schemathesis 3.35.4__py3-none-any.whl → 3.36.0__py3-none-any.whl

schemathesis/specs/graphql/schemas.py

@@ -22,14 +22,12 @@ from urllib.parse import urlsplit, urlunsplit
 
 import graphql
 from hypothesis import strategies as st
-from hypothesis.strategies import SearchStrategy
 from hypothesis_graphql import strategies as gql_st
 from requests.structures import CaseInsensitiveDict
 
 from ... import auths
-from ...auths import AuthStorage
 from ...checks import not_a_server_error
-from ...constants import NOT_SET
+from ...constants import NOT_SET, SCHEMATHESIS_TEST_CASE_HEADER
 from ...exceptions import OperationNotFound, OperationSchemaError
 from ...generation import DataGenerationMethod, GenerationConfig
 from ...hooks import (
@@ -40,15 +38,19 @@ from ...hooks import (
     should_skip_operation,
 )
 from ...internal.result import Ok, Result
-from ...models import APIOperation, Case, CheckFunction, OperationDefinition
+from ...models import APIOperation, Case, OperationDefinition
 from ...schemas import APIOperationMap, BaseSchema
-from ...stateful import Stateful, StatefulTest
 from ...types import Body, Cookies, Headers, NotSet, PathParameters, Query
 from ..openapi.constants import LOCATION_TO_CONTAINER
 from ._cache import OperationCache
 from .scalars import CUSTOM_SCALARS, get_extra_scalar_strategies
 
 if TYPE_CHECKING:
+    from hypothesis.strategies import SearchStrategy
+
+    from ...auths import AuthStorage
+    from ...internal.checks import CheckFunction
+    from ...stateful import Stateful, StatefulTest
     from ...transports.responses import GenericResponse
 
 
@@ -60,6 +62,9 @@ class RootType(enum.Enum):
 
 @dataclass(repr=False)
 class GraphQLCase(Case):
+    def __hash__(self) -> int:
+        return hash(self.as_curl_command({SCHEMATHESIS_TEST_CASE_HEADER: "0"}))
+
     def _get_url(self, base_url: str | None) -> str:
         base_url = self._get_base_url(base_url)
         # Replace the path, in case if the user provided any path parameters via hooks
@@ -77,11 +82,12 @@ class GraphQLCase(Case):
         additional_checks: tuple[CheckFunction, ...] = (),
         excluded_checks: tuple[CheckFunction, ...] = (),
         code_sample_style: str | None = None,
+        headers: dict[str, Any] | None = None,
     ) -> None:
         checks = checks or (not_a_server_error,)
         checks += additional_checks
         checks = tuple(check for check in checks if check not in excluded_checks)
-        return super().validate_response(response, checks, code_sample_style=code_sample_style)
+        return super().validate_response(response, checks, code_sample_style=code_sample_style, headers=headers)
 
 
 C = TypeVar("C", bound=Case)
@@ -185,8 +191,7 @@ class GraphQLSchema(BaseSchema):
         return 0
 
     def get_all_operations(
-        self,
-        hooks: HookDispatcher | None = None,
+        self, hooks: HookDispatcher | None = None, generation_config: GenerationConfig | None = None
     ) -> Generator[Result[APIOperation, OperationSchemaError], None, None]:
         schema = self.client_schema
         for root_type, operation_type in (

schemathesis/specs/openapi/checks.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
 
 from dataclasses import dataclass
+import enum
 from http.cookies import SimpleCookie
 from typing import TYPE_CHECKING, Any, Dict, Generator, NoReturn, cast
 from urllib.parse import parse_qs, urlparse
@@ -25,11 +26,12 @@ from .utils import expand_status_code
 if TYPE_CHECKING:
     from requests import PreparedRequest
 
+    from ...internal.checks import CheckContext
     from ...models import APIOperation, Case
     from ...transports.responses import GenericResponse
 
 
-def status_code_conformance(response: GenericResponse, case: Case) -> bool | None:
+def status_code_conformance(ctx: CheckContext, response: GenericResponse, case: Case) -> bool | None:
     from .schemas import BaseOpenAPISchema
 
     if not isinstance(case.operation.schema, BaseOpenAPISchema):
@@ -60,7 +62,7 @@ def _expand_responses(responses: dict[str | int, Any]) -> Generator[int, None, N
         yield from expand_status_code(code)
 
 
-def content_type_conformance(response: GenericResponse, case: Case) -> bool | None:
+def content_type_conformance(ctx: CheckContext, response: GenericResponse, case: Case) -> bool | None:
     from .schemas import BaseOpenAPISchema
 
     if not isinstance(case.operation.schema, BaseOpenAPISchema):
@@ -115,7 +117,7 @@ def _reraise_malformed_media_type(case: Case, exc: ValueError, location: str, ac
     ) from exc
 
 
-def response_headers_conformance(response: GenericResponse, case: Case) -> bool | None:
+def response_headers_conformance(ctx: CheckContext, response: GenericResponse, case: Case) -> bool | None:
     import jsonschema
 
     from .parameters import OpenAPI20Parameter, OpenAPI30Parameter
@@ -171,11 +173,11 @@ def response_headers_conformance(response: GenericResponse, case: Case) -> bool
                     )
                 except jsonschema.ValidationError as exc:
                     exc_class = get_schema_validation_error(case.operation.verbose_name, exc)
-                    ctx = failures.ValidationErrorContext.from_exception(
+                    error_ctx = failures.ValidationErrorContext.from_exception(
                         exc, output_config=case.operation.schema.output_config
                     )
                     try:
-                        raise exc_class("Response header does not conform to the schema", context=ctx) from exc
+                        raise exc_class("Response header does not conform to the schema", context=error_ctx) from exc
                     except Exception as exc:
                         errors.append(exc)
     return _maybe_raise_one_or_more(errors)  # type: ignore[func-returns-value]
@@ -203,7 +205,7 @@ def _coerce_header_value(value: str, schema: dict[str, Any]) -> str | int | floa
     return value
 
 
-def response_schema_conformance(response: GenericResponse, case: Case) -> bool | None:
+def response_schema_conformance(ctx: CheckContext, response: GenericResponse, case: Case) -> bool | None:
     from .schemas import BaseOpenAPISchema
 
     if not isinstance(case.operation.schema, BaseOpenAPISchema):
@@ -211,7 +213,7 @@ def response_schema_conformance(response: GenericResponse, case: Case) -> bool |
     return case.operation.validate_response(response)
 
 
-def negative_data_rejection(response: GenericResponse, case: Case) -> bool | None:
+def negative_data_rejection(ctx: CheckContext, response: GenericResponse, case: Case) -> bool | None:
     from .schemas import BaseOpenAPISchema
 
     if not isinstance(case.operation.schema, BaseOpenAPISchema):
@@ -258,7 +260,7 @@ def has_only_additional_properties_in_non_body_parameters(case: Case) -> bool:
     return True
 
 
-def use_after_free(response: GenericResponse, original: Case) -> bool | None:
+def use_after_free(ctx: CheckContext, response: GenericResponse, original: Case) -> bool | None:
     from ...transports.responses import get_reason
     from .schemas import BaseOpenAPISchema
 
@@ -298,7 +300,7 @@ def use_after_free(response: GenericResponse, original: Case) -> bool | None:
     return None
 
 
-def ensure_resource_availability(response: GenericResponse, original: Case) -> bool | None:
+def ensure_resource_availability(ctx: CheckContext, response: GenericResponse, original: Case) -> bool | None:
     from ...transports.responses import get_reason
     from .schemas import BaseOpenAPISchema
 
@@ -332,7 +334,12 @@ def ensure_resource_availability(response: GenericResponse, original: Case) -> b
     return None
 
 
-def ignored_auth(response: GenericResponse, case: Case) -> bool | None:
+class AuthKind(enum.Enum):
+    EXPLICIT = "explicit"
+    GENERATED = "generated"
+
+
+def ignored_auth(ctx: CheckContext, response: GenericResponse, case: Case) -> bool | None:
     """Check if an operation declares authentication as a requirement but does not actually enforce it."""
     from .schemas import BaseOpenAPISchema
 
@@ -340,32 +347,49 @@ def ignored_auth(response: GenericResponse, case: Case) -> bool | None:
         return True
     security_parameters = _get_security_parameters(case.operation)
     # Authentication is required for this API operation and response is successful
-    # Will it still be successful if there is no auth?
     if security_parameters and 200 <= response.status_code < 300:
-        if _contains_auth(response.request, security_parameters):
-            # If there is auth in the request, then drop it and retry the call
+        auth = _contains_auth(ctx, response.request, security_parameters)
+        if auth == AuthKind.EXPLICIT:
+            # Auth is explicitly set, it is expected to be valid
+            # Check if invalid auth will give an error
             _remove_auth_from_case(case, security_parameters)
             new_response = case.operation.schema.transport.send(case)
             if 200 <= new_response.status_code < 300:
-                # Mutate the response object in place on the best effort basis
-                if hasattr(response, "__attrs__"):
-                    for attribute in new_response.__attrs__:
-                        setattr(response, attribute, getattr(new_response, attribute))
-                else:
-                    response.__dict__.update(new_response.__dict__)
-                _raise_auth_error(new_response, case.operation.verbose_name)
+                _update_response(response, new_response)
+                _raise_no_auth_error(new_response, case.operation.verbose_name, "that requires authentication")
+            # Try to set invalid auth and check if it succeeds
+            for parameter in security_parameters:
+                _set_auth_for_case(case, parameter)
+                new_response = case.operation.schema.transport.send(case)
+                if 200 <= new_response.status_code < 300:
+                    _update_response(response, new_response)
+                    _raise_no_auth_error(new_response, case.operation.verbose_name, "with any auth")
+                _remove_auth_from_case(case, security_parameters)
+        elif auth == AuthKind.GENERATED:
+            # If this auth is generated which means it is likely invalid, then
+            # this request should have been an error
+            _raise_no_auth_error(response, case.operation.verbose_name, "with invalid auth")
         else:
             # Successful response when there is no auth
-            _raise_auth_error(response, case.operation.verbose_name)
+            _raise_no_auth_error(response, case.operation.verbose_name, "that requires authentication")
     return None
 
 
-def _raise_auth_error(response: GenericResponse, operation: str) -> NoReturn:
+def _update_response(old: GenericResponse, new: GenericResponse) -> None:
+    # Mutate the response object in place on the best effort basis
+    if hasattr(old, "__attrs__"):
+        for attribute in new.__attrs__:
+            setattr(old, attribute, getattr(new, attribute))
+    else:
+        old.__dict__.update(new.__dict__)
+
+
+def _raise_no_auth_error(response: GenericResponse, operation: str, suffix: str) -> NoReturn:
     from ...transports.responses import get_reason
 
     exc_class = get_ignored_auth_error(operation)
     reason = get_reason(response.status_code)
-    message = f"The API returned `{response.status_code} {reason}` for `{operation}` that requires authentication."
+    message = f"The API returned `{response.status_code} {reason}` for `{operation}` {suffix}."
     raise exc_class(
         failures.IgnoredAuth.title,
         context=failures.IgnoredAuth(message=message),
@@ -387,7 +411,9 @@ def _get_security_parameters(operation: APIOperation) -> list[SecurityParameter]
     ]
 
 
-def _contains_auth(request: PreparedRequest, security_parameters: list[SecurityParameter]) -> bool:
+def _contains_auth(
+    ctx: CheckContext, request: PreparedRequest, security_parameters: list[SecurityParameter]
+) -> AuthKind | None:
     """Whether a request has authentication declared in the schema."""
     from requests.cookies import RequestsCookieJar
 
@@ -410,10 +436,20 @@ def _contains_auth(request: PreparedRequest, security_parameters: list[SecurityP
         return p["in"] == "cookie" and (p["name"] in cookies or p["name"] in header_cookies)
 
     for parameter in security_parameters:
-        if has_header(parameter) or has_query(parameter) or has_cookie(parameter):
-            return True
+        if has_header(parameter):
+            if ctx.headers is not None and parameter["name"] in ctx.headers:
+                return AuthKind.EXPLICIT
+            return AuthKind.GENERATED
+        if has_cookie(parameter):
+            if ctx.headers is not None and "Cookie" in ctx.headers:
+                cookies = cast(RequestsCookieJar, ctx.headers["Cookie"])  # type: ignore
+                if parameter["name"] in cookies:
+                    return AuthKind.EXPLICIT
+            return AuthKind.GENERATED
+        if has_query(parameter):
+            return AuthKind.GENERATED
 
-    return False
+    return None
 
 
 def _remove_auth_from_case(case: Case, security_parameters: list[SecurityParameter]) -> None:
@@ -431,6 +467,19 @@ def _remove_auth_from_case(case: Case, security_parameters: list[SecurityParamet
             case.cookies.pop(name, None)
 
 
+def _set_auth_for_case(case: Case, parameter: SecurityParameter) -> None:
+    name = parameter["name"]
+    for location, attr_name in (
+        ("header", "headers"),
+        ("query", "query"),
+        ("cookie", "cookies"),
+    ):
+        if parameter["in"] == location:
+            container = getattr(case, attr_name, {})
+            container[name] = "SCHEMATHESIS-INVALID-VALUE"
+            setattr(case, attr_name, container)
+
+
 @dataclass
 class ResourcePath:
     """A path to a resource with variables."""

schemathesis/specs/openapi/definitions.py

@@ -1907,11 +1907,7 @@ _VALIDATORS = [
     "OPENAPI_31_VALIDATOR",
 ]
 
-__all__ = [
-    "SWAGGER_20",
-    "OPENAPI_30",
-    "OPENAPI_31",
-] + _VALIDATORS
+__all__ = ["SWAGGER_20", "OPENAPI_30", "OPENAPI_31", *_VALIDATORS]
 
 _imports = {
     "SWAGGER_20_VALIDATOR": lambda: make_validator(SWAGGER_20),

schemathesis/specs/openapi/examples.py

@@ -4,10 +4,9 @@ from contextlib import suppress
 from dataclasses import dataclass
 from functools import lru_cache
 from itertools import chain, cycle, islice
-from typing import TYPE_CHECKING, Any, Generator, Union, cast
+from typing import TYPE_CHECKING, Any, Generator, Iterator, Union, cast
 
 import requests
-from hypothesis.strategies import SearchStrategy
 from hypothesis_jsonschema import from_schema
 
 from ...constants import DEFAULT_RESPONSE_TIMEOUT
@@ -20,6 +19,8 @@ from .formats import STRING_FORMATS
 from .parameters import OpenAPIBody, OpenAPIParameter
 
 if TYPE_CHECKING:
+    from hypothesis.strategies import SearchStrategy
+
     from ...generation import GenerationConfig
 
 
@@ -77,6 +78,7 @@ def get_strategies_from_examples(
 
 def extract_top_level(operation: APIOperation[OpenAPIParameter, Case]) -> Generator[Example, None, None]:
     """Extract top-level parameter examples from `examples` & `example` fields."""
+    responses = find_in_responses(operation)
     for parameter in operation.iter_parameters():
         if "schema" in parameter.definition:
             definitions = [parameter.definition, *_expand_subschemas(parameter.definition["schema"])]
@@ -106,6 +108,10 @@ def extract_top_level(operation: APIOperation[OpenAPIParameter, Case]) -> Genera
                         yield ParameterExample(
                             container=LOCATION_TO_CONTAINER[parameter.location], name=parameter.name, value=value
                         )
+        for value in find_matching_in_responses(responses, parameter.name):
+            yield ParameterExample(
+                container=LOCATION_TO_CONTAINER[parameter.location], name=parameter.name, value=value
+            )
     for alternative in operation.body:
         alternative = cast(OpenAPIBody, alternative)
         if "schema" in alternative.definition:
@@ -349,3 +355,87 @@ def _produce_parameter_combinations(parameters: dict[str, dict[str, list]]) -> G
             }
             for container, variants in parameters.items()
         }
+
+
+def find_in_responses(operation: APIOperation) -> dict[str, list[dict[str, Any]]]:
+    """Find schema examples in responses."""
+    output: dict[str, list[dict[str, Any]]] = {}
+    for status_code, response in operation.definition.raw.get("responses", {}).items():
+        if not str(status_code).startswith("2"):
+            # Check only 2xx responses
+            continue
+        if isinstance(response, dict) and "$ref" in response:
+            _, response = operation.schema.resolver.resolve_in_scope(response, operation.definition.scope)  # type:ignore[attr-defined]
+        for media_type, definition in response.get("content", {}).items():
+            schema_ref = definition.get("schema", {}).get("$ref")
+            if schema_ref:
+                name = schema_ref.split("/")[-1]
+            else:
+                name = f"{status_code}/{media_type}"
+            for examples_field, example_field in (
+                ("examples", "example"),
+                ("x-examples", "x-example"),
+            ):
+                examples = definition.get(examples_field, {})
+                for example in examples.values():
+                    if "value" in example:
+                        output.setdefault(name, []).append(example["value"])
+                if example_field in definition:
+                    output.setdefault(name, []).append(definition[example_field])
+    return output
+
+
+NOT_FOUND = object()
+
+
+def find_matching_in_responses(examples: dict[str, list], param: str) -> Iterator[Any]:
+    """Find matching parameter examples."""
+    normalized = param.lower()
+    is_id_param = normalized.endswith("id")
+    # Extract values from response examples that match input parameters.
+    # E.g., for `GET /orders/{id}/`, use "id" or "orderId" from `Order` response
+    # as examples for the "id" path parameter.
+    for schema_name, schema_examples in examples.items():
+        for example in schema_examples:
+            if not isinstance(example, dict):
+                continue
+            # Unwrapping example from `{"item": [{...}]}`
+            if isinstance(example, dict) and len(example) == 1 and list(example)[0].lower() == schema_name.lower():
+                inner = list(example.values())[0]
+                if isinstance(inner, list):
+                    for sub_example in inner:
+                        found = _find_matching_in_responses(sub_example, schema_name, param, normalized, is_id_param)
+                        if found is not NOT_FOUND:
+                            yield found
+                    continue
+                example = inner
+            found = _find_matching_in_responses(example, schema_name, param, normalized, is_id_param)
+            if found is not NOT_FOUND:
+                yield found
+
+
+def _find_matching_in_responses(
+    example: dict[str, Any], schema_name: str, param: str, normalized: str, is_id_param: bool
+) -> Any:
+    # Check for exact match
+    if param in example:
+        return example[param]
+
+    # Check for case-insensitive match
+    for key in example:
+        if key.lower() == normalized:
+            return example[key]
+    else:
+        # If no match found and it's an ID parameter, try additional checks
+        if is_id_param:
+            # Check for 'id' if parameter is '{something}Id'
+            if "id" in example:
+                return example["id"]
+            # Check for '{schemaName}Id' or '{schemaName}_id'
+            if normalized == "id" or normalized.startswith(schema_name.lower()):
+                for key in (schema_name, schema_name.lower()):
+                    for suffix in ("_id", "Id"):
+                        with_suffix = f"{key}{suffix}"
+                        if with_suffix in example:
+                            return example[with_suffix]
+    return NOT_FOUND

schemathesis/specs/openapi/expressions/__init__.py

@@ -11,6 +11,13 @@ from typing import Any
 from . import lexer, nodes, parser
 from .context import ExpressionContext
 
+__all__ = [
+    "lexer",
+    "nodes",
+    "parser",
+    "ExpressionContext",
+]
+
 
 def evaluate(expr: Any, context: ExpressionContext, evaluate_nested: bool = False) -> Any:
     """Evaluate runtime expression in context."""

schemathesis/specs/openapi/expressions/extractors.py

@@ -1,7 +1,10 @@
 from __future__ import annotations
 
-import re
 from dataclasses import dataclass
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    import re
 
 
 @dataclass

schemathesis/specs/openapi/expressions/nodes.py

@@ -4,13 +4,15 @@ from __future__ import annotations
 
 from dataclasses import dataclass
 from enum import Enum, unique
-from typing import Any
+from typing import TYPE_CHECKING, Any
 
 from requests.structures import CaseInsensitiveDict
 
 from .. import references
-from .context import ExpressionContext
-from .extractors import Extractor
+
+if TYPE_CHECKING:
+    from .context import ExpressionContext
+    from .extractors import Extractor
 
 
 @dataclass

schemathesis/specs/openapi/links.py

@@ -10,22 +10,22 @@ from difflib import get_close_matches
 from types import SimpleNamespace
 from typing import TYPE_CHECKING, Any, Generator, Literal, NoReturn, Sequence, TypedDict, Union, cast
 
-from jsonschema import RefResolver
-
 from ...constants import NOT_SET
 from ...internal.copy import fast_deepcopy
 from ...models import APIOperation, Case, TransitionId
-from ...parameters import ParameterSet
 from ...stateful import ParsedData, StatefulTest, UnresolvableLink
 from ...stateful.state_machine import Direction
-from ...types import NotSet
 from . import expressions
 from .constants import LOCATION_TO_CONTAINER
 from .parameters import OpenAPI20Body, OpenAPI30Body, OpenAPIParameter
 from .references import RECURSION_DEPTH_LIMIT, Unresolvable
 
 if TYPE_CHECKING:
+    from jsonschema import RefResolver
+
+    from ...parameters import ParameterSet
     from ...transports.responses import GenericResponse
+    from ...types import NotSet
 
 
 @dataclass(repr=False)

schemathesis/specs/openapi/loaders.py

@@ -9,7 +9,7 @@ from urllib.parse import urljoin
 
 from ... import experimental, fixups
 from ...code_samples import CodeSampleStyle
-from ...constants import NOT_SET, WAIT_FOR_SCHEMA_INTERVAL
+from ...constants import DEFAULT_RESPONSE_TIMEOUT, NOT_SET, WAIT_FOR_SCHEMA_INTERVAL
 from ...exceptions import SchemaError, SchemaErrorType
 from ...filters import filter_set_from_components
 from ...generation import (
@@ -163,11 +163,12 @@ def from_uri(
             interval=WAIT_FOR_SCHEMA_INTERVAL,
         )
         def _load_schema(_uri: str, **_kwargs: Any) -> requests.Response:
-            return requests.get(_uri, **kwargs)
+            return requests.get(_uri, **_kwargs)
 
     else:
         _load_schema = requests.get
 
+    kwargs.setdefault("timeout", DEFAULT_RESPONSE_TIMEOUT / 1000)
     response = load_schema_from_url(lambda: _load_schema(uri, **kwargs))
     return from_file(
         response.text,
@@ -441,7 +442,7 @@ def _format_status_codes(status_codes: list[tuple[int, list[str | int]]]) -> str
     for status_code, path in status_codes:
         buffer.write(f" - {status_code} at schema['paths']")
         for chunk in path:
-            buffer.write(f"[{repr(chunk)}]")
+            buffer.write(f"[{chunk!r}]")
         buffer.write("['responses']\n")
     return buffer.getvalue().rstrip()
 
@@ -595,9 +596,9 @@ def from_wsgi(
 
 
 def get_loader_for_app(app: Any) -> Callable:
-    from starlette.applications import Starlette
+    from ...transports.asgi import is_asgi_app
 
-    if isinstance(app, Starlette):
+    if is_asgi_app(app):
         return from_asgi
     if app.__class__.__module__.startswith("aiohttp."):
         return from_aiohttp

schemathesis/specs/openapi/negative/__init__.py

@@ -2,17 +2,19 @@ from __future__ import annotations
 
 from dataclasses import dataclass
 from functools import lru_cache
-from typing import Any
+from typing import TYPE_CHECKING, Any
 from urllib.parse import urlencode
 
 import jsonschema
 from hypothesis import strategies as st
 from hypothesis_jsonschema import from_schema
 
-from ....generation import GenerationConfig
 from ..constants import ALL_KEYWORDS
 from .mutations import MutationContext
-from .types import Draw, Schema
+
+if TYPE_CHECKING:
+    from ....generation import GenerationConfig
+    from .types import Draw, Schema
 
 
 @dataclass

schemathesis/specs/openapi/negative/mutations.py

@@ -179,7 +179,7 @@ def remove_required_property(context: MutationContext, draw: Draw, schema: Schem
     else:
         candidate = draw(st.sampled_from(sorted(required)))
         enabled_properties = draw(st.shared(FeatureStrategy(), key="properties"))  # type: ignore
-        candidates = [candidate] + sorted([prop for prop in required if enabled_properties.is_enabled(prop)])
+        candidates = [candidate, *sorted([prop for prop in required if enabled_properties.is_enabled(prop)])]
         property_name = draw(st.sampled_from(candidates))
     required.remove(property_name)
     if not required:
@@ -226,9 +226,10 @@ def change_type(context: MutationContext, draw: Draw, schema: Schema) -> Mutatio
     candidate = draw(st.sampled_from(sorted(candidates)))
     candidates.remove(candidate)
     enabled_types = draw(st.shared(FeatureStrategy(), key="types"))  # type: ignore
-    remaining_candidates = [candidate] + sorted(
-        [candidate for candidate in candidates if enabled_types.is_enabled(candidate)]
-    )
+    remaining_candidates = [
+        candidate,
+        *sorted([candidate for candidate in candidates if enabled_types.is_enabled(candidate)]),
+    ]
     new_type = draw(st.sampled_from(remaining_candidates))
     schema["type"] = new_type
     prevent_unsatisfiable_schema(schema, new_type)

schemathesis/specs/openapi/parameters.py

@@ -2,13 +2,15 @@ from __future__ import annotations
 
 import json
 from dataclasses import dataclass
-from typing import Any, ClassVar, Iterable
+from typing import TYPE_CHECKING, Any, ClassVar, Iterable
 
 from ...exceptions import OperationSchemaError
-from ...models import APIOperation
 from ...parameters import Parameter
 from .converter import to_json_schema_recursive
 
+if TYPE_CHECKING:
+    from ...models import APIOperation
+
 
 @dataclass(eq=False)
 class OpenAPIParameter(Parameter):