
+    merge_body: bool
+
+
 @dataclass(repr=False)
 class OpenAPILink(Direction):
     """Alternative approach to link processing.
@@ -183,13 +192,22 @@ class OpenAPILink(Direction):
     operation: APIOperation
     parameters: list[tuple[str | None, str, str]] = field(init=False)
     body: dict[str, Any] | NotSet = field(init=False)
+    merge_body: bool = True
+
+    def __repr__(self) -> str:
+        path = self.operation.path
+        method = self.operation.method
+        return f"state.schema['{path}']['{method}'].links['{self.status_code}']['{self.name}']"
 
     def __post_init__(self) -> None:
+        extension = self.definition.get(SCHEMATHESIS_LINK_EXTENSION)
         self.parameters = [
             normalize_parameter(parameter, expression)
             for parameter, expression in self.definition.get("parameters", {}).items()
         ]
         self.body = self.definition.get("requestBody", NOT_SET)
+        if extension is not None:
+            self.merge_body = extension.get("merge_body", True)
 
     def set_data(self, case: Case, elapsed: float, **kwargs: Any) -> None:
         """Assign all linked definitions to the new case instance."""
@@ -215,7 +233,11 @@ class OpenAPILink(Direction):
 
     def set_body(self, case: Case, context: expressions.ExpressionContext) -> None:
         if self.body is not NOT_SET:
-            case.body = expressions.evaluate(self.body, context)
+            evaluated = expressions.evaluate(self.body, context, evaluate_nested=True)
+            if self.merge_body:
+                case.body = merge_body(case.body, evaluated)
+            else:
+                case.body = evaluated
 
     def get_target_operation(self) -> APIOperation:
         if "operationId" in self.definition:
@@ -223,6 +245,12 @@ class OpenAPILink(Direction):
         return self.operation.schema.get_operation_by_reference(self.definition["operationRef"])  # type: ignore
 
 
+def merge_body(old: Any, new: Any) -> Any:
+    if isinstance(old, dict) and isinstance(new, dict):
+        return {**old, **new}
+    return new
+
+
 def get_container(case: Case, location: str | None, name: str) -> dict[str, Any] | None:
     """Get a container that suppose to store the given parameter."""
     if location: