schemathesis 4.0.26__py3-none-any.whl → 4.1.0__py3-none-any.whl

schemathesis/engine/phases/probes.py

@@ -42,9 +42,15 @@ def execute(ctx: EngineContext, phase: Phase) -> EventGenerator:
     for result in probes:
         if isinstance(result.probe, NullByteInHeader) and result.is_failure:
             from schemathesis.specs.openapi import formats
-            from schemathesis.specs.openapi.formats import HEADER_FORMAT, header_values
-
-            formats.register(HEADER_FORMAT, header_values(exclude_characters="\n\r\x00"))
+            from schemathesis.specs.openapi.formats import (
+                DEFAULT_HEADER_EXCLUDE_CHARACTERS,
+                HEADER_FORMAT,
+                header_values,
+            )
+
+            formats.register(
+                HEADER_FORMAT, header_values(exclude_characters=DEFAULT_HEADER_EXCLUDE_CHARACTERS + "\x00")
+            )
         payload = Ok(ProbePayload(probes=probes))
     yield events.PhaseFinished(phase=phase, status=status, payload=payload)
 

schemathesis/engine/phases/unit/__init__.py

@@ -76,6 +76,7 @@ def execute(engine: EngineContext, phase: Phase) -> events.EventGenerator:
                                 status = event.status
                             if event.status in (Status.ERROR, Status.FAILURE):
                                 engine.control.count_failure()
+                            engine.record_observations(event.recorder)
                         if isinstance(event, events.Interrupted) or engine.is_interrupted:
                             status = Status.INTERRUPTED
                             engine.stop()

schemathesis/generation/case.py

@@ -200,7 +200,7 @@ class Case:
 
         """
         hook_context = HookContext(operation=self.operation)
-        dispatch("before_call", hook_context, self, **kwargs)
+        dispatch("before_call", hook_context, self, _with_dual_style_kwargs=True, **kwargs)
         if self.operation.app is not None:
             kwargs.setdefault("app", self.operation.app)
         if "app" in kwargs:

schemathesis/generation/coverage.py

@@ -6,7 +6,18 @@ from contextlib import contextmanager, suppress
 from dataclasses import dataclass
 from functools import lru_cache, partial
 from itertools import combinations
-from json.encoder import _make_iterencode, c_make_encoder, encode_basestring_ascii  # type: ignore
+
+try:
+    from json.encoder import _make_iterencode  # type: ignore[attr-defined]
+except ImportError:
+    _make_iterencode = None
+
+try:
+    from json.encoder import c_make_encoder  # type: ignore[attr-defined]
+except ImportError:
+    c_make_encoder = None
+
+from json.encoder import JSONEncoder, encode_basestring_ascii  # type: ignore
 from typing import Any, Callable, Generator, Iterator, TypeVar, cast
 from urllib.parse import quote_plus
 
@@ -285,10 +296,13 @@ T = TypeVar("T")
 
 if c_make_encoder is not None:
     _iterencode = c_make_encoder(None, None, encode_basestring_ascii, None, ":", ",", True, False, False)
-else:
+elif _make_iterencode is not None:
     _iterencode = _make_iterencode(
         None, None, encode_basestring_ascii, None, float.__repr__, ":", ",", True, False, True
     )
+else:
+    encoder = JSONEncoder(skipkeys=False, sort_keys=False, indent=None, separators=(":", ","))
+    _iterencode = encoder.iterencode
 
 
 def _encode(o: Any) -> str:

schemathesis/hooks.py

@@ -4,7 +4,7 @@ import inspect
 from collections import defaultdict
 from dataclasses import dataclass, field
 from enum import Enum, unique
-from functools import partial
+from functools import lru_cache, partial
 from typing import TYPE_CHECKING, Any, Callable, ClassVar, cast
 
 from schemathesis.core.marks import Mark
@@ -225,12 +225,18 @@ class HookDispatcher:
             strategy = strategy.flatmap(hook)
         return strategy
 
-    def dispatch(self, name: str, context: HookContext, *args: Any, **kwargs: Any) -> None:
+    def dispatch(
+        self, name: str, context: HookContext, *args: Any, _with_dual_style_kwargs: bool = False, **kwargs: Any
+    ) -> None:
         """Run all hooks for the given name."""
         for hook in self.get_all_by_name(name):
             if _should_skip_hook(hook, context):
                 continue
-            hook(context, *args, **kwargs)
+            # NOTE: It is a backward-compat shim to support calling `before_call` with `**kwargs` OR with `kwargs`.
+            if _with_dual_style_kwargs and not has_var_keyword(hook):
+                hook(context, *args, kwargs)
+            else:
+                hook(context, *args, **kwargs)
 
     def unregister(self, hook: Callable) -> None:
         """Unregister a specific hook."""
@@ -246,6 +252,12 @@ class HookDispatcher:
         self._hooks = defaultdict(list)
 
 
+@lru_cache(maxsize=16)
+def has_var_keyword(hook: Callable) -> bool:
+    """Check if hook function accepts **kwargs."""
+    return any(p.kind == inspect.Parameter.VAR_KEYWORD for p in inspect.signature(hook).parameters.values())
+
+
 def _should_skip_hook(hook: Callable, ctx: HookContext) -> bool:
     filter_set = getattr(hook, "filter_set", None)
     return filter_set is not None and ctx.operation is not None and not filter_set.match(ctx)
@@ -349,7 +361,7 @@ def before_init_operation(context: HookContext, operation: APIOperation) -> None
 
 
 @HookDispatcher.register_spec([HookScope.GLOBAL])
-def before_call(context: HookContext, case: Case, **kwargs: Any) -> None:
+def before_call(context: HookContext, case: Case, kwargs: dict[str, Any]) -> None:
     """Called before every network call in CLI tests.
 
     Use cases:

schemathesis/openapi/loaders.py

@@ -282,7 +282,7 @@ def load_content(content: str, content_type: ContentType) -> dict[str, Any]:
     # If type is unknown, try JSON first, then YAML
     try:
         return _load_json(content)
-    except json.JSONDecodeError:
+    except LoaderError:
         return _load_yaml(content)
 
 

schemathesis/specs/openapi/_hypothesis.py

@@ -36,7 +36,13 @@ from ... import auths
 from ...generation import GenerationMode
 from ...hooks import HookContext, HookDispatcher, apply_to_all_dispatchers
 from .constants import LOCATION_TO_CONTAINER
-from .formats import HEADER_FORMAT, STRING_FORMATS, get_default_format_strategies, header_values
+from .formats import (
+    DEFAULT_HEADER_EXCLUDE_CHARACTERS,
+    HEADER_FORMAT,
+    STRING_FORMATS,
+    get_default_format_strategies,
+    header_values,
+)
 from .media_types import MEDIA_TYPES
 from .negative import negative_schema
 from .negative.utils import can_negate
@@ -410,10 +416,17 @@ def jsonify_python_specific_types(value: dict[str, Any]) -> dict[str, Any]:
 
 def _build_custom_formats(generation_config: GenerationConfig) -> dict[str, st.SearchStrategy]:
     custom_formats = {**get_default_format_strategies(), **STRING_FORMATS}
+    header_values_kwargs = {}
     if generation_config.exclude_header_characters is not None:
-        custom_formats[HEADER_FORMAT] = header_values(exclude_characters=generation_config.exclude_header_characters)
+        header_values_kwargs["exclude_characters"] = generation_config.exclude_header_characters
+        if not generation_config.allow_x00:
+            header_values_kwargs["exclude_characters"] += "\x00"
     elif not generation_config.allow_x00:
-        custom_formats[HEADER_FORMAT] = header_values(exclude_characters="\n\r\x00")
+        header_values_kwargs["exclude_characters"] = DEFAULT_HEADER_EXCLUDE_CHARACTERS + "\x00"
+    if generation_config.codec is not None:
+        header_values_kwargs["codec"] = generation_config.codec
+    if header_values_kwargs:
+        custom_formats[HEADER_FORMAT] = header_values(**header_values_kwargs)
     return custom_formats
 
 

schemathesis/specs/openapi/formats.py

@@ -1,5 +1,6 @@
 from __future__ import annotations
 
+import platform
 import string
 from base64 import b64encode
 from functools import lru_cache
@@ -11,7 +12,15 @@ if TYPE_CHECKING:
     from hypothesis import strategies as st
 
 
+IS_PYPY = platform.python_implementation() == "PyPy"
 STRING_FORMATS: dict[str, st.SearchStrategy] = {}
+# For some reason PyPy can't send header values with codepoints > 128, while CPython can
+if IS_PYPY:
+    MAX_HEADER_CODEPOINT = 128
+    DEFAULT_HEADER_EXCLUDE_CHARACTERS = "\n\r\x1f\x1e\x1d\x1c"
+else:
+    MAX_HEADER_CODEPOINT = 255
+    DEFAULT_HEADER_EXCLUDE_CHARACTERS = "\n\r"
 
 
 def register_string_format(name: str, strategy: st.SearchStrategy) -> None:
@@ -65,11 +74,15 @@ def unregister_string_format(name: str) -> None:
         raise ValueError(f"Unknown Open API format: {name}") from exc
 
 
-def header_values(exclude_characters: str = "\n\r") -> st.SearchStrategy[str]:
+def header_values(
+    codec: str | None = None, exclude_characters: str = DEFAULT_HEADER_EXCLUDE_CHARACTERS
+) -> st.SearchStrategy[str]:
     from hypothesis import strategies as st
 
     return st.text(
-        alphabet=st.characters(min_codepoint=0, max_codepoint=255, exclude_characters=exclude_characters)
+        alphabet=st.characters(
+            min_codepoint=0, max_codepoint=MAX_HEADER_CODEPOINT, codec=codec, exclude_characters=exclude_characters
+        )
         # Header values with leading non-visible chars can't be sent with `requests`
     ).map(str.lstrip)
 

schemathesis/specs/openapi/schemas.py

@@ -232,7 +232,7 @@ class BaseOpenAPISchema(BaseSchema):
 
         return statistic
 
-    def _operation_iter(self) -> Generator[dict[str, Any], None, None]:
+    def _operation_iter(self) -> Iterator[tuple[str, str, dict[str, Any]]]:
         try:
             paths = self.raw_schema["paths"]
         except KeyError:
@@ -243,13 +243,11 @@ class BaseOpenAPISchema(BaseSchema):
             try:
                 if "$ref" in path_item:
                     _, path_item = resolve(path_item["$ref"])
-                # Straightforward iteration is faster than converting to a set & calculating length.
                 for method, definition in path_item.items():
                     if should_skip(path, method, definition):
                         continue
-                    yield definition
+                    yield (method, path, definition)
             except SCHEMA_PARSING_ERRORS:
-                # Ignore errors
                 continue
 
     def _resolve_until_no_references(self, value: dict[str, Any]) -> dict[str, Any]:

schemathesis/specs/openapi/stateful/inference.py

@@ -0,0 +1,250 @@
+"""Inferencing connections between API operations.
+
+The current implementation extracts information from the `Location` header and
+generates OpenAPI links for exact and prefix matches.
+
+When a `Location` header points to `/users/123`, the inference:
+
+    1. Finds the exact match: `GET /users/{userId}`
+    2. Finds prefix matches: `GET /users/{userId}/posts`, `GET /users/{userId}/posts/{postId}`
+    3. Generates OpenAPI links with regex parameter extractors
+"""
+
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass
+from typing import TYPE_CHECKING, Any, Mapping, Union
+from urllib.parse import urlsplit
+
+from werkzeug.exceptions import MethodNotAllowed, NotFound
+from werkzeug.routing import Map, MapAdapter, Rule
+
+if TYPE_CHECKING:
+    from schemathesis.engine.observations import LocationHeaderEntry
+    from schemathesis.specs.openapi.schemas import BaseOpenAPISchema
+
+
+@dataclass(unsafe_hash=True)
+class OperationById:
+    """API operation identified by operationId."""
+
+    value: str
+    method: str
+    path: str
+
+    __slots__ = ("value", "method", "path")
+
+    def to_link_base(self) -> dict[str, Any]:
+        return {"operationId": self.value, "x-inferred": True}
+
+
+@dataclass(unsafe_hash=True)
+class OperationByRef:
+    """API operation identified by JSON reference path."""
+
+    value: str
+    method: str
+    path: str
+
+    __slots__ = ("value", "method", "path")
+
+    def to_link_base(self) -> dict[str, Any]:
+        return {"operationRef": self.value, "x-inferred": True}
+
+
+OperationReference = Union[OperationById, OperationByRef]
+# Method, path, response code, sorted path parameter names
+SeenLinkKey = tuple[str, str, int, tuple[str, ...]]
+
+
+@dataclass
+class MatchList:
+    """Results of matching a location path against API operation."""
+
+    exact: OperationReference
+    inexact: list[OperationReference]
+    parameters: Mapping[str, Any]
+
+    __slots__ = ("exact", "inexact", "parameters")
+
+
+@dataclass
+class LinkInferencer:
+    """Infer OpenAPI links from Location headers for stateful testing."""
+
+    _adapter: MapAdapter
+    # All API operations for prefix matching
+    _operations: list[OperationReference]
+    _base_url: str | None
+    _base_path: str
+    _links_field_name: str
+
+    __slots__ = ("_adapter", "_operations", "_base_url", "_base_path", "_links_field_name")
+
+    @classmethod
+    def from_schema(cls, schema: BaseOpenAPISchema) -> LinkInferencer:
+        # NOTE: Use `matchit` for routing in the future
+        rules = []
+        operations = []
+        for method, path, definition in schema._operation_iter():
+            operation_id = definition.get("operationId")
+            operation: OperationById | OperationByRef
+            if operation_id:
+                operation = OperationById(operation_id, method=method, path=path)
+            else:
+                encoded_path = path.replace("~", "~0").replace("/", "~1")
+                operation = OperationByRef(f"#/paths/{encoded_path}/{method}", method=method, path=path)
+
+            operations.append(operation)
+
+            # Replace `{parameter}` with `<parameter>` as angle brackets are used for parameters in werkzeug
+            path = re.sub(r"\{([^}]+)\}", r"<\1>", path)
+            rules.append(Rule(path, endpoint=operation, methods=[method.upper()]))
+
+        return cls(
+            _adapter=Map(rules).bind("", ""),
+            _operations=operations,
+            _base_url=schema.config.base_url,
+            _base_path=schema.base_path,
+            _links_field_name=schema.links_field,
+        )
+
+    def match(self, path: str) -> tuple[OperationReference, Mapping[str, str]] | None:
+        """Match path to API operation and extract path parameters."""
+        try:
+            return self._adapter.match(path)
+        except (NotFound, MethodNotAllowed):
+            return None
+
+    def _build_links_from_matches(self, matches: MatchList) -> list[dict]:
+        """Build links from already-found matches."""
+        exact = self._build_link_from_match(matches.exact, matches.parameters)
+        parameters = exact["parameters"]
+        links = [exact]
+        for inexact in matches.inexact:
+            link = inexact.to_link_base()
+            # Parameter extraction is the same, only operations are different
+            link["parameters"] = parameters
+            links.append(link)
+        return links
+
+    def _find_matches_from_normalized_location(self, normalized_location: str) -> MatchList | None:
+        """Find matches from an already-normalized location."""
+        match = self.match(normalized_location)
+        if not match:
+            # It may happen that there is no match, but it is unlikely as the API assumed to return a valid Location
+            # that points to an existing API operation. In such cases, if they appear in practice the logic here could be extended
+            # to support partial matches
+            return None
+        exact, parameters = match
+        if not parameters:
+            # Links without parameters don't make sense
+            return None
+        matches = MatchList(exact=exact, inexact=[], parameters=parameters)
+
+        # Find prefix matches, excluding the exact match
+        # For example:
+        #
+        #  Location: /users/123 -> /users/{user_id} (exact match)
+        #  /users/{user_id}/posts , /users/{user_id}/posts/{post_id} (partial matches)
+        #
+        for candidate in self._operations:
+            if candidate == exact:
+                continue
+            if candidate.path.startswith(exact.path):
+                matches.inexact.append(candidate)
+
+        return matches
+
+    def _build_link_from_match(
+        self, operation: OperationById | OperationByRef, path_parameters: Mapping[str, Any]
+    ) -> dict:
+        link = operation.to_link_base()
+
+        # Build regex expressions to extract path parameters
+        parameters = {}
+        for name in path_parameters:
+            # Replace the target parameter with capture group and others with non-slash matcher
+            pattern = operation.path
+            for candidate in path_parameters:
+                if candidate == name:
+                    pattern = pattern.replace(f"{{{candidate}}}", "(.+)")
+                else:
+                    pattern = pattern.replace(f"{{{candidate}}}", "[^/]+")
+
+            parameters[name] = f"$response.header.Location#regex:{pattern}"
+
+        link["parameters"] = parameters
+
+        return link
+
+    def _normalize_location(self, location: str) -> str | None:
+        """Normalize location header, handling both relative and absolute URLs."""
+        location = location.strip()
+        if not location:
+            return None
+
+        # Check if it's an absolute URL
+        if location.startswith(("http://", "https://")):
+            if not self._base_url:
+                # Can't validate absolute URLs without base_url
+                return None
+
+            parsed = urlsplit(location)
+            base_parsed = urlsplit(self._base_url)
+
+            # Must match scheme, netloc, and start with the base path
+            if parsed.scheme != base_parsed.scheme or parsed.netloc != base_parsed.netloc:
+                return None
+
+            return self._strip_base_path_from_location(parsed.path)
+
+        # Relative URL - strip base path if present, otherwise use as-is
+        stripped = self._strip_base_path_from_location(location)
+        return stripped if stripped is not None else location
+
+    def _strip_base_path_from_location(self, path: str) -> str | None:
+        """Strip base path from location path if it starts with base path."""
+        base_path = self._base_path.rstrip("/")
+        if not path.startswith(base_path):
+            return None
+
+        # Strip the base path to get relative path
+        relative_path = path[len(base_path) :]
+        return relative_path if relative_path.startswith("/") else "/" + relative_path
+
+    def inject_links(self, operation: dict[str, Any], entries: list[LocationHeaderEntry]) -> int:
+        from schemathesis.specs.openapi.schemas import _get_response_definition_by_status
+
+        responses = operation.setdefault("responses", {})
+        # To avoid unnecessary work, we need to skip entries that we know will produce already inferred links
+        seen: set[SeenLinkKey] = set()
+        injected = 0
+
+        for entry in entries:
+            location = self._normalize_location(entry.value)
+            if location is None:
+                # Skip invalid/empty locations or absolute URLs that don't match base_url
+                continue
+
+            matches = self._find_matches_from_normalized_location(location)
+            if matches is None:
+                # Skip locations that don't match any API apiration
+                continue
+
+            key = (matches.exact.method, matches.exact.path, entry.status_code, tuple(sorted(matches.parameters)))
+            if key in seen:
+                # Skip duplicate link generation for same operation/status/parameters combination
+                continue
+            seen.add(key)
+            # Find the right bucket for the response status or create a new one
+            definition = _get_response_definition_by_status(entry.status_code, responses)
+            if definition is None:
+                definition = responses.setdefault(str(entry.status_code), {})
+            links = definition.setdefault(self._links_field_name, {})
+
+            for idx, link in enumerate(self._build_links_from_matches(matches)):
+                links[f"X-Inferred-Link-{idx}"] = link
+                injected += 1
+        return injected

schemathesis/transport/requests.py

@@ -91,6 +91,7 @@ class RequestsTransport(BaseTransport["requests.Session"]):
 
         config = case.operation.schema.config
 
+        max_redirects = kwargs.pop("max_redirects", None) or config.max_redirects_for(operation=case.operation)
         timeout = config.request_timeout_for(operation=case.operation)
         verify = config.tls_verify_for(operation=case.operation)
         cert = config.request_cert_for(operation=case.operation)
@@ -131,6 +132,8 @@ class RequestsTransport(BaseTransport["requests.Session"]):
                     current_session_auth = session.auth
                     session.auth = None
             close_session = False
+        if max_redirects is not None:
+            session.max_redirects = max_redirects
         session.headers = {}
 
         verify = data.get("verify", True)

{schemathesis-4.0.26.dist-info → schemathesis-4.1.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: schemathesis
-Version: 4.0.26
+Version: 4.1.0
 Summary: Property-based testing framework for Open API and GraphQL based apps
 Project-URL: Documentation, https://schemathesis.readthedocs.io/en/stable/
 Project-URL: Changelog, https://github.com/schemathesis/schemathesis/blob/master/CHANGELOG.md
@@ -26,12 +26,13 @@ Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
 Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
 Classifier: Topic :: Software Development :: Testing
 Requires-Python: >=3.9
 Requires-Dist: backoff<3.0,>=2.1.2
 Requires-Dist: click<9,>=8.0
 Requires-Dist: colorama<1.0,>=0.4
-Requires-Dist: harfile<1.0,>=0.3.0
+Requires-Dist: harfile<1.0,>=0.3.1
 Requires-Dist: httpx<1.0,>=0.22.0
 Requires-Dist: hypothesis-graphql<1,>=0.11.1
 Requires-Dist: hypothesis-jsonschema<0.24,>=0.23.1