schemathesis 3.39.7__py3-none-any.whl → 4.0.0a2__py3-none-any.whl

schemathesis/openapi/checks.py

@@ -0,0 +1,387 @@
+from __future__ import annotations
+
+import textwrap
+from dataclasses import dataclass, field
+from typing import TYPE_CHECKING, Any
+
+from schemathesis.core.failures import Failure, Severity
+from schemathesis.core.output import OutputConfig, truncate_json
+
+if TYPE_CHECKING:
+    from jsonschema import ValidationError
+
+
+@dataclass
+class NegativeDataRejectionConfig:
+    # 5xx will pass through
+    allowed_statuses: list[str] = field(default_factory=lambda: ["400", "401", "403", "404", "422", "428", "5xx"])
+
+
+@dataclass
+class PositiveDataAcceptanceConfig:
+    allowed_statuses: list[str] = field(default_factory=lambda: ["2xx", "401", "403", "404"])
+
+
+@dataclass
+class MissingRequiredHeaderConfig:
+    allowed_statuses: list[str] = field(default_factory=lambda: ["406"])
+
+
+class UndefinedStatusCode(Failure):
+    """Response has a status code that is not defined in the schema."""
+
+    __slots__ = (
+        "operation",
+        "status_code",
+        "defined_status_codes",
+        "allowed_status_codes",
+        "message",
+        "title",
+        "case_id",
+        "severity",
+    )
+
+    def __init__(
+        self,
+        *,
+        operation: str,
+        status_code: int,
+        defined_status_codes: list[str],
+        allowed_status_codes: list[int],
+        message: str,
+        title: str = "Undocumented HTTP status code",
+        case_id: str | None = None,
+    ) -> None:
+        self.operation = operation
+        self.status_code = status_code
+        self.defined_status_codes = defined_status_codes
+        self.allowed_status_codes = allowed_status_codes
+        self.message = message
+        self.title = title
+        self.case_id = case_id
+        self.severity = Severity.MEDIUM
+
+    @property
+    def _unique_key(self) -> str:
+        return str(self.status_code)
+
+
+class MissingHeaders(Failure):
+    """Some required headers are missing."""
+
+    __slots__ = ("operation", "missing_headers", "message", "title", "case_id", "severity")
+
+    def __init__(
+        self,
+        *,
+        operation: str,
+        missing_headers: list[str],
+        message: str,
+        title: str = "Missing required headers",
+        case_id: str | None = None,
+    ) -> None:
+        self.operation = operation
+        self.missing_headers = missing_headers
+        self.message = message
+        self.title = title
+        self.case_id = case_id
+        self.severity = Severity.MEDIUM
+
+
+class JsonSchemaError(Failure):
+    """Additional information about JSON Schema validation errors."""
+
+    __slots__ = (
+        "operation",
+        "validation_message",
+        "schema_path",
+        "schema",
+        "instance_path",
+        "instance",
+        "message",
+        "title",
+        "case_id",
+        "severity",
+    )
+
+    def __init__(
+        self,
+        *,
+        operation: str,
+        validation_message: str,
+        schema_path: list[str | int],
+        schema: dict[str, Any] | bool,
+        instance_path: list[str | int],
+        instance: None | bool | float | str | list | dict[str, Any],
+        message: str,
+        title: str = "Response violates schema",
+        case_id: str | None = None,
+    ) -> None:
+        self.operation = operation
+        self.validation_message = validation_message
+        self.schema_path = schema_path
+        self.schema = schema
+        self.instance_path = instance_path
+        self.instance = instance
+        self.message = message
+        self.title = title
+        self.case_id = case_id
+        self.severity = Severity.HIGH
+
+    @property
+    def _unique_key(self) -> str:
+        return "/".join(map(str, self.schema_path))
+
+    @classmethod
+    def from_exception(
+        cls,
+        *,
+        title: str = "Response violates schema",
+        operation: str,
+        exc: ValidationError,
+        output_config: OutputConfig | None = None,
+    ) -> JsonSchemaError:
+        output_config = OutputConfig.from_parent(output_config, max_lines=20)
+        schema = textwrap.indent(truncate_json(exc.schema, config=output_config), prefix="    ")
+        value = textwrap.indent(truncate_json(exc.instance, config=output_config), prefix="    ")
+        schema_path = list(exc.absolute_schema_path)
+        if len(schema_path) > 1:
+            # Exclude the last segment, which is already in the schema
+            schema_title = "Schema at "
+            for segment in schema_path[:-1]:
+                schema_title += f"/{segment}"
+        else:
+            schema_title = "Schema"
+        message = f"{exc.message}\n\n{schema_title}:\n\n{schema}\n\nValue:\n\n{value}"
+        return cls(
+            operation=operation,
+            title=title,
+            message=message,
+            validation_message=exc.message,
+            schema_path=schema_path,
+            schema=exc.schema,
+            instance_path=list(exc.absolute_path),
+            instance=exc.instance,
+        )
+
+
+class MissingContentType(Failure):
+    """Content type header is missing."""
+
+    __slots__ = ("operation", "media_types", "message", "title", "case_id", "severity")
+
+    def __init__(
+        self,
+        *,
+        operation: str,
+        media_types: list[str],
+        message: str,
+        title: str = "Missing Content-Type header",
+        case_id: str | None = None,
+    ) -> None:
+        self.operation = operation
+        self.media_types = media_types
+        self.message = message
+        self.title = title
+        self.case_id = case_id
+        self.severity = Severity.MEDIUM
+
+    @property
+    def _unique_key(self) -> str:
+        return ""
+
+
+class MalformedMediaType(Failure):
+    """Media type name is malformed."""
+
+    __slots__ = ("operation", "actual", "defined", "message", "title", "case_id", "severity")
+
+    def __init__(
+        self,
+        *,
+        operation: str,
+        actual: str,
+        defined: str,
+        message: str,
+        title: str = "Malformed media type",
+        case_id: str | None = None,
+    ) -> None:
+        self.operation = operation
+        self.actual = actual
+        self.defined = defined
+        self.message = message
+        self.title = title
+        self.case_id = case_id
+        self.severity = Severity.MEDIUM
+
+
+class UndefinedContentType(Failure):
+    """Response has Content-Type that is not documented in the schema."""
+
+    __slots__ = (
+        "operation",
+        "content_type",
+        "defined_content_types",
+        "message",
+        "title",
+        "case_id",
+        "severity",
+    )
+
+    def __init__(
+        self,
+        *,
+        operation: str,
+        content_type: str,
+        defined_content_types: list[str],
+        message: str,
+        title: str = "Undocumented Content-Type",
+        case_id: str | None = None,
+    ) -> None:
+        self.operation = operation
+        self.content_type = content_type
+        self.defined_content_types = defined_content_types
+        self.message = message
+        self.title = title
+        self.case_id = case_id
+        self.severity = Severity.MEDIUM
+
+    @property
+    def _unique_key(self) -> str:
+        return self.content_type
+
+
+class UseAfterFree(Failure):
+    """Resource was used after a successful DELETE operation on it."""
+
+    __slots__ = ("operation", "message", "free", "usage", "title", "case_id", "severity")
+
+    def __init__(
+        self,
+        *,
+        operation: str,
+        message: str,
+        free: str,
+        usage: str,
+        title: str = "Use after free",
+        case_id: str | None = None,
+    ) -> None:
+        self.operation = operation
+        self.message = message
+        self.free = free
+        self.usage = usage
+        self.title = title
+        self.case_id = case_id
+        self.severity = Severity.CRITICAL
+
+    @property
+    def _unique_key(self) -> str:
+        return ""
+
+
+class EnsureResourceAvailability(Failure):
+    """Resource is not available immediately after creation."""
+
+    __slots__ = ("operation", "message", "created_with", "not_available_with", "title", "case_id", "severity")
+
+    def __init__(
+        self,
+        *,
+        operation: str,
+        message: str,
+        created_with: str,
+        not_available_with: str,
+        title: str = "Resource is not available after creation",
+        case_id: str | None = None,
+    ) -> None:
+        self.operation = operation
+        self.message = message
+        self.created_with = created_with
+        self.not_available_with = not_available_with
+        self.title = title
+        self.case_id = case_id
+        self.severity = Severity.MEDIUM
+
+    @property
+    def _unique_key(self) -> str:
+        return ""
+
+
+class IgnoredAuth(Failure):
+    """The API operation does not check the specified authentication."""
+
+    __slots__ = ("operation", "message", "title", "case_id", "severity")
+
+    def __init__(
+        self,
+        *,
+        operation: str,
+        message: str,
+        title: str = "Authentication declared but not enforced",
+        case_id: str | None = None,
+    ) -> None:
+        self.operation = operation
+        self.message = message
+        self.title = title
+        self.case_id = case_id
+        self.severity = Severity.CRITICAL
+
+    @property
+    def _unique_key(self) -> str:
+        return ""
+
+
+class AcceptedNegativeData(Failure):
+    """Response with negative data was accepted."""
+
+    __slots__ = ("operation", "message", "status_code", "allowed_statuses", "title", "case_id", "severity")
+
+    def __init__(
+        self,
+        *,
+        operation: str,
+        message: str,
+        status_code: int,
+        allowed_statuses: list[str],
+        title: str = "Accepted negative data",
+        case_id: str | None = None,
+    ) -> None:
+        self.operation = operation
+        self.message = message
+        self.status_code = status_code
+        self.allowed_statuses = allowed_statuses
+        self.title = title
+        self.case_id = case_id
+        self.severity = Severity.MEDIUM
+
+    @property
+    def _unique_key(self) -> str:
+        return str(self.status_code)
+
+
+class RejectedPositiveData(Failure):
+    """Response with positive data was rejected."""
+
+    __slots__ = ("operation", "message", "status_code", "allowed_statuses", "title", "case_id", "severity")
+
+    def __init__(
+        self,
+        *,
+        operation: str,
+        message: str,
+        status_code: int,
+        allowed_statuses: list[str],
+        title: str = "Rejected positive data",
+        case_id: str | None = None,
+    ) -> None:
+        self.operation = operation
+        self.message = message
+        self.status_code = status_code
+        self.allowed_statuses = allowed_statuses
+        self.title = title
+        self.case_id = case_id
+        self.severity = Severity.MEDIUM
+
+    @property
+    def _unique_key(self) -> str:
+        return str(self.status_code)

schemathesis/openapi/generation/filters.py

@@ -0,0 +1,63 @@
+from collections.abc import Mapping
+
+from schemathesis.core import NOT_SET
+from schemathesis.core.validation import contains_unicode_surrogate_pair, has_invalid_characters, is_latin_1_encodable
+
+__all__ = [
+    "is_valid_path",
+    "is_valid_header",
+    "is_valid_urlencoded",
+    "is_valid_query",
+]
+
+
+def is_valid_path(parameters: dict[str, object]) -> bool:
+    """Empty strings ("") are excluded from path by urllib3.
+
+    A path containing to "/" or "%2F" will lead to ambiguous path resolution in
+    many frameworks and libraries, such behaviour have been observed in both
+    WSGI and ASGI applications.
+
+    In this case one variable in the path template will be empty, which will lead to 404 in most of the cases.
+    Because of it this case doesn't bring much value and might lead to false positives results of Schemathesis runs.
+    """
+    return not any(
+        (
+            value in ("/", "")
+            or contains_unicode_surrogate_pair(value)
+            or isinstance(value, str)
+            and ("/" in value or "}" in value or "{" in value)
+        )
+        for value in parameters.values()
+    )
+
+
+def is_valid_header(headers: dict[str, object]) -> bool:
+    for name, value in headers.items():
+        if not is_latin_1_encodable(value):
+            return False
+        if has_invalid_characters(name, value):
+            return False
+    return True
+
+
+def is_valid_query(query: dict[str, object]) -> bool:
+    for name, value in query.items():
+        if contains_unicode_surrogate_pair(name) or contains_unicode_surrogate_pair(value):
+            return False
+    return True
+
+
+def is_valid_urlencoded(data: object) -> bool:
+    # TODO: write a test that will check if `requests` can send it
+    if data is NOT_SET or isinstance(data, Mapping):
+        return True
+
+    if hasattr(data, "__iter__"):
+        try:
+            for _, _ in data:
+                pass
+            return True
+        except (TypeError, ValueError):
+            return False
+    return False

schemathesis/openapi/loaders.py

@@ -0,0 +1,178 @@
+from __future__ import annotations
+
+import enum
+import json
+import re
+from os import PathLike
+from pathlib import Path
+from typing import IO, TYPE_CHECKING, Any, Mapping
+
+from schemathesis.core import media_types
+from schemathesis.core.deserialization import deserialize_yaml
+from schemathesis.core.errors import LoaderError, LoaderErrorKind
+from schemathesis.core.loaders import load_from_url, prepare_request_kwargs, raise_for_status, require_relative_url
+from schemathesis.hooks import HookContext, dispatch
+from schemathesis.python import asgi, wsgi
+
+if TYPE_CHECKING:
+    from schemathesis.specs.openapi.schemas import BaseOpenAPISchema
+
+
+def from_asgi(path: str, app: Any, **kwargs: Any) -> BaseOpenAPISchema:
+    require_relative_url(path)
+    client = asgi.get_client(app)
+    response = load_from_url(client.get, url=path, **kwargs)
+    content_type = detect_content_type(headers=response.headers, path=path)
+    schema = load_content(response.text, content_type)
+    return from_dict(schema=schema).configure(app=app, location=path)
+
+
+def from_wsgi(path: str, app: Any, **kwargs: Any) -> BaseOpenAPISchema:
+    require_relative_url(path)
+    prepare_request_kwargs(kwargs)
+    client = wsgi.get_client(app)
+    response = client.get(path=path, **kwargs)
+    raise_for_status(response)
+    content_type = detect_content_type(headers=response.headers, path=path)
+    schema = load_content(response.text, content_type)
+    return from_dict(schema=schema).configure(app=app, location=path)
+
+
+def from_url(url: str, *, wait_for_schema: float | None = None, **kwargs: Any) -> BaseOpenAPISchema:
+    """Load from URL."""
+    import requests
+
+    response = load_from_url(requests.get, url=url, wait_for_schema=wait_for_schema, **kwargs)
+    content_type = detect_content_type(headers=response.headers, path=url)
+    schema = load_content(response.text, content_type)
+    return from_dict(schema=schema).configure(location=url)
+
+
+def from_path(path: PathLike | str, *, encoding: str = "utf-8") -> BaseOpenAPISchema:
+    """Load from a filesystem path."""
+    with open(path, encoding=encoding) as file:
+        content_type = detect_content_type(headers=None, path=str(path))
+        schema = load_content(file.read(), content_type)
+        return from_dict(schema=schema).configure(location=Path(path).absolute().as_uri())
+
+
+def from_file(file: IO[str] | str) -> BaseOpenAPISchema:
+    """Load from file-like object or string."""
+    if isinstance(file, str):
+        data = file
+    else:
+        data = file.read()
+    try:
+        schema = json.loads(data)
+    except json.JSONDecodeError:
+        schema = _load_yaml(data)
+    return from_dict(schema)
+
+
+def from_dict(schema: dict[str, Any]) -> BaseOpenAPISchema:
+    """Base loader that others build upon."""
+    from schemathesis.specs.openapi.schemas import OpenApi30, SwaggerV20
+
+    if not isinstance(schema, dict):
+        raise LoaderError(LoaderErrorKind.OPEN_API_INVALID_SCHEMA, SCHEMA_INVALID_ERROR)
+    hook_context = HookContext()
+    dispatch("before_load_schema", hook_context, schema)
+
+    if "swagger" in schema:
+        instance = SwaggerV20(schema)
+    elif "openapi" in schema:
+        version = schema["openapi"]
+        if not OPENAPI_VERSION_RE.match(version):
+            raise LoaderError(
+                LoaderErrorKind.OPEN_API_UNSUPPORTED_VERSION,
+                f"The provided schema uses Open API {version}, which is currently not supported.",
+            )
+        instance = OpenApi30(schema)
+    else:
+        raise LoaderError(
+            LoaderErrorKind.OPEN_API_UNSPECIFIED_VERSION,
+            "Unable to determine the Open API version as it's not specified in the document.",
+        )
+    dispatch("after_load_schema", hook_context, instance)
+    return instance
+
+
+class ContentType(enum.Enum):
+    """Known content types for schema files."""
+
+    JSON = enum.auto()
+    YAML = enum.auto()
+    UNKNOWN = enum.auto()
+
+
+def detect_content_type(*, headers: Mapping[str, str] | None = None, path: str | None = None) -> ContentType:
+    """Detect content type from various sources."""
+    if headers is not None and (content_type := _detect_from_headers(headers)) != ContentType.UNKNOWN:
+        return content_type
+    if path is not None and (content_type := _detect_from_path(path)) != ContentType.UNKNOWN:
+        return content_type
+    return ContentType.UNKNOWN
+
+
+def _detect_from_headers(headers: Mapping[str, str]) -> ContentType:
+    """Detect content type from HTTP headers."""
+    content_type = headers.get("Content-Type", "").lower()
+    try:
+        if content_type and media_types.is_json(content_type):
+            return ContentType.JSON
+        if content_type and media_types.is_yaml(content_type):
+            return ContentType.YAML
+    except ValueError:
+        pass
+    return ContentType.UNKNOWN
+
+
+def _detect_from_path(path: str) -> ContentType:
+    """Detect content type from file path."""
+    suffix = Path(path).suffix.lower()
+    if suffix == ".json":
+        return ContentType.JSON
+    if suffix in (".yaml", ".yml"):
+        return ContentType.YAML
+    return ContentType.UNKNOWN
+
+
+def load_content(content: str, content_type: ContentType) -> dict[str, Any]:
+    """Load content using appropriate parser."""
+    if content_type == ContentType.JSON:
+        return _load_json(content)
+    if content_type == ContentType.YAML:
+        return _load_yaml(content)
+    # If type is unknown, try JSON first, then YAML
+    try:
+        return _load_json(content)
+    except json.JSONDecodeError:
+        return _load_yaml(content)
+
+
+def _load_json(content: str) -> dict[str, Any]:
+    try:
+        return json.loads(content)
+    except json.JSONDecodeError as exc:
+        raise LoaderError(
+            LoaderErrorKind.SYNTAX_ERROR,
+            SCHEMA_SYNTAX_ERROR,
+            extras=[entry for entry in str(exc).splitlines() if entry],
+        ) from exc
+
+
+def _load_yaml(content: str) -> dict[str, Any]:
+    import yaml
+
+    try:
+        return deserialize_yaml(content)
+    except yaml.YAMLError as exc:
+        kind = LoaderErrorKind.SYNTAX_ERROR
+        message = SCHEMA_SYNTAX_ERROR
+        extras = [entry for entry in str(exc).splitlines() if entry]
+        raise LoaderError(kind, message, extras=extras) from exc
+
+
+SCHEMA_INVALID_ERROR = "The provided API schema does not appear to be a valid OpenAPI schema"
+SCHEMA_SYNTAX_ERROR = "API schema does not appear syntactically valid"
+OPENAPI_VERSION_RE = re.compile(r"^3\.[01]\.[0-9](-.+)?$")

schemathesis/pytest/__init__.py

@@ -0,0 +1,5 @@
+from schemathesis.pytest.loaders import from_fixture
+
+__all__ = [
+    "from_fixture",
+]

schemathesis/pytest/control_flow.py

@@ -0,0 +1,7 @@
+from typing import NoReturn
+
+import pytest
+
+
+def fail_on_no_matches(node_id: str) -> NoReturn:  # type: ignore
+    pytest.fail(f"Test function {node_id} does not match any API operations and therefore has no effect")