schemathesis 3.37.1__py3-none-any.whl → 3.38.1__py3-none-any.whl

schemathesis/models.py

@@ -16,6 +16,7 @@ from typing import (
     Generator,
     Generic,
     Iterator,
+    Literal,
     NoReturn,
     Sequence,
     Type,
@@ -26,6 +27,7 @@ from urllib.parse import quote, unquote, urljoin, urlsplit, urlunsplit
 
 from . import serializers
 from ._dependency_versions import IS_WERKZEUG_ABOVE_3
+from ._override import CaseOverride
 from .code_samples import CodeSampleStyle
 from .constants import (
     NOT_SET,
@@ -48,6 +50,7 @@ from .hooks import GLOBAL_HOOK_DISPATCHER, HookContext, HookDispatcher, dispatch
 from .internal.checks import CheckContext
 from .internal.copy import fast_deepcopy
 from .internal.deprecation import deprecated_function, deprecated_property
+from .internal.diff import diff
 from .internal.output import prepare_response_payload
 from .parameters import Parameter, ParameterSet, PayloadAlternatives
 from .sanitization import sanitize_request, sanitize_response
@@ -155,9 +158,24 @@ class GenerationMetadata:
     cookies: DataGenerationMethod | None
     body: DataGenerationMethod | None
     phase: TestPhase
+    # Temporary attributes to carry info specific to the coverage phase
     description: str | None
-
-    __slots__ = ("query", "path_parameters", "headers", "cookies", "body", "phase", "description")
+    location: str | None
+    parameter: str | None
+    parameter_location: str | None
+
+    __slots__ = (
+        "query",
+        "path_parameters",
+        "headers",
+        "cookies",
+        "body",
+        "phase",
+        "description",
+        "location",
+        "parameter",
+        "parameter_location",
+    )
 
 
 @dataclass(repr=False)
@@ -187,6 +205,26 @@ class Case:
     _auth: requests.auth.AuthBase | None = None
     _has_explicit_auth: bool = False
 
+    def __post_init__(self) -> None:
+        self._original_path_parameters = self.path_parameters.copy() if self.path_parameters else None
+        self._original_headers = self.headers.copy() if self.headers else None
+        self._original_cookies = self.cookies.copy() if self.cookies else None
+        self._original_query = self.query.copy() if self.query else None
+
+    def _has_generated_component(self, name: str) -> bool:
+        assert name in ["path_parameters", "headers", "cookies", "query"]
+        if self.meta is None:
+            return False
+        return getattr(self.meta, name) is not None
+
+    def _get_diff(self, component: Literal["path_parameters", "headers", "query", "cookies"]) -> dict[str, Any]:
+        original = getattr(self, f"_original_{component}")
+        current = getattr(self, component)
+        if not (current and original):
+            return {}
+        original_value = original if self._has_generated_component(component) else {}
+        return diff(original_value, current)
+
     def __repr__(self) -> str:
         parts = [f"{self.__class__.__name__}("]
         first = True
@@ -203,6 +241,15 @@ class Case:
     def __hash__(self) -> int:
         return hash(self.as_curl_command({SCHEMATHESIS_TEST_CASE_HEADER: "0"}))
 
+    @property
+    def _override(self) -> CaseOverride:
+        return CaseOverride(
+            path_parameters=self._get_diff("path_parameters"),
+            headers=self._get_diff("headers"),
+            query=self._get_diff("query"),
+            cookies=self._get_diff("cookies"),
+        )
+
     def _repr_pretty_(self, printer: RepresentationPrinter, cycle: bool) -> None:
         return None
 
@@ -460,7 +507,9 @@ class Case:
         checks = tuple(check for check in checks if check not in excluded_checks)
         additional_checks = tuple(check for check in _additional_checks if check not in excluded_checks)
         failed_checks = []
-        ctx = CheckContext(headers=CaseInsensitiveDict(headers) if headers else None)
+        ctx = CheckContext(
+            override=self._override, auth=None, headers=CaseInsensitiveDict(headers) if headers else None
+        )
         for check in chain(checks, additional_checks):
             copied_case = self.partial_deepcopy()
             try:
@@ -529,12 +578,21 @@ class Case:
         session: requests.Session | None = None,
         headers: dict[str, Any] | None = None,
         checks: tuple[CheckFunction, ...] = (),
+        additional_checks: tuple[CheckFunction, ...] = (),
+        excluded_checks: tuple[CheckFunction, ...] = (),
         code_sample_style: str | None = None,
         **kwargs: Any,
     ) -> requests.Response:
         __tracebackhide__ = True
         response = self.call(base_url, session, headers, **kwargs)
-        self.validate_response(response, checks, code_sample_style=code_sample_style, headers=headers)
+        self.validate_response(
+            response,
+            checks,
+            code_sample_style=code_sample_style,
+            headers=headers,
+            additional_checks=additional_checks,
+            excluded_checks=excluded_checks,
+        )
         return response
 
     def _get_url(self, base_url: str | None) -> str:
@@ -610,6 +668,9 @@ class OperationDefinition(Generic[D]):
 
     __slots__ = ("raw", "resolved", "scope")
 
+    def _repr_pretty_(self, printer: RepresentationPrinter, cycle: bool) -> None:
+        return None
+
 
 C = TypeVar("C", bound=Case)
 
@@ -1022,7 +1083,12 @@ class Interaction:
     status: Status
     data_generation_method: DataGenerationMethod
     phase: TestPhase | None
+    # `description` & `location` are related to metadata about this interaction
+    # NOTE: It will be better to keep it in a separate attribute
     description: str | None
+    location: str | None
+    parameter: str | None
+    parameter_location: str | None
     recorded_at: str = field(default_factory=lambda: datetime.datetime.now(TIMEZONE).isoformat())
 
     @classmethod
@@ -1053,6 +1119,9 @@ class Interaction:
             data_generation_method=cast(DataGenerationMethod, case.data_generation_method),
             phase=case.meta.phase if case.meta is not None else None,
             description=case.meta.description if case.meta is not None else None,
+            location=case.meta.location if case.meta is not None else None,
+            parameter=case.meta.parameter if case.meta is not None else None,
+            parameter_location=case.meta.parameter_location if case.meta is not None else None,
         )
 
     @classmethod
@@ -1077,6 +1146,9 @@ class Interaction:
             data_generation_method=cast(DataGenerationMethod, case.data_generation_method),
             phase=case.meta.phase if case.meta is not None else None,
             description=case.meta.description if case.meta is not None else None,
+            location=case.meta.location if case.meta is not None else None,
+            parameter=case.meta.parameter if case.meta is not None else None,
+            parameter_location=case.meta.parameter_location if case.meta is not None else None,
         )
 
 

schemathesis/runner/impl/context.py

@@ -12,6 +12,7 @@ if TYPE_CHECKING:
 
     from hypothesis.vendor.pretty import RepresentationPrinter
 
+    from ..._override import CaseOverride
     from ...exceptions import OperationSchemaError
     from ...models import Case
     from ...types import NotSet, RawAuth
@@ -28,8 +29,9 @@ class RunnerContext:
     unique_data: bool
     outcome_cache: dict[int, BaseException | None]
     checks_config: CheckConfig
+    override: CaseOverride | None
 
-    __slots__ = ("data", "auth", "seed", "stop_event", "unique_data", "outcome_cache", "checks_config")
+    __slots__ = ("data", "auth", "seed", "stop_event", "unique_data", "outcome_cache", "checks_config", "override")
 
     def __init__(
         self,
@@ -39,6 +41,7 @@ class RunnerContext:
         stop_event: threading.Event,
         unique_data: bool,
         checks_config: CheckConfig,
+        override: CaseOverride | None,
     ) -> None:
         self.data = TestResultSet(seed=seed)
         self.auth = auth
@@ -47,6 +50,7 @@ class RunnerContext:
         self.outcome_cache = {}
         self.unique_data = unique_data
         self.checks_config = checks_config
+        self.override = override
 
     def _repr_pretty_(self, printer: RepresentationPrinter, cycle: bool) -> None:
         return None

schemathesis/runner/impl/core.py

@@ -138,6 +138,7 @@ class BaseRunner:
             stop_event=stop_event,
             unique_data=self.unique_data,
             checks_config=self.checks_config,
+            override=self.override,
         )
         start_time = time.monotonic()
         initialized = None
@@ -429,7 +430,7 @@ def run_probes(schema: BaseSchema, config: probes.ProbeConfig) -> list[probes.Pr
     results = probes.run(schema, config)
     for result in results:
         if isinstance(result.probe, probes.NullByteInHeader) and result.is_failure:
-            from ...specs.openapi._hypothesis import HEADER_FORMAT, header_values
+            from ...specs.openapi.formats import HEADER_FORMAT, header_values
 
             formats.register(HEADER_FORMAT, header_values(blacklist_characters="\n\r\x00"))
     return results
@@ -1025,7 +1026,10 @@ def _network_test(
     status = Status.success
 
     check_ctx = CheckContext(
-        auth=ctx.auth, headers=CaseInsensitiveDict(headers) if headers else None, config=ctx.checks_config
+        override=ctx.override,
+        auth=ctx.auth,
+        headers=CaseInsensitiveDict(headers) if headers else None,
+        config=ctx.checks_config,
     )
     try:
         run_checks(
@@ -1119,7 +1123,10 @@ def _wsgi_test(
     status = Status.success
     check_results: list[Check] = []
     check_ctx = CheckContext(
-        auth=ctx.auth, headers=CaseInsensitiveDict(headers) if headers else None, config=ctx.checks_config
+        override=ctx.override,
+        auth=ctx.auth,
+        headers=CaseInsensitiveDict(headers) if headers else None,
+        config=ctx.checks_config,
     )
     try:
         run_checks(
@@ -1201,7 +1208,10 @@ def _asgi_test(
     status = Status.success
     check_results: list[Check] = []
     check_ctx = CheckContext(
-        auth=ctx.auth, headers=CaseInsensitiveDict(headers) if headers else None, config=ctx.checks_config
+        override=ctx.override,
+        auth=ctx.auth,
+        headers=CaseInsensitiveDict(headers) if headers else None,
+        config=ctx.checks_config,
     )
     try:
         run_checks(

schemathesis/runner/serialization.py

@@ -275,9 +275,10 @@ class SerializedError:
             message = f"Scalar type '{scalar_name}' is not recognized"
             extras = []
             title = "Unknown GraphQL Scalar"
-        elif isinstance(exception, hypothesis.errors.InvalidArgument) and (
-            str(exception).endswith("larger than Hypothesis is designed to handle")
-            or "can neber generate an example, because min_size is larger than Hypothesis suports."
+        elif (
+            isinstance(exception, hypothesis.errors.InvalidArgument)
+            and str(exception).endswith("larger than Hypothesis is designed to handle")
+            or "can never generate an example, because min_size is larger than Hypothesis supports" in str(exception)
         ):
             type_ = RuntimeErrorType.HYPOTHESIS_HEALTH_CHECK_LARGE_BASE_EXAMPLE
             message = HEALTH_CHECK_MESSAGE_LARGE_BASE_EXAMPLE
@@ -396,6 +397,9 @@ class SerializedInteraction:
     data_generation_method: DataGenerationMethod
     phase: TestPhase | None
     description: str | None
+    location: str | None
+    parameter: str | None
+    parameter_location: str | None
     recorded_at: str
 
     @classmethod
@@ -408,6 +412,9 @@ class SerializedInteraction:
             data_generation_method=interaction.data_generation_method,
             phase=interaction.phase,
             description=interaction.description,
+            location=interaction.location,
+            parameter=interaction.parameter,
+            parameter_location=interaction.parameter_location,
             recorded_at=interaction.recorded_at,
         )
 

schemathesis/serializers.py

@@ -45,6 +45,9 @@ class Binary(str):
 
     __slots__ = ("data",)
 
+    def __hash__(self) -> int:
+        return hash(self.data)
+
 
 @dataclass
 class SerializerContext:

schemathesis/service/extensions.py

@@ -204,7 +204,7 @@ def make_strftime(format: str) -> Callable:
 
 
 def _get_map_function(definition: TransformFunctionDefinition) -> Result[Callable | None, Exception]:
-    from ..specs.openapi._hypothesis import Binary
+    from ..serializers import Binary
 
     TRANSFORM_FACTORIES: dict[str, Callable] = {
         "str": lambda: str,

schemathesis/service/metadata.py

@@ -35,7 +35,7 @@ class CliMetadata:
     version: str = SCHEMATHESIS_VERSION
 
 
-DEPDENDENCY_NAMES = ["hypothesis", "hypothesis-jsonschema", "hypothesis-graphql"]
+DEPENDENCY_NAMES = ["hypothesis", "hypothesis-jsonschema", "hypothesis-graphql"]
 
 
 @dataclass
@@ -53,7 +53,7 @@ class Dependency:
 
 
 def collect_dependency_versions() -> list[Dependency]:
-    return [Dependency.from_name(name) for name in DEPDENDENCY_NAMES]
+    return [Dependency.from_name(name) for name in DEPENDENCY_NAMES]
 
 
 @dataclass
@@ -68,4 +68,4 @@ class Metadata:
     cli: CliMetadata = field(default_factory=CliMetadata)
     # Used Docker image if any
     docker_image: str | None = field(default_factory=lambda: os.getenv(DOCKER_IMAGE_ENV_VAR))
-    depdenencies: list[Dependency] = field(default_factory=collect_dependency_versions)
+    depedenencies: list[Dependency] = field(default_factory=collect_dependency_versions)

schemathesis/specs/openapi/_hypothesis.py

@@ -1,11 +1,8 @@
 from __future__ import annotations
 
-import string
 import time
-from base64 import b64encode
 from contextlib import suppress
 from dataclasses import dataclass
-from functools import lru_cache
 from typing import Any, Callable, Dict, Iterable, Optional
 from urllib.parse import quote_plus
 from weakref import WeakKeyDictionary
@@ -13,7 +10,6 @@ from weakref import WeakKeyDictionary
 from hypothesis import reject
 from hypothesis import strategies as st
 from hypothesis_jsonschema import from_schema
-from requests.auth import _basic_auth_str
 from requests.structures import CaseInsensitiveDict
 from requests.utils import to_key_val_list
 
@@ -26,56 +22,22 @@ from ...hooks import HookContext, HookDispatcher, apply_to_all_dispatchers
 from ...internal.copy import fast_deepcopy
 from ...internal.validation import is_illegal_surrogate
 from ...models import APIOperation, Case, GenerationMetadata, TestPhase, cant_serialize
-from ...serializers import Binary
 from ...transports.content_types import parse_content_type
 from ...transports.headers import has_invalid_characters, is_latin_1_encodable
 from ...types import NotSet
-from ...utils import compose, skip
+from ...utils import skip
 from .constants import LOCATION_TO_CONTAINER
-from .formats import STRING_FORMATS
+from .formats import HEADER_FORMAT, STRING_FORMATS, get_default_format_strategies, header_values
 from .media_types import MEDIA_TYPES
 from .negative import negative_schema
 from .negative.utils import can_negate
 from .parameters import OpenAPIBody, OpenAPIParameter, parameters_to_json_schema
 from .utils import is_header_location
 
-HEADER_FORMAT = "_header_value"
 SLASH = "/"
 StrategyFactory = Callable[[Dict[str, Any], str, str, Optional[str], GenerationConfig], st.SearchStrategy]
 
 
-def header_values(blacklist_characters: str = "\n\r") -> st.SearchStrategy[str]:
-    return st.text(
-        alphabet=st.characters(min_codepoint=0, max_codepoint=255, blacklist_characters=blacklist_characters)
-        # Header values with leading non-visible chars can't be sent with `requests`
-    ).map(str.lstrip)
-
-
-@lru_cache
-def get_default_format_strategies() -> dict[str, st.SearchStrategy]:
-    """Get all default "format" strategies."""
-
-    def make_basic_auth_str(item: tuple[str, str]) -> str:
-        return _basic_auth_str(*item)
-
-    latin1_text = st.text(alphabet=st.characters(min_codepoint=0, max_codepoint=255))
-
-    # Define valid characters here to avoid filtering them out in `is_valid_header` later
-    header_value = header_values()
-
-    return {
-        "binary": st.binary().map(Binary),
-        "byte": st.binary().map(lambda x: b64encode(x).decode()),
-        # RFC 7230, Section 3.2.6
-        "_header_name": st.text(
-            min_size=1, alphabet=st.sampled_from("!#$%&'*+-.^_`|~" + string.digits + string.ascii_letters)
-        ),
-        HEADER_FORMAT: header_value,
-        "_basic_auth": st.tuples(latin1_text, latin1_text).map(make_basic_auth_str),
-        "_bearer_auth": header_value.map("Bearer {}".format),
-    }
-
-
 def is_valid_header(headers: dict[str, Any]) -> bool:
     """Verify if the generated headers are valid."""
     for name, value in headers.items():
@@ -216,6 +178,9 @@ def get_case_strategy(
             body=body_.generator,
             phase=phase,
             description=None,
+            location=None,
+            parameter=None,
+            parameter_location=None,
         ),
     )
     auth_context = auths.AuthContext(
@@ -417,12 +382,10 @@ def get_parameters_strategy(
             # `True` / `False` / `None` improves chances of them passing validation in apps
             # that expect boolean / null types
             # and not aware of Python-specific representation of those types
-            map_func = {
-                "path": compose(quote_all, jsonify_python_specific_types),
-                "query": jsonify_python_specific_types,
-            }.get(location)
-            if map_func:
-                strategy = strategy.map(map_func)  # type: ignore
+            if location == "path":
+                strategy = strategy.map(quote_all).map(jsonify_python_specific_types)
+            elif location == "query":
+                strategy = strategy.map(jsonify_python_specific_types)
         _PARAMETER_STRATEGIES_CACHE.setdefault(operation, {})[nested_cache_key] = strategy
         return strategy
     # No parameters defined for this location

schemathesis/specs/openapi/checks.py

@@ -476,17 +476,22 @@ def _contains_auth(
         return p["in"] == "cookie" and (p["name"] in cookies or p["name"] in header_cookies)
 
     for parameter in security_parameters:
+        name = parameter["name"]
         if has_header(parameter):
-            if ctx.headers is not None and parameter["name"] in ctx.headers:
+            if (ctx.headers is not None and name in ctx.headers) or (ctx.override and name in ctx.override.headers):
                 return AuthKind.EXPLICIT
             return AuthKind.GENERATED
         if has_cookie(parameter):
             if ctx.headers is not None and "Cookie" in ctx.headers:
                 cookies = cast(RequestsCookieJar, ctx.headers["Cookie"])  # type: ignore
-                if parameter["name"] in cookies:
+                if name in cookies:
                     return AuthKind.EXPLICIT
+            if ctx.override and name in ctx.override.cookies:
+                return AuthKind.EXPLICIT
             return AuthKind.GENERATED
         if has_query(parameter):
+            if ctx.override and name in ctx.override.query:
+                return AuthKind.EXPLICIT
             return AuthKind.GENERATED
 
     return None

schemathesis/specs/openapi/converter.py

@@ -9,7 +9,12 @@ from .patterns import update_quantifier
 
 
 def to_json_schema(
-    schema: dict[str, Any], *, nullable_name: str, copy: bool = True, is_response_schema: bool = False
+    schema: dict[str, Any],
+    *,
+    nullable_name: str,
+    copy: bool = True,
+    is_response_schema: bool = False,
+    update_quantifiers: bool = True,
 ) -> dict[str, Any]:
     """Convert Open API parameters to JSON Schema.
 
@@ -25,6 +30,19 @@ def to_json_schema(
     if schema_type == "file":
         schema["type"] = "string"
         schema["format"] = "binary"
+    if update_quantifiers:
+        update_pattern_in_schema(schema)
+    if schema_type == "object":
+        if is_response_schema:
+            # Write-only properties should not occur in responses
+            rewrite_properties(schema, is_write_only)
+        else:
+            # Read-only properties should not occur in requests
+            rewrite_properties(schema, is_read_only)
+    return schema
+
+
+def update_pattern_in_schema(schema: dict[str, Any]) -> None:
     pattern = schema.get("pattern")
     min_length = schema.get("minLength")
     max_length = schema.get("maxLength")
@@ -34,14 +52,6 @@ def to_json_schema(
             schema.pop("minLength", None)
             schema.pop("maxLength", None)
             schema["pattern"] = new_pattern
-    if schema_type == "object":
-        if is_response_schema:
-            # Write-only properties should not occur in responses
-            rewrite_properties(schema, is_write_only)
-        else:
-            # Read-only properties should not occur in requests
-            rewrite_properties(schema, is_read_only)
-    return schema
 
 
 def rewrite_properties(schema: dict[str, Any], predicate: Callable[[dict[str, Any]], bool]) -> None:
@@ -82,6 +92,12 @@ def is_read_only(schema: dict[str, Any] | bool) -> bool:
 
 
 def to_json_schema_recursive(
-    schema: dict[str, Any], nullable_name: str, is_response_schema: bool = False
+    schema: dict[str, Any], nullable_name: str, is_response_schema: bool = False, update_quantifiers: bool = True
 ) -> dict[str, Any]:
-    return traverse_schema(schema, to_json_schema, nullable_name=nullable_name, is_response_schema=is_response_schema)
+    return traverse_schema(
+        schema,
+        to_json_schema,
+        nullable_name=nullable_name,
+        is_response_schema=is_response_schema,
+        update_quantifiers=update_quantifiers,
+    )

schemathesis/specs/openapi/formats.py

@@ -1,5 +1,8 @@
 from __future__ import annotations
 
+import string
+from base64 import b64encode
+from functools import lru_cache
 from typing import TYPE_CHECKING
 
 if TYPE_CHECKING:
@@ -33,5 +36,46 @@ def unregister_string_format(name: str) -> None:
         raise ValueError(f"Unknown Open API format: {name}") from exc
 
 
+def header_values(blacklist_characters: str = "\n\r") -> st.SearchStrategy[str]:
+    from hypothesis import strategies as st
+
+    return st.text(
+        alphabet=st.characters(min_codepoint=0, max_codepoint=255, blacklist_characters=blacklist_characters)
+        # Header values with leading non-visible chars can't be sent with `requests`
+    ).map(str.lstrip)
+
+
+HEADER_FORMAT = "_header_value"
+
+
+@lru_cache
+def get_default_format_strategies() -> dict[str, st.SearchStrategy]:
+    """Get all default "format" strategies."""
+    from hypothesis import strategies as st
+    from requests.auth import _basic_auth_str
+
+    from ...serializers import Binary
+
+    def make_basic_auth_str(item: tuple[str, str]) -> str:
+        return _basic_auth_str(*item)
+
+    latin1_text = st.text(alphabet=st.characters(min_codepoint=0, max_codepoint=255))
+
+    # Define valid characters here to avoid filtering them out in `is_valid_header` later
+    header_value = header_values()
+
+    return {
+        "binary": st.binary().map(Binary),
+        "byte": st.binary().map(lambda x: b64encode(x).decode()),
+        # RFC 7230, Section 3.2.6
+        "_header_name": st.text(
+            min_size=1, alphabet=st.sampled_from("!#$%&'*+-.^_`|~" + string.digits + string.ascii_letters)
+        ),
+        HEADER_FORMAT: header_value,
+        "_basic_auth": st.tuples(latin1_text, latin1_text).map(make_basic_auth_str),
+        "_bearer_auth": header_value.map("Bearer {}".format),
+    }
+
+
 register = register_string_format
 unregister = unregister_string_format

schemathesis/specs/openapi/negative/mutations.py

@@ -372,6 +372,11 @@ def negate_constraints(context: MutationContext, draw: Draw, schema: Schema) ->
         # Should we negate this key?
         if k == "required":
             return v != []
+        if k in ("example", "examples"):
+            return False
+        if context.is_path_location and k == "minLength" and v == 1:
+            # Empty path parameter will be filtered out
+            return False
         return not (
             k in ("type", "properties", "items", "minItems")
             or (k == "additionalProperties" and context.is_header_location)