schemathesis 3.31.0__py3-none-any.whl → 3.31.1__py3-none-any.whl

schemathesis/models.py

@@ -119,6 +119,19 @@ def prepare_request_data(kwargs: dict[str, Any]) -> PreparedRequestData:
     )
 
 
+@dataclass
+class GenerationMetadata:
+    """Stores various information about how data is generated."""
+
+    query: DataGenerationMethod | None
+    path_parameters: DataGenerationMethod | None
+    headers: DataGenerationMethod | None
+    cookies: DataGenerationMethod | None
+    body: DataGenerationMethod | None
+
+    __slots__ = ("query", "path_parameters", "headers", "cookies", "body")
+
+
 @dataclass(repr=False)
 class Case:
     """A single test case parameters."""
@@ -139,6 +152,8 @@ class Case:
     media_type: str | None = None
     source: CaseSource | None = None
 
+    meta: GenerationMetadata | None = None
+
     # The way the case was generated (None for manually crafted ones)
     data_generation_method: DataGenerationMethod | None = None
     _auth: requests.auth.AuthBase | None = None

schemathesis/specs/openapi/_hypothesis.py

@@ -25,7 +25,7 @@ from ...generation import DataGenerationMethod, GenerationConfig
 from ...hooks import HookContext, HookDispatcher, apply_to_all_dispatchers
 from ...internal.copy import fast_deepcopy
 from ...internal.validation import is_illegal_surrogate
-from ...models import APIOperation, Case, cant_serialize
+from ...models import APIOperation, Case, GenerationMetadata, cant_serialize
 from ...serializers import Binary
 from ...transports.content_types import parse_content_type
 from ...transports.headers import has_invalid_characters, is_latin_1_encodable
@@ -36,7 +36,7 @@ from .formats import STRING_FORMATS
 from .media_types import MEDIA_TYPES
 from .negative import negative_schema
 from .negative.utils import can_negate
-from .parameters import OpenAPIBody, parameters_to_json_schema
+from .parameters import OpenAPIBody, OpenAPIParameter, parameters_to_json_schema
 from .utils import is_header_location
 
 HEADER_FORMAT = "_header_value"
@@ -207,6 +207,13 @@ def get_case_strategy(
         query=query_.value,
         body=body_.value,
         data_generation_method=generator,
+        meta=GenerationMetadata(
+            query=query_.generator,
+            path_parameters=path_parameters_.generator,
+            headers=headers_.generator,
+            cookies=cookies_.generator,
+            body=body_.generator,
+        ),
     )
     auth_context = auths.AuthContext(
         operation=operation,
@@ -347,6 +354,22 @@ def can_negate_headers(operation: APIOperation, location: str) -> bool:
     return any(header != {"type": "string"} for header in headers.values())
 
 
+def get_schema_for_location(
+    operation: APIOperation, location: str, parameters: Iterable[OpenAPIParameter]
+) -> dict[str, Any]:
+    schema = parameters_to_json_schema(operation, parameters)
+    if location == "path":
+        if not operation.schema.validate_schema:
+            # If schema validation is disabled, we try to generate data even if the parameter definition
+            # contains errors.
+            # In this case, we know that the `required` keyword should always be `True`.
+            schema["required"] = list(schema["properties"])
+        for prop in schema.get("properties", {}).values():
+            if prop.get("type") == "string":
+                prop.setdefault("minLength", 1)
+    return operation.schema.prepare_schema(schema)
+
+
 def get_parameters_strategy(
     operation: APIOperation,
     strategy_factory: StrategyFactory,
@@ -361,17 +384,7 @@ def get_parameters_strategy(
         nested_cache_key = (strategy_factory, location, tuple(sorted(exclude)))
         if operation in _PARAMETER_STRATEGIES_CACHE and nested_cache_key in _PARAMETER_STRATEGIES_CACHE[operation]:
             return _PARAMETER_STRATEGIES_CACHE[operation][nested_cache_key]
-        schema = parameters_to_json_schema(operation, parameters)
-        if location == "path":
-            if not operation.schema.validate_schema:
-                # If schema validation is disabled, we try to generate data even if the parameter definition
-                # contains errors.
-                # In this case, we know that the `required` keyword should always be `True`.
-                schema["required"] = list(schema["properties"])
-            for prop in schema.get("properties", {}).values():
-                if prop.get("type") == "string":
-                    prop.setdefault("minLength", 1)
-        schema = operation.schema.prepare_schema(schema)
+        schema = get_schema_for_location(operation, location, parameters)
         for name in exclude:
             # Values from `exclude` are not necessarily valid for the schema - they come from user-defined examples
             # that may be invalid

schemathesis/specs/openapi/checks.py

@@ -145,7 +145,12 @@ def negative_data_rejection(response: GenericResponse, case: Case) -> bool | Non
 
     if not isinstance(case.operation.schema, BaseOpenAPISchema):
         return True
-    if case.data_generation_method and case.data_generation_method.is_negative and 200 <= response.status_code < 300:
+    if (
+        case.data_generation_method
+        and case.data_generation_method.is_negative
+        and 200 <= response.status_code < 300
+        and not has_only_additional_properties_in_non_body_parameters(case)
+    ):
         exc_class = get_negative_rejection_error(case.operation.verbose_name, response.status_code)
         raise exc_class(
             failures.AcceptedNegativeData.title,
@@ -154,6 +159,34 @@ def negative_data_rejection(response: GenericResponse, case: Case) -> bool | Non
     return None
 
 
+def has_only_additional_properties_in_non_body_parameters(case: Case) -> bool:
+    # Check if the case contains only additional properties in query, headers, or cookies.
+    # This function is used to determine if negation is solely in the form of extra properties,
+    # which are often ignored for backward-compatibility by the tested apps
+    from ._hypothesis import get_schema_for_location
+
+    meta = case.meta
+    if meta is None:
+        # Ignore manually created cases
+        return False
+    if (meta.body and meta.body.is_negative) or (meta.path_parameters and meta.path_parameters.is_negative):
+        # Body or path negations always imply other negations
+        return False
+    validator_cls = case.operation.schema.validator_cls  # type: ignore[attr-defined]
+    for container in ("query", "headers", "cookies"):
+        meta_for_location = getattr(meta, container)
+        value = getattr(case, container)
+        if value is not None and meta_for_location is not None and meta_for_location.is_negative:
+            parameters = getattr(case.operation, container)
+            value_without_additional_properties = {k: v for k, v in value.items() if k in parameters}
+            schema = get_schema_for_location(case.operation, container, parameters)
+            if not validator_cls(schema).is_valid(value_without_additional_properties):
+                # Other types of negation found
+                return False
+    # Only additional properties are added
+    return True
+
+
 def use_after_free(response: GenericResponse, original: Case) -> bool | None:
     from ...transports.responses import get_reason
     from .schemas import BaseOpenAPISchema

schemathesis/specs/openapi/negative/mutations.py

@@ -81,6 +81,10 @@ class MutationContext:
     def is_path_location(self) -> bool:
         return self.location == "path"
 
+    @property
+    def is_query_location(self) -> bool:
+        return self.location == "query"
+
     def mutate(self, draw: Draw) -> Schema:
         # On the top level, Schemathesis creates "object" schemas for all parameter "in" values except "body", which is
         # taken as-is. Therefore, we can only apply mutations that won't change the Open API semantics of the schema.
@@ -203,8 +207,11 @@ def change_type(context: MutationContext, draw: Draw, schema: Schema) -> Mutatio
     if context.media_type == "application/x-www-form-urlencoded":
         # Form data should be an object, do not change it
         return MutationResult.FAILURE
-    # Headers are always strings, can't negate this
-    if context.is_header_location:
+    # For headers, query and path parameters, if the current type is string, then it already
+    # includes all possible values as those parameters will be stringified before sending,
+    # therefore it can't be negated.
+    types = get_type(schema)
+    if "string" in types and (context.is_header_location or context.is_path_location or context.is_query_location):
         return MutationResult.FAILURE
     candidates = _get_type_candidates(context, schema)
     if not candidates:

schemathesis/specs/openapi/schemas.py

@@ -19,6 +19,7 @@ from typing import (
     Mapping,
     NoReturn,
     Sequence,
+    Type,
     TypeVar,
     cast,
 )
@@ -615,6 +616,12 @@ class BaseOpenAPISchema(BaseSchema):
     def get_tags(self, operation: APIOperation) -> list[str] | None:
         return operation.definition.raw.get("tags")
 
+    @property
+    def validator_cls(self) -> Type[jsonschema.Validator]:
+        if self.spec_version.startswith("3.1") and experimental.OPEN_API_3_1.is_enabled:
+            return jsonschema.Draft202012Validator
+        return jsonschema.Draft4Validator
+
     def validate_response(self, operation: APIOperation, response: GenericResponse) -> bool | None:
         responses = {str(key): value for key, value in operation.definition.raw.get("responses", {}).items()}
         status_code = str(response.status_code)
@@ -658,13 +665,9 @@ class BaseOpenAPISchema(BaseSchema):
         resolver = ConvertingResolver(
             self.location or "", self.raw_schema, nullable_name=self.nullable_name, is_response_schema=True
         )
-        if self.spec_version.startswith("3.1") and experimental.OPEN_API_3_1.is_enabled:
-            cls = jsonschema.Draft202012Validator
-        else:
-            cls = jsonschema.Draft4Validator
         with in_scopes(resolver, scopes):
             try:
-                jsonschema.validate(data, schema, cls=cls, resolver=resolver)
+                jsonschema.validate(data, schema, cls=self.validator_cls, resolver=resolver)
             except jsonschema.ValidationError as exc:
                 exc_class = get_schema_validation_error(operation.verbose_name, exc)
                 ctx = failures.ValidationErrorContext.from_exception(exc, output_config=operation.schema.output_config)

{schemathesis-3.31.0.dist-info → schemathesis-3.31.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: schemathesis
-Version: 3.31.0
+Version: 3.31.1
 Summary: Property-based testing framework for Open API and GraphQL based apps
 Project-URL: Documentation, https://schemathesis.readthedocs.io/en/stable/
 Project-URL: Changelog, https://schemathesis.readthedocs.io/en/stable/changelog.html

{schemathesis-3.31.0.dist-info → schemathesis-3.31.1.dist-info}/RECORD

@@ -17,7 +17,7 @@ schemathesis/graphql.py,sha256=YkoKWY5K8lxp7H3ikAs-IsoDbiPwJvChG7O8p3DgwtI,229
 schemathesis/hooks.py,sha256=dveqMmThIvt4fDahUXhU2nCq5pFvYjzzd1Ys_MhrJZA,12398
 schemathesis/lazy.py,sha256=eVdGkTZK0fWvUlFUCFGGlViH2NWEtYIjxiNkF4fBWhI,15218
 schemathesis/loaders.py,sha256=OtCD1o0TVmSNAUF7dgHpouoAXtY6w9vEtsRVGv4lE0g,4588
-schemathesis/models.py,sha256=4kAiutx5BEZ4h4AHMvZVW7gJpObur7kkGFuuF2cTEkU,44491
+schemathesis/models.py,sha256=nbm9Agqw94RYib2Q4OH7iOiEPDGw64NlQnEB7o5Spio,44925
 schemathesis/parameters.py,sha256=PndmqQRlEYsCt1kWjSShPsFf6vj7X_7FRdz_-A95eNg,2258
 schemathesis/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 schemathesis/sanitization.py,sha256=mRR4YvXpzqbmgX8Xu6rume6LBcz9g_oyusvbesZl44I,8958
@@ -98,8 +98,8 @@ schemathesis/specs/graphql/schemas.py,sha256=i6fAW9pYcOplQE7BejP6P8GQ9z6Y43Vx4_f
 schemathesis/specs/graphql/validation.py,sha256=uINIOt-2E7ZuQV2CxKzwez-7L9tDtqzMSpnVoRWvxy0,1635
 schemathesis/specs/openapi/__init__.py,sha256=HDcx3bqpa6qWPpyMrxAbM3uTo0Lqpg-BUNZhDJSJKnw,279
 schemathesis/specs/openapi/_cache.py,sha256=PAiAu4X_a2PQgD2lG5H3iisXdyg4SaHpU46bRZvfNkM,4320
-schemathesis/specs/openapi/_hypothesis.py,sha256=9O8gTVWtq17UezgvlxHxjTHGVmggQ2mxwAnVIvZKgsk,23619
-schemathesis/specs/openapi/checks.py,sha256=1Fu3Kgai9ySCoGtCrx99Q9oVCEWXgkqHd1gTqG_569s,9364
+schemathesis/specs/openapi/_hypothesis.py,sha256=hPctM9QN4mGZrEPnLbesoPEDrSF4TCyI5RMJUmchhnQ,24070
+schemathesis/specs/openapi/checks.py,sha256=eFjbV9-0202qg0s0JjaBNRr7nf8Bd8VMLPHEfMvZoc4,10967
 schemathesis/specs/openapi/constants.py,sha256=JqM_FHOenqS_MuUE9sxVQ8Hnw0DNM8cnKDwCwPLhID4,783
 schemathesis/specs/openapi/converter.py,sha256=TaYgc5BBHPdkN-n0lqpbeVgLu3eL3L8Wu3y_Vo3TJaQ,2800
 schemathesis/specs/openapi/definitions.py,sha256=Z186F0gNBSCmPg-Kk7Q-n6XxEZHIOzgUyeqixlC62XE,94058
@@ -111,7 +111,7 @@ schemathesis/specs/openapi/loaders.py,sha256=JJdIz1aT03J9WmUWTLOz6Yhuu69IqmhobQ9
 schemathesis/specs/openapi/media_types.py,sha256=dNTxpRQbY3SubdVjh4Cjb38R6Bc9MF9BsRQwPD87x0g,1017
 schemathesis/specs/openapi/parameters.py,sha256=_6vNCnPXcdxjfAQbykCRLHjvmTpu_02xDJghxDrGYr8,13611
 schemathesis/specs/openapi/references.py,sha256=euxM02kQGMHh4Ss1jWjOY_gyw_HazafKITIsvOEiAvI,9831
-schemathesis/specs/openapi/schemas.py,sha256=UMPfQKndW7HRAeLNlu0zmZVmJMaD7CvRJ8p-c8a93uc,52204
+schemathesis/specs/openapi/schemas.py,sha256=sZXzw4ToOpTbrjFQdvCwGymaCWW1b_ofzm7jJQK03kI,52287
 schemathesis/specs/openapi/security.py,sha256=nEhDB_SvEFldmfpa9uOQywfWN6DtXHKmgtwucJvfN5Q,7096
 schemathesis/specs/openapi/serialization.py,sha256=5qGdFHZ3n80UlbSXrO_bkr4Al_7ci_Z3aSUjZczNDQY,11384
 schemathesis/specs/openapi/utils.py,sha256=-TCu0hTrlwp2x5qHNp-TxiHRMeIZC9OBmlhLssjRIiQ,742
@@ -124,7 +124,7 @@ schemathesis/specs/openapi/expressions/lexer.py,sha256=LeVE6fgYT9-fIsXrv0-YrRHnI
 schemathesis/specs/openapi/expressions/nodes.py,sha256=DUbAtuXdUDsxZ_pGeCVXAlL3gTj8nt9KulMGaIS-N2I,3948
 schemathesis/specs/openapi/expressions/parser.py,sha256=gM_Ob-TlTGxpgjZGRHNyPhBj1YAvRgRoSlNCrE7-djk,4452
 schemathesis/specs/openapi/negative/__init__.py,sha256=gw0w_9tVQf_MY5Df3_xTZFC4rAy1TTBS4wBccm36uFs,3697
-schemathesis/specs/openapi/negative/mutations.py,sha256=JRTkJNO9njma3xTYYoxSVpQgz-CfeMBLv4NDNPGiogI,18644
+schemathesis/specs/openapi/negative/mutations.py,sha256=lLEN0GLxvPmZBQ3tHCznDSjmZ4yQiQxspjv1UpO4Kx0,19019
 schemathesis/specs/openapi/negative/types.py,sha256=a7buCcVxNBG6ILBM3A7oNTAX0lyDseEtZndBuej8MbI,174
 schemathesis/specs/openapi/negative/utils.py,sha256=ozcOIuASufLqZSgnKUACjX-EOZrrkuNdXX0SDnLoGYA,168
 schemathesis/specs/openapi/stateful/__init__.py,sha256=fAA52Nk0olm46u1e6OtZTXwmFM5W2r0jhRhZ24iz7GY,7673
@@ -144,8 +144,8 @@ schemathesis/transports/auth.py,sha256=4z7c-K7lfyyVqgR6X1v4yiE8ewR_ViAznWFTAsCL0
 schemathesis/transports/content_types.py,sha256=VrcRQvF5T_TUjrCyrZcYF2LOwKfs3IrLcMtkVSp1ImI,2189
 schemathesis/transports/headers.py,sha256=hr_AIDOfUxsJxpHfemIZ_uNG3_vzS_ZeMEKmZjbYiBE,990
 schemathesis/transports/responses.py,sha256=6-gvVcRK0Ho_lSydUysBNFWoJwZEiEgf6Iv-GWkQGd8,1675
-schemathesis-3.31.0.dist-info/METADATA,sha256=xq28YKL2SXo0XpmPf68tqEGoY8khEIjTEnoEPkV4tPo,17706
-schemathesis-3.31.0.dist-info/WHEEL,sha256=hKi7AIIx6qfnsRbr087vpeJnrVUuDokDHZacPPMW7-Y,87
-schemathesis-3.31.0.dist-info/entry_points.txt,sha256=VHyLcOG7co0nOeuk8WjgpRETk5P1E2iCLrn26Zkn5uk,158
-schemathesis-3.31.0.dist-info/licenses/LICENSE,sha256=PsPYgrDhZ7g9uwihJXNG-XVb55wj2uYhkl2DD8oAzY0,1103
-schemathesis-3.31.0.dist-info/RECORD,,
+schemathesis-3.31.1.dist-info/METADATA,sha256=W2PcjGom3XH8VuWRWR7kqLv12ZUliovQllOYeyMsnqk,17706
+schemathesis-3.31.1.dist-info/WHEEL,sha256=hKi7AIIx6qfnsRbr087vpeJnrVUuDokDHZacPPMW7-Y,87
+schemathesis-3.31.1.dist-info/entry_points.txt,sha256=VHyLcOG7co0nOeuk8WjgpRETk5P1E2iCLrn26Zkn5uk,158
+schemathesis-3.31.1.dist-info/licenses/LICENSE,sha256=PsPYgrDhZ7g9uwihJXNG-XVb55wj2uYhkl2DD8oAzY0,1103
+schemathesis-3.31.1.dist-info/RECORD,,