schemathesis 4.0.0a12__py3-none-any.whl → 4.0.1__py3-none-any.whl

schemathesis/graphql/loaders.py

@@ -42,7 +42,10 @@ def from_asgi(path: str, app: Any, *, config: SchemathesisConfig | None = None,
     client = asgi.get_client(app)
     response = load_from_url(client.post, url=path, **kwargs)
     schema = extract_schema_from_response(response, lambda r: r.json())
-    return from_dict(schema=schema, config=config).configure(app=app, location=path)
+    loaded = from_dict(schema=schema, config=config)
+    loaded.app = app
+    loaded.location = path
+    return loaded
 
 
 def from_wsgi(path: str, app: Any, *, config: SchemathesisConfig | None = None, **kwargs: Any) -> GraphQLSchema:
@@ -71,7 +74,10 @@ def from_wsgi(path: str, app: Any, *, config: SchemathesisConfig | None = None,
     response = client.post(path=path, **kwargs)
     raise_for_status(response)
     schema = extract_schema_from_response(response, lambda r: r.json)
-    return from_dict(schema=schema, config=config).configure(app=app, location=path)
+    loaded = from_dict(schema=schema, config=config)
+    loaded.app = app
+    loaded.location = path
+    return loaded
 
 
 def from_url(
@@ -107,7 +113,9 @@ def from_url(
     kwargs.setdefault("json", {"query": get_introspection_query()})
     response = load_from_url(requests.post, url=url, wait_for_schema=wait_for_schema, **kwargs)
     schema = extract_schema_from_response(response, lambda r: r.json())
-    return from_dict(schema, config=config).configure(location=url)
+    loaded = from_dict(schema, config=config)
+    loaded.location = url
+    return loaded
 
 
 def from_path(
@@ -130,7 +138,9 @@ def from_path(
 
     """
     with open(path, encoding=encoding) as file:
-        return from_file(file=file, config=config).configure(location=Path(path).absolute().as_uri())
+        loaded = from_file(file=file, config=config)
+    loaded.location = Path(path).absolute().as_uri()
+    return loaded
 
 
 def from_file(file: IO[str] | str, *, config: SchemathesisConfig | None = None) -> GraphQLSchema:

schemathesis/hooks.py

@@ -231,10 +231,7 @@ class HookDispatcher:
             hook(context, *args, **kwargs)
 
     def unregister(self, hook: Callable) -> None:
-        """Unregister a specific hook.
-
-        :param hook: A hook function to unregister.
-        """
+        """Unregister a specific hook."""
         # It removes this function from all places
         for hooks in self._hooks.values():
             hooks[:] = [item for item in hooks if item is not hook]

schemathesis/openapi/checks.py

@@ -1,7 +1,6 @@
 from __future__ import annotations
 
 import textwrap
-from dataclasses import dataclass, field
 from typing import TYPE_CHECKING, Any
 
 from schemathesis.config import OutputConfig
@@ -12,24 +11,6 @@ if TYPE_CHECKING:
     from jsonschema import ValidationError
 
 
-@dataclass
-class NegativeDataRejectionConfig:
-    # 5xx will pass through
-    allowed_statuses: list[str] = field(
-        default_factory=lambda: ["400", "401", "403", "404", "406", "422", "428", "5xx"]
-    )
-
-
-@dataclass
-class PositiveDataAcceptanceConfig:
-    allowed_statuses: list[str] = field(default_factory=lambda: ["2xx", "401", "403", "404"])
-
-
-@dataclass
-class MissingRequiredHeaderConfig:
-    allowed_statuses: list[str] = field(default_factory=lambda: ["406"])
-
-
 class UndefinedStatusCode(Failure):
     """Response has a status code that is not defined in the schema."""
 
@@ -323,7 +304,7 @@ class IgnoredAuth(Failure):
         *,
         operation: str,
         message: str,
-        title: str = "Authentication declared but not enforced",
+        title: str = "API accepts requests without authentication",
         case_id: str | None = None,
     ) -> None:
         self.operation = operation
@@ -391,3 +372,84 @@ class RejectedPositiveData(Failure):
     @property
     def _unique_key(self) -> str:
         return str(self.status_code)
+
+
+class MissingHeaderNotRejected(Failure):
+    """API did not reject request without required header."""
+
+    __slots__ = (
+        "operation",
+        "header_name",
+        "status_code",
+        "expected_statuses",
+        "message",
+        "title",
+        "case_id",
+        "severity",
+    )
+
+    def __init__(
+        self,
+        *,
+        operation: str,
+        header_name: str,
+        status_code: int,
+        expected_statuses: list[int],
+        message: str,
+        title: str = "Missing header not rejected",
+        case_id: str | None = None,
+    ) -> None:
+        self.operation = operation
+        self.header_name = header_name
+        self.status_code = status_code
+        self.expected_statuses = expected_statuses
+        self.message = message
+        self.title = title
+        self.case_id = case_id
+        self.severity = Severity.MEDIUM
+
+    @property
+    def _unique_key(self) -> str:
+        return self.header_name
+
+
+class UnsupportedMethodResponse(Failure):
+    """API response for unsupported HTTP method is incorrect."""
+
+    __slots__ = (
+        "operation",
+        "method",
+        "status_code",
+        "allow_header_present",
+        "failure_reason",
+        "message",
+        "title",
+        "case_id",
+        "severity",
+    )
+
+    def __init__(
+        self,
+        *,
+        operation: str,
+        method: str,
+        status_code: int,
+        allow_header_present: bool | None = None,
+        failure_reason: str,  # "wrong_status" or "missing_allow_header"
+        message: str,
+        title: str = "Unsupported method incorrect response",
+        case_id: str | None = None,
+    ) -> None:
+        self.operation = operation
+        self.method = method
+        self.status_code = status_code
+        self.allow_header_present = allow_header_present
+        self.failure_reason = failure_reason
+        self.message = message
+        self.title = title
+        self.case_id = case_id
+        self.severity = Severity.MEDIUM
+
+    @property
+    def _unique_key(self) -> str:
+        return self.failure_reason

schemathesis/openapi/generation/filters.py

@@ -29,8 +29,15 @@ def is_invalid_path_parameter(value: Any) -> bool:
     return (
         value in ("/", "")
         or contains_unicode_surrogate_pair(value)
-        or isinstance(value, str)
-        and ("/" in value or "}" in value or "{" in value)
+        or (
+            isinstance(value, str)
+            and (
+                ("/" in value or "}" in value or "{" in value)
+                # Avoid situations when the path parameter contains only NULL bytes
+                # Many webservers remove such bytes and as the result, the test can target a different API operation
+                or (len(value) == value.count("\x00"))
+            )
+        )
     )
 
 

schemathesis/openapi/loaders.py

@@ -43,7 +43,10 @@ def from_asgi(path: str, app: Any, *, config: SchemathesisConfig | None = None,
     response = load_from_url(client.get, url=path, **kwargs)
     content_type = detect_content_type(headers=response.headers, path=path)
     schema = load_content(response.text, content_type)
-    return from_dict(schema=schema, config=config).configure(app=app, location=path)
+    loaded = from_dict(schema=schema, config=config)
+    loaded.app = app
+    loaded.location = path
+    return loaded
 
 
 def from_wsgi(path: str, app: Any, *, config: SchemathesisConfig | None = None, **kwargs: Any) -> BaseOpenAPISchema:
@@ -72,7 +75,10 @@ def from_wsgi(path: str, app: Any, *, config: SchemathesisConfig | None = None,
     raise_for_status(response)
     content_type = detect_content_type(headers=response.headers, path=path)
     schema = load_content(response.text, content_type)
-    return from_dict(schema=schema, config=config).configure(app=app, location=path)
+    loaded = from_dict(schema=schema, config=config)
+    loaded.app = app
+    loaded.location = path
+    return loaded
 
 
 def from_url(
@@ -108,7 +114,9 @@ def from_url(
     response = load_from_url(requests.get, url=url, wait_for_schema=wait_for_schema, **kwargs)
     content_type = detect_content_type(headers=response.headers, path=url)
     schema = load_content(response.text, content_type)
-    return from_dict(schema=schema, config=config).configure(location=url)
+    loaded = from_dict(schema=schema, config=config)
+    loaded.location = url
+    return loaded
 
 
 def from_path(
@@ -136,7 +144,9 @@ def from_path(
     with open(path, encoding=encoding) as file:
         content_type = detect_content_type(headers=None, path=str(path))
         schema = load_content(file.read(), content_type)
-        return from_dict(schema=schema, config=config).configure(location=Path(path).absolute().as_uri())
+    loaded = from_dict(schema=schema, config=config)
+    loaded.location = Path(path).absolute().as_uri()
+    return loaded
 
 
 def from_file(file: IO[str] | str, *, config: SchemathesisConfig | None = None) -> BaseOpenAPISchema:

schemathesis/pytest/lazy.py

@@ -12,6 +12,7 @@ from pytest_subtests import SubTests
 from schemathesis.core.errors import InvalidSchema
 from schemathesis.core.result import Ok, Result
 from schemathesis.filters import FilterSet, FilterValue, MatcherFunc, RegexValue, is_deprecated
+from schemathesis.generation import overrides
 from schemathesis.generation.hypothesis.builder import HypothesisTestConfig, HypothesisTestMode, create_test
 from schemathesis.generation.hypothesis.given import (
     GivenArgsMark,
@@ -22,7 +23,6 @@ from schemathesis.generation.hypothesis.given import (
     merge_given_args,
     validate_given_args,
 )
-from schemathesis.generation.overrides import Override, OverrideMark, check_no_override_mark
 from schemathesis.pytest.control_flow import fail_on_no_matches
 from schemathesis.schemas import BaseSchema
 
@@ -174,17 +174,10 @@ class LazySchema:
                 node_id = request.node._nodeid
                 settings = getattr(wrapped_test, "_hypothesis_internal_use_settings", None)
 
-                as_strategy_kwargs: Callable[[APIOperation], dict[str, Any]] | None = None
+                def as_strategy_kwargs(_operation: APIOperation) -> dict[str, Any]:
+                    override = overrides.for_operation(config=schema.config, operation=_operation)
 
-                override = OverrideMark.get(test_func)
-                if override is not None:
-
-                    def as_strategy_kwargs(_operation: APIOperation) -> dict[str, Any]:
-                        nonlocal override
-
-                        return {
-                            location: entry for location, entry in override.for_operation(_operation).items() if entry
-                        }
+                    return {location: entry for location, entry in override.items() if entry}
 
                 tests = list(
                     get_all_tests(
@@ -224,26 +217,6 @@ class LazySchema:
     def given(self, *args: GivenInput, **kwargs: GivenInput) -> Callable:
         return given_proxy(*args, **kwargs)
 
-    def override(
-        self,
-        *,
-        query: dict[str, str] | None = None,
-        headers: dict[str, str] | None = None,
-        cookies: dict[str, str] | None = None,
-        path_parameters: dict[str, str] | None = None,
-    ) -> Callable[[Callable], Callable]:
-        """Override Open API parameters with fixed values."""
-
-        def _add_override(test: Callable) -> Callable:
-            check_no_override_mark(test)
-            override = Override(
-                query=query or {}, headers=headers or {}, cookies=cookies or {}, path_parameters=path_parameters or {}
-            )
-            OverrideMark.set(test, override)
-            return test
-
-        return _add_override
-
 
 def _copy_marks(source: Callable, target: Callable) -> None:
     marks = getattr(source, "pytestmark", [])

schemathesis/pytest/plugin.py

@@ -26,6 +26,7 @@ from schemathesis.core.errors import (
 from schemathesis.core.failures import FailureGroup
 from schemathesis.core.marks import Mark
 from schemathesis.core.result import Ok, Result
+from schemathesis.generation import overrides
 from schemathesis.generation.hypothesis.given import (
     GivenArgsMark,
     GivenKwargsMark,
@@ -34,7 +35,6 @@ from schemathesis.generation.hypothesis.given import (
     validate_given_args,
 )
 from schemathesis.generation.hypothesis.reporting import ignore_hypothesis_output
-from schemathesis.generation.overrides import OverrideMark
 from schemathesis.pytest.control_flow import fail_on_no_matches
 from schemathesis.schemas import APIOperation
 
@@ -110,6 +110,7 @@ class SchemathesisCase(PyCollector):
         This implementation is based on the original one in pytest, but with slight adjustments
         to produce tests out of hypothesis ones.
         """
+        from schemathesis.checks import load_all_checks
         from schemathesis.generation.hypothesis.builder import (
             HypothesisTestConfig,
             HypothesisTestMode,
@@ -117,6 +118,8 @@ class SchemathesisCase(PyCollector):
             make_async_test,
         )
 
+        load_all_checks()
+
         is_trio_test = False
         for mark in getattr(self.test_function, "pytestmark", []):
             if mark.name == "trio":
@@ -128,14 +131,22 @@ class SchemathesisCase(PyCollector):
             if self.is_invalid_test:
                 funcobj = self.test_function
             else:
-                override = OverrideMark.get(self.test_function)
+                as_strategy_kwargs = {}
+
+                auth = self.schema.config.auth_for(operation=operation)
+                if auth is not None:
+                    from requests.auth import _basic_auth_str
+
+                    as_strategy_kwargs["headers"] = {"Authorization": _basic_auth_str(*auth)}
+                headers = self.schema.config.headers_for(operation=operation)
+                if headers:
+                    as_strategy_kwargs["headers"] = headers
+
+                override = overrides.for_operation(operation=operation, config=self.schema.config)
                 if override is not None:
-                    as_strategy_kwargs = {}
-                    for location, entry in override.for_operation(operation).items():
+                    for location, entry in override.items():
                         if entry:
                             as_strategy_kwargs[location] = entry
-                else:
-                    as_strategy_kwargs = {}
                 modes = []
                 phases = self.schema.config.phases_for(operation=operation)
                 if phases.examples.enabled:
@@ -150,6 +161,7 @@ class SchemathesisCase(PyCollector):
                     test_func=self.test_function,
                     config=HypothesisTestConfig(
                         modes=modes,
+                        settings=self.schema.config.get_hypothesis_settings(operation=operation),
                         given_kwargs=self.given_kwargs,
                         project=self.schema.config,
                         as_strategy_kwargs=as_strategy_kwargs,
@@ -256,16 +268,14 @@ def pytest_exception_interact(node: Function, call: pytest.CallInfo, report: pyt
         total_frames = len(tb_entries)
 
         # Keep internal Schemathesis frames + one extra one from the caller
-        keep_from_index = 0
+        skip_frames = 0
         for i in range(total_frames - 1, -1, -1):
             entry = tb_entries[i]
 
-            if "validate_response" in str(entry):
-                keep_from_index = max(0, i - 1)
+            if not str(entry.path).endswith("schemathesis/generation/case.py"):
+                skip_frames = i
                 break
 
-        skip_frames = keep_from_index
-
         report.longrepr = "".join(format_exception(call.excinfo.value, with_traceback=True, skip_frames=skip_frames))