Hypothesis strategies for generating Python programs, something like CSmith.
This is definitely pre-alpha, but if you want to play with it feel free! You can even keep the shiny pieces when - not if - it breaks.
Get it today with pip install hypothesmith,
or by cloning the GitHub repo.
You can run the tests, such as they are, with tox on Python 3.6 or later.
Use tox -va to see what environments are available.
This package provides two Hypothesis strategies for generating Python source code.
The generated code will always be syntatically valid, and is useful for testing parsers, linters, auto-formatters, and other tools that operate on source code.
DO NOT EXECUTE CODE GENERATED BY THESE STRATEGIES.
It could do literally anything that running Python code is able to do, including changing, deleting, or uploading important data. Arbitrary code can be useful, but "arbitrary code execution" can be very, very bad.
hypothesmith.from_grammar(start="file_input", *, auto_target=True)Generates syntactically-valid Python source code based on the grammar.
Valid values for start are "single_input", "file_input", or
"eval_input"; respectively a single interactive statement, a module or
sequence of commands read from a file, and input for the eval() function.
If auto_target is True, this strategy uses hypothesis.target()
internally to drive towards larger and more complex examples. We recommend
leaving this enabled, as the grammar is quite complex and only simple examples
tend to be generated otherwise.
hypothesmith.from_node(node=libcst.Module, *, auto_target=True)Generates syntactically-valid Python source code based on the node types
defined by the LibCST project.
You can pass any subtype of libcst.CSTNode. Alternatively, you can use
Hypothesis' built-in from_type(node_type).map(lambda n: libcst.Module([n]).code,
after Hypothesmith has registered the required strategies. However, this does
not include automatic targeting and limitations of LibCST may lead to invalid
code being generated.
tokenize -> untokenize roundtrip bugs.lib2to3 errors on \r in commentPatch notes can be found in CHANGELOG.md.
FAQs
Hypothesis strategies for generating Python programs, something like CSmith
We found that hypothesmith demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.