Giters

schemathesis / schemathesis

Supercharge your API testing, catch bugs, and ensure compliance

Home Page:https://schemathesis.readthedocs.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[BUG] config allow_x00=False doesn't work

croumegous opened this issue · comments

commented

Checklist

  • I checked the FAQ section of the documentation
  • I looked for similar issues in the issue tracker
  • I am using the latest version of Schemathesis

Describe the bug

I have a FastAPI backend. Schemathesis generate failing case ValueError: A string literal cannot contain NUL (0x00) characters.
parameters = {'name_1': '0\x00'}, context = <sqlalchemy.dialects.postgresql.psycopg2.PGExecutionContext_psycopg2 object at 0x7d142f430cd0>

Because schemathesis generate case with \x00 even though I have explicitly used generation_config=GenerationConfig(allow_x00=False)

To Reproduce

My schemathesis pytest file look like this:

def application_provider():
    return create_app()

schemathesis.experimental.OPEN_API_3_1.enable()
schema = schemathesis.from_asgi(
    f"/{CONFIG['SERVICE_NAME']}/api/v1/openapi.json",
    application_provider(),
    generation_config=GenerationConfig(allow_x00=False),
)
schemathesis.fixups.install()


# run it manually with "pytest -m schemathesis"
@pytest.mark.schemathesis
@schema.parametrize(skip_deprecated_operations=True)
@settings(
    deadline=2000,
    verbosity=Verbosity.normal,
    suppress_health_check=[HealthCheck.too_slow, HealthCheck.filter_too_much, HealthCheck.function_scoped_fixture],
)
@pytest.mark.parametrize("mocked_database_function", [DATA_SET], indirect=True)
def test_api(case, mocked_database_function, mock_keycloak_client):
    headers = get_header_authentication(IDENTITY_ROOT_ADMIN_PROVIDER)
    response = case.call_asgi(headers=headers, base_url=f"http://localhost:8090/{CONFIG['SERVICE_NAME']}")
    case.validate_response(response, checks=DEFAULT_CHECKS)

The code of the endpoint that fail:

class PostOrganizationRoleSchema(BaseModel):
    name: str
async def post_create_organization_role(payload: PostOrganizationRoleSchema) -> OrganizationRoleSchema:
    """
    Create a new OrganizationRole
    """
    payload = payload.model_dump()

    organization_role = (
        OrganizationRoles.query.options(joinedload("permissions"))
        .filter(OrganizationRoles.name == payload.get("name"))
        .one_or_none()
    ) #fail here because name='\x00'

  ....

Expected behavior

Schemathesis should not create case with special character \x00

Environment

- OS: Debian
- Python version: 3.9
- Schemathesis version: 3.25.2
- Spec version: Open API 3.1.0
commented

Hi @croumegous

Thank you for reporting! The issue is caused by two bugs - one in hypothesis-jsonschema and another one here. I am going to fix them soon