[BUG] false invalid schema

[GeorgeFischhof]

Checklist

• I checked the FAQ section of the documentation
• I looked for similar issues in the issue tracker
• I am using the latest version of Schemathesis

Describe the bug

Hi,
I have an openapi 3.0.3 document file, which contains references for parts of another file (it contains common stuff)
for example:
$ref: './common-components.yaml#/components/responses/UnauthorizedError'

validators that I found say it is valid, also swagger UI is created well from the two files (the parts from common file are included)

But schemathesis says it is invalid:

when
my_stuff = schemathesis.from_file("./my-file.yaml")
is called, the following error is given:

.venv\Lib\site-packages\schemathesis\specs\openapi\loaders.py:256: in from_file
    return from_dict(
.venv\Lib\site-packages\schemathesis\specs\openapi\loaders.py:309: in from_dict
    raise SchemaError(SchemaErrorType.OPEN_API_INVALID_SCHEMA, SCHEMA_INVALID_ERROR)

E   schemathesis.exceptions.SchemaError: The provided API schema does not appear to be a valid OpenAPI schema

To Reproduce

will anonymize, and send example if this is not enough

Environment

- OS: [Windows]
- Python version: [3.11]
- Schemathesis version: [e.g. 3.25.4]
- Spec version: [e.g. Open API 3.0.3]

BR,
George

[GeorgeFischhof]

somwhow I did not see additional warnings previously:

.venv\Lib\site-packages\schemathesis\specs\openapi\references.py:49
.venv\Lib\site-packages\schemathesis\specs\openapi\references.py:49: DeprecationWarning: jsonschema.RefResolver is deprecated as of v4.18.0, in favor of the https://github.com/python-jsonschema/referencing library, which provides more compliant referencing behavior as well as more flexible APIs for customization. A future release will remove RefResolver. Please file a feature request (on referencing) if you are missing an API for the kind of customization you need.
class InliningResolver(jsonschema.RefResolver):

.venv\Lib\site-packages\schemathesis\specs\openapi\security.py:6
.venv\Lib\site-packages\schemathesis\specs\openapi\security.py:6
.venv\Lib\site-packages\schemathesis\specs\openapi\security.py:6: DeprecationWarning: jsonschema.RefResolver is deprecated as of v4.18.0, in favor of the https://github.com/python-jsonschema/referencing library, which provides more compliant referencing behavior as well as more flexible APIs for customization. A future release will remove RefResolver. Please file a feature request (on referencing) if you are missing an API for the kind of customization you need.
from jsonschema import RefResolver

.venv\Lib\site-packages\schemathesis\specs\openapi\schemas.py:84
.venv\Lib\site-packages\schemathesis\specs\openapi\schemas.py:84: DeprecationWarning: jsonschema.exceptions.RefResolutionError is deprecated as of version 4.18.0. If you wish to catch potential reference resolution errors, directly catch referencing.exceptions.Unresolvable.
SCHEMA_PARSING_ERRORS = (KeyError, AttributeError, jsonschema.exceptions.RefResolutionError)

[GeorgeFischhof]

additional info:
I removed (expanded) all the references, and tried out, and got the same error, tried with Python 3.9 / latest schemathesis, and got the same

[Stranger6667]

Hi! Thank you for reporting!

Can you please, share your schema? It would help me a lot

Re: warnings - that's something I plan to address via #1755

[Stranger6667]

As a side note, there are cases when such failures come directly from YAML quirks, and some online editors parse inputs differently, in a more permissive way. I don't remember the exact issue in the issue tracker but will link it later

[Stranger6667]

Could it be this one? #610 (comment)

[GeorgeFischhof]

Hi @Stranger6667 ,
that is not the same issue, perhaps it came from yaml, I do not know.

I anonymized my files: the main file contains references to itself, and to the common parts, the common parts file has references to itself.

I attach the files, it is a tar.gz

BR,
George
anonym.gz

[Stranger6667]

Thanks for sharing!

I found two issues:

1. Schemathesis does not resolve $ref inside security schemes, but it should. (see components/securitySchemes/Bearer)
2. Error message is useless, the issue is that it Schemathesis assumes that type key is always there and tries to check it and fails with KeyError. It would be useful to at least show the trace (when --show-trace is present).

I am going to fix these soon