schemathesis 3.39.15__py3-none-any.whl → 4.0.0__py3-none-any.whl

schemathesis/specs/openapi/_hypothesis.py

@@ -3,29 +3,38 @@ from __future__ import annotations
 import time
 from contextlib import suppress
 from dataclasses import dataclass
-from typing import Any, Callable, Dict, Iterable, Optional
+from typing import Any, Callable, Dict, Iterable, Optional, Union, cast
 from urllib.parse import quote_plus
 from weakref import WeakKeyDictionary
 
-from hypothesis import reject
+import jsonschema.protocols
+from hypothesis import event, note, reject
 from hypothesis import strategies as st
 from hypothesis_jsonschema import from_schema
 from requests.structures import CaseInsensitiveDict
-from requests.utils import to_key_val_list
 
-from ... import auths, serializers
-from ..._hypothesis import prepare_urlencoded
-from ...constants import NOT_SET
-from ...exceptions import BodyInGetRequestError, SerializationNotPossible
-from ...generation import DataGenerationMethod, GenerationConfig
+from schemathesis.config import GenerationConfig
+from schemathesis.core import NOT_SET, NotSet, media_types
+from schemathesis.core.control import SkipTest
+from schemathesis.core.errors import SERIALIZERS_SUGGESTION_MESSAGE, SerializationNotPossible
+from schemathesis.core.transforms import deepclone
+from schemathesis.core.transport import prepare_urlencoded
+from schemathesis.generation.meta import (
+    CaseMetadata,
+    ComponentInfo,
+    ComponentKind,
+    ExplicitPhaseData,
+    GeneratePhaseData,
+    GenerationInfo,
+    PhaseInfo,
+    TestPhase,
+)
+from schemathesis.openapi.generation.filters import is_valid_header, is_valid_path, is_valid_query, is_valid_urlencoded
+from schemathesis.schemas import APIOperation
+
+from ... import auths
+from ...generation import GenerationMode
 from ...hooks import HookContext, HookDispatcher, apply_to_all_dispatchers
-from ...internal.copy import fast_deepcopy
-from ...internal.validation import is_illegal_surrogate
-from ...models import APIOperation, Case, GenerationMetadata, TestPhase, cant_serialize
-from ...transports.content_types import parse_content_type
-from ...transports.headers import has_invalid_characters, is_latin_1_encodable
-from ...types import NotSet
-from ...utils import skip
 from .constants import LOCATION_TO_CONTAINER
 from .formats import HEADER_FORMAT, STRING_FORMATS, get_default_format_strategies, header_values
 from .media_types import MEDIA_TYPES
@@ -35,57 +44,27 @@ from .parameters import OpenAPIBody, OpenAPIParameter, parameters_to_json_schema
 from .utils import is_header_location
 
 SLASH = "/"
-StrategyFactory = Callable[[Dict[str, Any], str, str, Optional[str], GenerationConfig], st.SearchStrategy]
-
-
-def is_valid_header(headers: dict[str, Any]) -> bool:
-    """Verify if the generated headers are valid."""
-    for name, value in headers.items():
-        if not is_latin_1_encodable(value):
-            return False
-        if has_invalid_characters(name, value):
-            return False
-    return True
-
-
-def is_valid_query(query: dict[str, Any]) -> bool:
-    """Surrogates are not allowed in a query string.
-
-    `requests` and `werkzeug` will fail to send it to the application.
-    """
-    for name, value in query.items():
-        if is_illegal_surrogate(name) or is_illegal_surrogate(value):
-            return False
-    return True
-
-
-def is_valid_urlencoded(data: Any) -> bool:
-    if data is NOT_SET:
-        return True
-    try:
-        for _, __ in to_key_val_list(data):  # type: ignore[no-untyped-call]
-            pass
-        return True
-    except (TypeError, ValueError):
-        return False
+StrategyFactory = Callable[
+    [Dict[str, Any], str, str, Optional[str], GenerationConfig, type[jsonschema.protocols.Validator]], st.SearchStrategy
+]
 
 
 @st.composite  # type: ignore
-def get_case_strategy(
+def openapi_cases(
     draw: Callable,
+    *,
     operation: APIOperation,
     hooks: HookDispatcher | None = None,
     auth_storage: auths.AuthStorage | None = None,
-    generator: DataGenerationMethod = DataGenerationMethod.default(),
-    generation_config: GenerationConfig | None = None,
+    generation_mode: GenerationMode = GenerationMode.POSITIVE,
     path_parameters: NotSet | dict[str, Any] = NOT_SET,
     headers: NotSet | dict[str, Any] = NOT_SET,
     cookies: NotSet | dict[str, Any] = NOT_SET,
     query: NotSet | dict[str, Any] = NOT_SET,
     body: Any = NOT_SET,
     media_type: str | None = None,
-    skip_on_not_negated: bool = True,
-    phase: TestPhase = TestPhase.GENERATE,
+    phase: TestPhase = TestPhase.FUZZING,
+    __is_stateful_phase: bool = False,
 ) -> Any:
     """A strategy that creates `Case` instances.
 
@@ -100,46 +79,58 @@ def get_case_strategy(
     as it works with `body`.
     """
     start = time.monotonic()
-    strategy_factory = DATA_GENERATION_METHOD_TO_STRATEGY_FACTORY[generator]
+    strategy_factory = GENERATOR_MODE_TO_STRATEGY_FACTORY[generation_mode]
 
-    context = HookContext(operation)
+    phase_name = "stateful" if __is_stateful_phase else phase.value
+    generation_config = operation.schema.config.generation_for(operation=operation, phase=phase_name)
 
-    generation_config = generation_config or operation.schema.generation_config
+    ctx = HookContext(operation=operation)
 
     path_parameters_ = generate_parameter(
-        "path", path_parameters, operation, draw, context, hooks, generator, generation_config
+        "path", path_parameters, operation, draw, ctx, hooks, generation_mode, generation_config
     )
-    headers_ = generate_parameter("header", headers, operation, draw, context, hooks, generator, generation_config)
-    cookies_ = generate_parameter("cookie", cookies, operation, draw, context, hooks, generator, generation_config)
-    query_ = generate_parameter("query", query, operation, draw, context, hooks, generator, generation_config)
+    headers_ = generate_parameter("header", headers, operation, draw, ctx, hooks, generation_mode, generation_config)
+    cookies_ = generate_parameter("cookie", cookies, operation, draw, ctx, hooks, generation_mode, generation_config)
+    query_ = generate_parameter("query", query, operation, draw, ctx, hooks, generation_mode, generation_config)
 
     if body is NOT_SET:
         if operation.body:
-            body_generator = generator
-            if generator.is_negative:
+            body_generator = generation_mode
+            if generation_mode.is_negative:
                 # Consider only schemas that are possible to negate
                 candidates = [item for item in operation.body.items if can_negate(item.as_json_schema(operation))]
                 # Not possible to negate body, fallback to positive data generation
                 if not candidates:
                     candidates = operation.body.items
                     strategy_factory = make_positive_strategy
-                    body_generator = DataGenerationMethod.positive
+                    body_generator = GenerationMode.POSITIVE
             else:
                 candidates = operation.body.items
             parameter = draw(st.sampled_from(candidates))
             strategy = _get_body_strategy(parameter, strategy_factory, operation, generation_config)
-            strategy = apply_hooks(operation, context, hooks, strategy, "body")
+            strategy = apply_hooks(operation, ctx, hooks, strategy, "body")
             # Parameter may have a wildcard media type. In this case, choose any supported one
-            possible_media_types = sorted(serializers.get_matching_media_types(parameter.media_type))
+            possible_media_types = sorted(
+                operation.schema.transport.get_matching_media_types(parameter.media_type), key=lambda x: x[0]
+            )
             if not possible_media_types:
                 all_media_types = operation.get_request_payload_content_types()
-                if all(serializers.get_first_matching_media_type(media_type) is None for media_type in all_media_types):
+                if all(
+                    operation.schema.transport.get_first_matching_media_type(media_type) is None
+                    for media_type in all_media_types
+                ):
                     # None of media types defined for this operation are not supported
                     raise SerializationNotPossible.from_media_types(*all_media_types)
                 # Other media types are possible - avoid choosing this media type in the future
-                cant_serialize(parameter.media_type)
-            media_type = draw(st.sampled_from(possible_media_types))
-            if media_type is not None and parse_content_type(media_type) == ("application", "x-www-form-urlencoded"):
+                event_text = f"Can't serialize data to `{parameter.media_type}`."
+                note(f"{event_text} {SERIALIZERS_SUGGESTION_MESSAGE}")
+                event(event_text)
+                reject()  # type: ignore
+            media_type, _ = draw(st.sampled_from(possible_media_types))
+            if media_type is not None and media_types.parse(media_type) == (
+                "application",
+                "x-www-form-urlencoded",
+            ):
                 strategy = strategy.map(prepare_urlencoded).filter(is_valid_urlencoded)
             body_ = ValueContainer(value=draw(strategy), location="body", generator=body_generator)
         else:
@@ -152,35 +143,43 @@ def get_case_strategy(
             raise SerializationNotPossible.from_media_types(*all_media_types)
         body_ = ValueContainer(value=body, location="body", generator=None)
 
-    if operation.schema.validate_schema and operation.method.upper() == "GET" and operation.body:
-        raise BodyInGetRequestError("GET requests should not contain body parameters.")
     # If we need to generate negative cases but no generated values were negated, then skip the whole test
-    if generator.is_negative and not any_negated_values([query_, cookies_, headers_, path_parameters_, body_]):
-        if skip_on_not_negated:
-            skip(operation.verbose_name)
+    if generation_mode.is_negative and not any_negated_values([query_, cookies_, headers_, path_parameters_, body_]):
+        if generation_config.modes == [GenerationMode.NEGATIVE]:
+            raise SkipTest("Impossible to generate negative test cases")
         else:
             reject()
-    instance = Case(
-        operation=operation,
-        generation_time=time.monotonic() - start,
+
+    _phase_data = {
+        TestPhase.EXAMPLES: ExplicitPhaseData(),
+        TestPhase.FUZZING: GeneratePhaseData(),
+    }[phase]
+    phase_data = cast(Union[ExplicitPhaseData, GeneratePhaseData], _phase_data)
+
+    instance = operation.Case(
         media_type=media_type,
-        path_parameters=path_parameters_.value,
-        headers=CaseInsensitiveDict(headers_.value) if headers_.value is not None else headers_.value,
-        cookies=cookies_.value,
-        query=query_.value,
+        path_parameters=path_parameters_.value or {},
+        headers=headers_.value or CaseInsensitiveDict(),
+        cookies=cookies_.value or {},
+        query=query_.value or {},
         body=body_.value,
-        data_generation_method=generator,
-        meta=GenerationMetadata(
-            query=query_.generator,
-            path_parameters=path_parameters_.generator,
-            headers=headers_.generator,
-            cookies=cookies_.generator,
-            body=body_.generator,
-            phase=phase,
-            description=None,
-            location=None,
-            parameter=None,
-            parameter_location=None,
+        _meta=CaseMetadata(
+            generation=GenerationInfo(
+                time=time.monotonic() - start,
+                mode=generation_mode,
+            ),
+            phase=PhaseInfo(name=phase, data=phase_data),
+            components={
+                kind: ComponentInfo(mode=value.generator)
+                for kind, value in [
+                    (ComponentKind.QUERY, query_),
+                    (ComponentKind.PATH_PARAMETERS, path_parameters_),
+                    (ComponentKind.HEADERS, headers_),
+                    (ComponentKind.COOKIES, cookies_),
+                    (ComponentKind.BODY, body_),
+                ]
+                if value.generator is not None
+            },
         ),
     )
     auth_context = auths.AuthContext(
@@ -200,6 +199,8 @@ def _get_body_strategy(
     operation: APIOperation,
     generation_config: GenerationConfig,
 ) -> st.SearchStrategy:
+    from schemathesis.specs.openapi.schemas import BaseOpenAPISchema
+
     if parameter.media_type in MEDIA_TYPES:
         return MEDIA_TYPES[parameter.media_type]
     # The cache key relies on object ids, which means that the parameter should not be mutated
@@ -208,7 +209,10 @@ def _get_body_strategy(
         return _BODY_STRATEGIES_CACHE[parameter][strategy_factory]
     schema = parameter.as_json_schema(operation)
     schema = operation.schema.prepare_schema(schema)
-    strategy = strategy_factory(schema, operation.verbose_name, "body", parameter.media_type, generation_config)
+    assert isinstance(operation.schema, BaseOpenAPISchema)
+    strategy = strategy_factory(
+        schema, operation.label, "body", parameter.media_type, generation_config, operation.schema.validator_cls
+    )
     if not parameter.is_required:
         strategy |= st.just(NOT_SET)
     _BODY_STRATEGIES_CACHE.setdefault(parameter, {})[strategy_factory] = strategy
@@ -220,7 +224,7 @@ def get_parameters_value(
     location: str,
     draw: Callable,
     operation: APIOperation,
-    context: HookContext,
+    ctx: HookContext,
     hooks: HookDispatcher | None,
     strategy_factory: StrategyFactory,
     generation_config: GenerationConfig,
@@ -232,13 +236,13 @@ def get_parameters_value(
     """
     if isinstance(value, NotSet) or not value:
         strategy = get_parameters_strategy(operation, strategy_factory, location, generation_config)
-        strategy = apply_hooks(operation, context, hooks, strategy, location)
+        strategy = apply_hooks(operation, ctx, hooks, strategy, location)
         return draw(strategy)
     strategy = get_parameters_strategy(operation, strategy_factory, location, generation_config, exclude=value.keys())
-    strategy = apply_hooks(operation, context, hooks, strategy, location)
+    strategy = apply_hooks(operation, ctx, hooks, strategy, location)
     new = draw(strategy)
     if new is not None:
-        copied = fast_deepcopy(value)
+        copied = deepclone(value)
         copied.update(new)
         return copied
     return value
@@ -253,7 +257,7 @@ class ValueContainer:
 
     value: Any
     location: str
-    generator: DataGenerationMethod | None
+    generator: GenerationMode | None
 
     __slots__ = ("value", "location", "generator")
 
@@ -265,7 +269,7 @@ class ValueContainer:
 
 def any_negated_values(values: list[ValueContainer]) -> bool:
     """Check if any generated values are negated."""
-    return any(value.generator == DataGenerationMethod.negative for value in values if value.is_generated)
+    return any(value.generator == GenerationMode.NEGATIVE for value in values if value.is_generated)
 
 
 def generate_parameter(
@@ -273,9 +277,9 @@ def generate_parameter(
     explicit: NotSet | dict[str, Any],
     operation: APIOperation,
     draw: Callable,
-    context: HookContext,
+    ctx: HookContext,
     hooks: HookDispatcher | None,
-    generator: DataGenerationMethod,
+    generator: GenerationMode,
     generation_config: GenerationConfig,
 ) -> ValueContainer:
     """Generate a value for a parameter.
@@ -289,13 +293,11 @@ def generate_parameter(
         # If we can't negate any parameter, generate positive ones
         # If nothing else will be negated, then skip the test completely
         strategy_factory = make_positive_strategy
-        generator = DataGenerationMethod.positive
+        generator = GenerationMode.POSITIVE
     else:
-        strategy_factory = DATA_GENERATION_METHOD_TO_STRATEGY_FACTORY[generator]
-    value = get_parameters_value(
-        explicit, location, draw, operation, context, hooks, strategy_factory, generation_config
-    )
-    used_generator: DataGenerationMethod | None = generator
+        strategy_factory = GENERATOR_MODE_TO_STRATEGY_FACTORY[generator]
+    value = get_parameters_value(explicit, location, draw, operation, ctx, hooks, strategy_factory, generation_config)
+    used_generator: GenerationMode | None = generator
     if value == explicit:
         # When we pass `explicit`, then its parts are excluded from generation of the final value
         # If the final value is the same, then other parameters were generated at all
@@ -329,11 +331,7 @@ def get_schema_for_location(
 ) -> dict[str, Any]:
     schema = parameters_to_json_schema(operation, parameters)
     if location == "path":
-        if not operation.schema.validate_schema:
-            # If schema validation is disabled, we try to generate data even if the parameter definition
-            # contains errors.
-            # In this case, we know that the `required` keyword should always be `True`.
-            schema["required"] = list(schema["properties"])
+        schema["required"] = list(schema["properties"])
         for prop in schema.get("properties", {}).values():
             if prop.get("type") == "string":
                 prop.setdefault("minLength", 1)
@@ -348,6 +346,8 @@ def get_parameters_strategy(
     exclude: Iterable[str] = (),
 ) -> st.SearchStrategy:
     """Create a new strategy for the case's component from the API operation parameters."""
+    from schemathesis.specs.openapi.schemas import BaseOpenAPISchema
+
     parameters = getattr(operation, LOCATION_TO_CONTAINER[location])
     if parameters:
         # The cache key relies on object ids, which means that the parameter should not be mutated
@@ -355,17 +355,28 @@ def get_parameters_strategy(
         if operation in _PARAMETER_STRATEGIES_CACHE and nested_cache_key in _PARAMETER_STRATEGIES_CACHE[operation]:
             return _PARAMETER_STRATEGIES_CACHE[operation][nested_cache_key]
         schema = get_schema_for_location(operation, location, parameters)
-        for name in exclude:
-            # Values from `exclude` are not necessarily valid for the schema - they come from user-defined examples
-            # that may be invalid
-            schema["properties"].pop(name, None)
-            with suppress(ValueError):
-                schema["required"].remove(name)
+        if location == "header" and exclude:
+            # Remove excluded headers case-insensitively
+            exclude_lower = {name.lower() for name in exclude}
+            schema["properties"] = {
+                key: value for key, value in schema["properties"].items() if key.lower() not in exclude_lower
+            }
+            if "required" in schema:
+                schema["required"] = [key for key in schema["required"] if key.lower() not in exclude_lower]
+        elif exclude:
+            # Non-header locations: remove by exact name
+            for name in exclude:
+                schema["properties"].pop(name, None)
+                with suppress(ValueError):
+                    schema["required"].remove(name)
         if not schema["properties"] and strategy_factory is make_negative_strategy:
             # Nothing to negate - all properties were excluded
             strategy = st.none()
         else:
-            strategy = strategy_factory(schema, operation.verbose_name, location, None, generation_config)
+            assert isinstance(operation.schema, BaseOpenAPISchema)
+            strategy = strategy_factory(
+                schema, operation.label, location, None, generation_config, operation.schema.validator_cls
+            )
             serialize = operation.get_parameter_serializer(location)
             if serialize is not None:
                 strategy = strategy.map(serialize)
@@ -416,10 +427,10 @@ def _build_custom_formats(
     custom_formats: dict[str, st.SearchStrategy] | None, generation_config: GenerationConfig
 ) -> dict[str, st.SearchStrategy]:
     custom_formats = {**get_default_format_strategies(), **STRING_FORMATS, **(custom_formats or {})}
-    if generation_config.headers.strategy is not None:
-        custom_formats[HEADER_FORMAT] = generation_config.headers.strategy
+    if generation_config.exclude_header_characters is not None:
+        custom_formats[HEADER_FORMAT] = header_values(exclude_characters=generation_config.exclude_header_characters)
     elif not generation_config.allow_x00:
-        custom_formats[HEADER_FORMAT] = header_values(blacklist_characters="\n\r\x00")
+        custom_formats[HEADER_FORMAT] = header_values(exclude_characters="\n\r\x00")
     return custom_formats
 
 
@@ -429,6 +440,7 @@ def make_positive_strategy(
     location: str,
     media_type: str | None,
     generation_config: GenerationConfig,
+    validator_cls: type[jsonschema.protocols.Validator],
     custom_formats: dict[str, st.SearchStrategy] | None = None,
 ) -> st.SearchStrategy:
     """Strategy for generating values that fit the schema."""
@@ -459,6 +471,7 @@ def make_negative_strategy(
     location: str,
     media_type: str | None,
     generation_config: GenerationConfig,
+    validator_cls: type[jsonschema.protocols.Validator],
     custom_formats: dict[str, st.SearchStrategy] | None = None,
 ) -> st.SearchStrategy:
     custom_formats = _build_custom_formats(custom_formats, generation_config)
@@ -469,38 +482,16 @@ def make_negative_strategy(
         media_type=media_type,
         custom_formats=custom_formats,
         generation_config=generation_config,
+        validator_cls=validator_cls,
     )
 
 
-DATA_GENERATION_METHOD_TO_STRATEGY_FACTORY = {
-    DataGenerationMethod.positive: make_positive_strategy,
-    DataGenerationMethod.negative: make_negative_strategy,
+GENERATOR_MODE_TO_STRATEGY_FACTORY = {
+    GenerationMode.POSITIVE: make_positive_strategy,
+    GenerationMode.NEGATIVE: make_negative_strategy,
 }
 
 
-def is_valid_path(parameters: dict[str, Any]) -> bool:
-    """Empty strings ("") are excluded from path by urllib3.
-
-    A path containing to "/" or "%2F" will lead to ambiguous path resolution in
-    many frameworks and libraries, such behaviour have been observed in both
-    WSGI and ASGI applications.
-
-    In this case one variable in the path template will be empty, which will lead to 404 in most of the cases.
-    Because of it this case doesn't bring much value and might lead to false positives results of Schemathesis runs.
-    """
-    disallowed_values = (SLASH, "")
-
-    return not any(
-        (
-            value in disallowed_values
-            or is_illegal_surrogate(value)
-            or isinstance(value, str)
-            and (SLASH in value or "}" in value or "{" in value)
-        )
-        for value in parameters.values()
-    )
-
-
 def quote_all(parameters: dict[str, Any]) -> dict[str, Any]:
     """Apply URL quotation for all values in a dictionary."""
     # Even though, "." is an unreserved character, it has a special meaning in "." and ".." strings.
@@ -522,16 +513,11 @@ def quote_all(parameters: dict[str, Any]) -> dict[str, Any]:
 
 def apply_hooks(
     operation: APIOperation,
-    context: HookContext,
+    ctx: HookContext,
     hooks: HookDispatcher | None,
     strategy: st.SearchStrategy,
     location: str,
 ) -> st.SearchStrategy:
     """Apply all hooks related to the given location."""
     container = LOCATION_TO_CONTAINER[location]
-    return apply_to_all_dispatchers(operation, context, hooks, strategy, container)
-
-
-def clear_cache() -> None:
-    _PARAMETER_STRATEGIES_CACHE.clear()
-    _BODY_STRATEGIES_CACHE.clear()
+    return apply_to_all_dispatchers(operation, ctx, hooks, strategy, container)