schemathesis 3.34.1__py3-none-any.whl → 3.34.3__py3-none-any.whl

schemathesis/specs/openapi/checks.py

@@ -3,7 +3,7 @@ from __future__ import annotations
 from dataclasses import dataclass
 from http.cookies import SimpleCookie
 from typing import TYPE_CHECKING, Any, Dict, Generator, NoReturn, cast
-from urllib.parse import parse_qs, urlencode, urlparse, urlunparse
+from urllib.parse import parse_qs, urlparse
 
 from ... import failures
 from ...exceptions import (
@@ -334,8 +334,6 @@ def ensure_resource_availability(response: GenericResponse, original: Case) -> b
 
 def ignored_auth(response: GenericResponse, case: Case) -> bool | None:
     """Check if an operation declares authentication as a requirement but does not actually enforce it."""
-    from requests import Session
-
     from .schemas import BaseOpenAPISchema
 
     if not isinstance(case.operation.schema, BaseOpenAPISchema):
@@ -346,14 +344,15 @@ def ignored_auth(response: GenericResponse, case: Case) -> bool | None:
     if security_parameters and 200 <= response.status_code < 300:
         if _contains_auth(response.request, security_parameters):
             # If there is auth in the request, then drop it and retry the call
-            request = _remove_auth_from_request(response.request, security_parameters)
-            response.request = request
-            new_response = Session().send(request)
-            if new_response.ok:
+            _remove_auth_from_case(case, security_parameters)
+            new_response = case.operation.schema.transport.send(case)
+            if 200 <= new_response.status_code < 300:
                 # Mutate the response object in place on the best effort basis
-                for attribute in new_response.__attrs__:
-                    setattr(response, attribute, getattr(new_response, attribute))
-                _remove_auth_from_case(case, security_parameters)
+                if hasattr(response, "__attrs__"):
+                    for attribute in new_response.__attrs__:
+                        setattr(response, attribute, getattr(new_response, attribute))
+                else:
+                    response.__dict__.update(new_response.__dict__)
                 _raise_auth_error(new_response, case.operation.verbose_name)
         else:
             # Successful response when there is no auth
@@ -417,40 +416,6 @@ def _contains_auth(request: PreparedRequest, security_parameters: list[SecurityP
     return False
 
 
-def _remove_auth_from_request(
-    request: PreparedRequest, security_parameters: list[SecurityParameter]
-) -> PreparedRequest:
-    """Remove security parameters from a request."""
-    from requests.cookies import get_cookie_header
-
-    request = request.copy()
-    parsed = urlparse(request.url)
-    query = parse_qs(parsed.query)  # type: ignore
-    should_replace_url = False
-
-    for parameter in security_parameters:
-        name = parameter["name"]
-        if parameter["in"] == "header":
-            request.headers.pop(name, None)
-        if parameter["in"] == "query":
-            query.pop(name, None)
-            should_replace_url = True
-        if parameter["in"] == "cookie":
-            del request._cookies[name]  # type: ignore
-
-    if should_replace_url:
-        components = [parsed.scheme, parsed.netloc, parsed.path, parsed.params, urlencode(query), parsed.fragment]
-        url = cast(str, urlunparse(components))  # type: ignore
-        request.url = url
-    # Re-generate the `Cookie` header if needed
-    raw_cookie = request.headers.pop("Cookie", None)
-    if raw_cookie is not None:
-        new_cookie_header = get_cookie_header(request._cookies, request)  # type: ignore
-        if new_cookie_header:
-            request.headers["Cookie"] = new_cookie_header
-    return request
-
-
 def _remove_auth_from_case(case: Case, security_parameters: list[SecurityParameter]) -> None:
     """Remove security parameters from a generated case.
 

schemathesis/specs/openapi/stateful/__init__.py

@@ -8,6 +8,7 @@ from hypothesis import strategies as st
 from hypothesis.stateful import Bundle, Rule, precondition, rule
 
 from ....constants import NOT_SET
+from ....generation import DataGenerationMethod
 from ....internal.result import Ok
 from ....stateful.state_machine import APIStateMachine, Direction, StepResult
 from ....types import NotSet
@@ -43,6 +44,10 @@ class OpenAPIStateMachine(APIStateMachine):
         return "\n".join(item.line for item in cls._transition_stats_template.iter_with_format())
 
 
+# The proportion of negative tests generated for "root" transitions
+NEGATIVE_TEST_CASES_THRESHOLD = 20
+
+
 def create_state_machine(schema: BaseOpenAPISchema) -> type[APIStateMachine]:
     """Create a state machine class.
 
@@ -111,12 +116,24 @@ def create_state_machine(schema: BaseOpenAPISchema) -> type[APIStateMachine]:
             # The source operation has no prerequisite, but we need to allow this rule to be executed
             # in order to reach other transitions
             name = _normalize_name(f"{target.verbose_name} -> X")
-            case_strategy = combine_strategies(
-                [
-                    target.as_strategy(data_generation_method=data_generation_method)
-                    for data_generation_method in schema.data_generation_methods
-                ]
-            )
+            if len(schema.data_generation_methods) == 1:
+                case_strategy = target.as_strategy(data_generation_method=schema.data_generation_methods[0])
+            else:
+                strategies = {
+                    method: target.as_strategy(data_generation_method=method)
+                    for method in schema.data_generation_methods
+                }
+
+                @st.composite  # type: ignore[misc]
+                def case_strategy_factory(
+                    draw: st.DrawFn, strategies: dict[DataGenerationMethod, st.SearchStrategy] = strategies
+                ) -> Case:
+                    if draw(st.integers(min_value=0, max_value=99)) < NEGATIVE_TEST_CASES_THRESHOLD:
+                        return draw(strategies[DataGenerationMethod.negative])
+                    return draw(strategies[DataGenerationMethod.positive])
+
+                case_strategy = case_strategy_factory()
+
             rules[name] = precondition(ensure_links_followed)(
                 transition(
                     name=name,

schemathesis/transports/__init__.py

@@ -192,6 +192,7 @@ class RequestsTransport:
                 context=failures.RequestTimeout(message=message, timeout=timeout),
             ) from None
         response.verify = verify  # type: ignore[attr-defined]
+        response._session = session  # type: ignore[attr-defined]
         if close_session:
             session.close()
         return response

{schemathesis-3.34.1.dist-info → schemathesis-3.34.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.3
 Name: schemathesis
-Version: 3.34.1
+Version: 3.34.3
 Summary: Property-based testing framework for Open API and GraphQL based apps
 Project-URL: Documentation, https://schemathesis.readthedocs.io/en/stable/
 Project-URL: Changelog, https://schemathesis.readthedocs.io/en/stable/changelog.html
@@ -56,7 +56,26 @@ Provides-Extra: cov
 Requires-Dist: coverage-enable-subprocess; extra == 'cov'
 Requires-Dist: coverage[toml]>=5.3; extra == 'cov'
 Provides-Extra: dev
-Requires-Dist: schemathesis[bench,cov,docs,tests]; extra == 'dev'
+Requires-Dist: aiohttp<4.0,>=3.9.1; extra == 'dev'
+Requires-Dist: coverage-enable-subprocess; extra == 'dev'
+Requires-Dist: coverage>=6; extra == 'dev'
+Requires-Dist: coverage[toml]>=5.3; extra == 'dev'
+Requires-Dist: fastapi>=0.86.0; extra == 'dev'
+Requires-Dist: flask<3.0,>=2.1.1; extra == 'dev'
+Requires-Dist: hypothesis-openapi<1,>=0.2; (python_version >= '3.10') and extra == 'dev'
+Requires-Dist: pydantic>=1.10.2; extra == 'dev'
+Requires-Dist: pytest-asyncio<1.0,>=0.18.0; extra == 'dev'
+Requires-Dist: pytest-codspeed==2.2.1; extra == 'dev'
+Requires-Dist: pytest-httpserver<2.0,>=1.0; extra == 'dev'
+Requires-Dist: pytest-mock<4.0,>=3.7.0; extra == 'dev'
+Requires-Dist: pytest-trio<1.0,>=0.8; extra == 'dev'
+Requires-Dist: pytest-xdist<4.0,>=3; extra == 'dev'
+Requires-Dist: sphinx; extra == 'dev'
+Requires-Dist: sphinx-click; extra == 'dev'
+Requires-Dist: sphinx-rtd-theme; extra == 'dev'
+Requires-Dist: strawberry-graphql[fastapi]>=0.109.0; extra == 'dev'
+Requires-Dist: syrupy<5.0,>=2; extra == 'dev'
+Requires-Dist: trustme<1.0,>=0.9.0; extra == 'dev'
 Provides-Extra: docs
 Requires-Dist: sphinx; extra == 'docs'
 Requires-Dist: sphinx-click; extra == 'docs'
@@ -66,7 +85,7 @@ Requires-Dist: aiohttp<4.0,>=3.9.1; extra == 'tests'
 Requires-Dist: coverage>=6; extra == 'tests'
 Requires-Dist: fastapi>=0.86.0; extra == 'tests'
 Requires-Dist: flask<3.0,>=2.1.1; extra == 'tests'
-Requires-Dist: hypothesis-openapi<1,>=0.2; python_version >= '3.10' and extra == 'tests'
+Requires-Dist: hypothesis-openapi<1,>=0.2; (python_version >= '3.10') and extra == 'tests'
 Requires-Dist: pydantic>=1.10.2; extra == 'tests'
 Requires-Dist: pytest-asyncio<1.0,>=0.18.0; extra == 'tests'
 Requires-Dist: pytest-httpserver<2.0,>=1.0; extra == 'tests'
@@ -78,10 +97,6 @@ Requires-Dist: syrupy<5.0,>=2; extra == 'tests'
 Requires-Dist: trustme<1.0,>=0.9.0; extra == 'tests'
 Description-Content-Type: text/markdown
 
-<p align="center">
-    <em>Schemathesis: Supercharge your API testing, catch bugs, and ensure compliance</em>
-</p>
-
 <p align="center">
     <a href="https://github.com/schemathesis/schemathesis/actions" target="_blank">
         <img src="https://github.com/schemathesis/schemathesis/actions/workflows/build.yml/badge.svg" alt="Build">
@@ -98,22 +113,17 @@ Description-Content-Type: text/markdown
     <a href="https://discord.gg/R9ASRAmHnA" target="_blank">
         <img src="https://img.shields.io/discord/938139740912369755" alt="Discord">
     </a>
+    <a href="[https://discord.gg/R9ASRAmHnA](https://schemathesis.readthedocs.io/en/stable/)" target="_blank">
+        <img src="https://readthedocs.org/projects/schemathesis/badge/?version=stable" alt="Documentation">
+    </a>
     <a href="https://opensource.org/licenses/MIT" target="_blank">
         <img src="https://img.shields.io/pypi/l/schemathesis.svg" alt="License">
     </a>
 </p>
 
----
-
-**Documentation**: <a href="https://schemathesis.readthedocs.io/en/stable/" target="_blank">https://schemathesis.readthedocs.io/en/stable/ </a>
-
-**Chat**: <a href="https://discord.gg/R9ASRAmHnA" target="_blank">https://discord.gg/R9ASRAmHnA </a>
-
----
-
-## What is Schemathesis?
+## Schemathesis
 
-Schemathesis is a tool that levels-up your API testing by automating the process of finding crashes, uncovering bugs, and validating spec compliance. With Schemathesis, you can:
+Schemathesis is a tool that levels up your API testing by automating the process of finding crashes, uncovering bugs, and validating spec compliance. With Schemathesis, you can:
 
 🎯 **Catch Hard-to-Find Bugs**
 
@@ -322,11 +332,12 @@ Schemathesis is built on top of <a href="https://hypothesis.works/" target="_bla
 
 ## Who's Using Schemathesis?
 
-Schemathesis is used by a number of project and companies, including direct usage or integration into other tools:
+Schemathesis is used by a number of projects and companies, including direct usage or integration into other tools:
 
 - Abstract Machines ([Magistrala](https://github.com/absmach/magistrala))
 - Bundesstelle für Open Data ([smard-api](https://github.com/bundesAPI/smard-api))
 - [CheckMK](https://github.com/Checkmk/checkmk)
+- [Chronosphere.io](https://github.com/chronosphereio/calyptia-api)
 - HXSecurity ([DongTai](https://github.com/HXSecurity/DongTai))
 - Netflix ([Dispatch](https://github.com/Netflix/dispatch))
 - [Pixie](https://github.com/pixie-io/pixie)

{schemathesis-3.34.1.dist-info → schemathesis-3.34.3.dist-info}/RECORD

@@ -100,7 +100,7 @@ schemathesis/specs/graphql/validation.py,sha256=uINIOt-2E7ZuQV2CxKzwez-7L9tDtqzM
 schemathesis/specs/openapi/__init__.py,sha256=HDcx3bqpa6qWPpyMrxAbM3uTo0Lqpg-BUNZhDJSJKnw,279
 schemathesis/specs/openapi/_cache.py,sha256=PAiAu4X_a2PQgD2lG5H3iisXdyg4SaHpU46bRZvfNkM,4320
 schemathesis/specs/openapi/_hypothesis.py,sha256=XtC-rYiH-GHvWykdSSzPFVK7jHNNL7NtibjSEeIZDQw,24122
-schemathesis/specs/openapi/checks.py,sha256=CxDs3eXEXRN6c8xZNrEK60toImgirTP6VTBSoj5w7CU,21236
+schemathesis/specs/openapi/checks.py,sha256=LiwoL5W_qK40j-JFSc9hfM8IGSszMBUWe71YZJ5FBzw,19931
 schemathesis/specs/openapi/constants.py,sha256=JqM_FHOenqS_MuUE9sxVQ8Hnw0DNM8cnKDwCwPLhID4,783
 schemathesis/specs/openapi/converter.py,sha256=TaYgc5BBHPdkN-n0lqpbeVgLu3eL3L8Wu3y_Vo3TJaQ,2800
 schemathesis/specs/openapi/definitions.py,sha256=Z186F0gNBSCmPg-Kk7Q-n6XxEZHIOzgUyeqixlC62XE,94058
@@ -127,7 +127,7 @@ schemathesis/specs/openapi/negative/__init__.py,sha256=gw0w_9tVQf_MY5Df3_xTZFC4r
 schemathesis/specs/openapi/negative/mutations.py,sha256=lLEN0GLxvPmZBQ3tHCznDSjmZ4yQiQxspjv1UpO4Kx0,19019
 schemathesis/specs/openapi/negative/types.py,sha256=a7buCcVxNBG6ILBM3A7oNTAX0lyDseEtZndBuej8MbI,174
 schemathesis/specs/openapi/negative/utils.py,sha256=ozcOIuASufLqZSgnKUACjX-EOZrrkuNdXX0SDnLoGYA,168
-schemathesis/specs/openapi/stateful/__init__.py,sha256=WV0iPWE_BiSoTu2bt0IMbuk71TDJvLPv403thTSXcqc,8662
+schemathesis/specs/openapi/stateful/__init__.py,sha256=wI9WCuHW0EBTUeBaClWi48I6J63TiczBX6UiErsmbB4,9470
 schemathesis/specs/openapi/stateful/statistic.py,sha256=EJK4NqeAYRYl1FtU9YEuTLyhGhPmks0bLoxUPuQlOvM,7443
 schemathesis/specs/openapi/stateful/types.py,sha256=UuGcCTFvaHsqeLN9ZeUNcbjsEwmthoT3UcHfDHchOYo,419
 schemathesis/stateful/__init__.py,sha256=gONzl3pgZ8DihjK52Wd3Ye1LeP6gnulmevHI_jEqHWI,5088
@@ -139,13 +139,13 @@ schemathesis/stateful/sink.py,sha256=xjsqJYH5WETKh5pDGlchYyjT3HcjzHEotUjvo1p0JsE
 schemathesis/stateful/state_machine.py,sha256=u7PkwCjxTZZcePC7GPiOUuu4uhqUees3UuorD_0Sx_c,12938
 schemathesis/stateful/statistic.py,sha256=xPLiCw61ofNXQicqcK_sZyLHiqiGcgQARpwd8AiRubM,487
 schemathesis/stateful/validation.py,sha256=JtqnRzl11ZbVR8Lcr0xBJKoOXzx8VUfRz92jOnB2Smg,3605
-schemathesis/transports/__init__.py,sha256=tIJm79N_pBHM5ccvez4Z4mW-VrG1LfN8yq7B0v9YDGk,12832
+schemathesis/transports/__init__.py,sha256=L60_GCzJiX9jFYKVft4aeZb8EmyV6e72k8K73y2zvmE,12898
 schemathesis/transports/auth.py,sha256=yELjkEkfx4g74hNrd0Db9aFf0xDJDRIwhg2vzKOTZGg,1138
 schemathesis/transports/content_types.py,sha256=VrcRQvF5T_TUjrCyrZcYF2LOwKfs3IrLcMtkVSp1ImI,2189
 schemathesis/transports/headers.py,sha256=hr_AIDOfUxsJxpHfemIZ_uNG3_vzS_ZeMEKmZjbYiBE,990
 schemathesis/transports/responses.py,sha256=6-gvVcRK0Ho_lSydUysBNFWoJwZEiEgf6Iv-GWkQGd8,1675
-schemathesis-3.34.1.dist-info/METADATA,sha256=8nsSWlenwayD_fjRDqd_VqwH3zB3deT0zOEjq4JU7U8,18373
-schemathesis-3.34.1.dist-info/WHEEL,sha256=hKi7AIIx6qfnsRbr087vpeJnrVUuDokDHZacPPMW7-Y,87
-schemathesis-3.34.1.dist-info/entry_points.txt,sha256=VHyLcOG7co0nOeuk8WjgpRETk5P1E2iCLrn26Zkn5uk,158
-schemathesis-3.34.1.dist-info/licenses/LICENSE,sha256=PsPYgrDhZ7g9uwihJXNG-XVb55wj2uYhkl2DD8oAzY0,1103
-schemathesis-3.34.1.dist-info/RECORD,,
+schemathesis-3.34.3.dist-info/METADATA,sha256=PsAgyQEs6iPW3VV5P_9r1zRAcw9WDnCsD4CbSieLWoM,19287
+schemathesis-3.34.3.dist-info/WHEEL,sha256=1yFddiXMmvYK7QYTqtRNtX66WJ0Mz8PYEiEUoOUUxRY,87
+schemathesis-3.34.3.dist-info/entry_points.txt,sha256=VHyLcOG7co0nOeuk8WjgpRETk5P1E2iCLrn26Zkn5uk,158
+schemathesis-3.34.3.dist-info/licenses/LICENSE,sha256=PsPYgrDhZ7g9uwihJXNG-XVb55wj2uYhkl2DD8oAzY0,1103
+schemathesis-3.34.3.dist-info/RECORD,,

{schemathesis-3.34.1.dist-info → schemathesis-3.34.3.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: hatchling 1.12.2
+Generator: hatchling 1.25.0
 Root-Is-Purelib: true
 Tag: py3-none-any