Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socketโs threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Syrupy is a zero-dependency pytest snapshot plugin. It enables developers to write tests which assert immutability of computed results.
The most popular snapshot test plugin compatible with pytest has some core limitations which this package attempts to address by upholding some key values:
assert x == snapshot
vs. snapshot.assert_match(x)
.python -m pip install syrupy
You cannot use syrupy alongside snapshottest due to argument conflicts. To ease migration, we've made syrupy aware of snapshottest call syntax. Simply uninstall snapshottest and remove old snapshots:
pip uninstall snapshottest -y;
find . -type d ! -path '*/\.*' -name 'snapshots' | xargs rm -r
Syrupy will always be compatible with the latest version of Python and Pytest. If you're running an old version of Python or Pytest, you will need to use an older major version of Syrupy:
Syrupy Version | Python Support | Pytest Support |
---|---|---|
4.x.x | >3.8.1 | >=7 |
3.x.x | >=3.7, <4 | >=5.1, <8 |
2.x.x | >=3.6, <4 | >=5.1, <8 |
In a pytest test file test_file.py
:
def test_foo(snapshot):
actual = "Some computed value!"
assert actual == snapshot
when you run pytest
, the above test should fail due to a missing snapshot. Re-run pytest with the update snapshots flag like so:
pytest --snapshot-update
A snapshot file should be generated under a __snapshots__
directory in the same directory as test_file.py
. The __snapshots__
directory and all its children should be committed along with your test code.
The default serializer supports all python built-in types and provides a sensible default for custom objects.
If you need to customise your object snapshot, it is as easy as overriding the default __repr__
implementation.
def __repr__(self) -> str:
return "MyCustomClass(...)"
If you need bypass a custom object representation to use the amber standard, it is easy using the following helpers.
def test_object_as_named_tuple(snapshot):
assert snapshot == AmberDataSerializer.object_as_named_tuple(obj_with_custom_repr)
See
test_snapshot_object_as_named_tuple_class
for an example on automatically doing this for all nested properties
If you want to limit what properties are serialized at a class type level you could either:
A. Provide a filter function to the snapshot exclude configuration option.
def limit_foo_attrs(prop, path):
allowed_foo_attrs = {"do", "not", "serialize", "these", "attrs"}
return isinstance(path[-1][1], Foo) and prop in allowed_foo_attrs
def test_bar(snapshot):
actual = Foo(...)
assert actual == snapshot(exclude=limit_foo_attrs)
B. Provide a filter function to the snapshot include configuration option.
def limit_foo_attrs(prop, path):
allowed_foo_attrs = {"only", "serialize", "these", "attrs"}
return isinstance(path[-1][1], Foo) and prop in allowed_foo_attrs
def test_bar(snapshot):
actual = Foo(...)
assert actual == snapshot(include=limit_foo_attrs)
C. Or override the __dir__
implementation to control the attribute list.
class Foo:
def __dir__(self):
return ["only", "serialize", "these", "attrs"]
def test_bar(snapshot):
actual = Foo(...)
assert actual == snapshot
Both options will generate equivalent snapshots but the latter is only viable when you have control over the class implementation and do not need to share the exclusion logic with other objects.
These are the cli options exposed to pytest
by the plugin.
Option | Description | Default |
---|---|---|
--snapshot-update | Snapshots will be updated to match assertions and unused snapshots will be deleted. | False |
--snapshot-details | Includes details of unused snapshots (test name and snapshot location) in the final report. | False |
--snapshot-warn-unused | Prints a warning on unused snapshots rather than fail the test suite. | False |
--snapshot-default-extension | Use to change the default snapshot extension class. | AmberSnapshotExtension |
--snapshot-no-colors | Disable test results output highlighting. Equivalent to setting the environment variables ANSI_COLORS_DISABLED or NO_COLOR | Disabled by default if not in terminal. |
--snapshot-patch-pycharm-diff | Override PyCharm's default diffs viewer when looking at snapshot diffs. See IDE Integrations | False |
--snapshot-diff-mode | Configures how diffs are displayed on assertion failure. If working with very large snapshots, disabling the diff can improve performance. | detailed |
These are the options available on the snapshot
assertion fixture.
Use of these options are one shot and do not persist across assertions.
For more persistent options see advanced usage.
matcher
This allows you to match on a property path and value to control how specific object shapes are serialized.
The matcher is a function that takes two keyword arguments. It should return the replacement value to be serialized or the original unmutated value.
Argument | Description |
---|---|
data | Current serializable value being matched on |
path | Ordered path traversed to the current value e.g. (("a", dict), ("b", dict)) from { "a": { "b": { "c": 1 } } } } |
NOTE: Do not mutate the value received as it could cause unintended side effects.
Syrupy comes with built-in helpers that can be used to make easy work of using property matchers.
path_type(mapping=None, *, types=(), strict=True, regex=False)
Easy way to build a matcher that uses the path and value type to replace serialized data.
When strict, this will raise a ValueError
if the types specified are not matched.
Argument | Description |
---|---|
mapping | Dict of path string to tuples of class types, including primitives e.g. (MyClass, UUID, datetime, int, str) |
types | Tuple of class types used if none of the path strings from the mapping are matched |
strict | If a path is matched but the value at the path does not match one of the class types in the tuple then a PathTypeError is raised |
regex | If true, the mapping key is treated as a regular expression when matching paths |
replacer | Called with any matched value and result is used as the replacement that is serialized. Defaults to the object type when not given |
from syrupy.matchers import path_type
def test_bar(snapshot):
actual = {
"date_created": datetime.now(),
"value": "Some computed value!!",
}
assert actual == snapshot(matcher=path_type({
"date_created": (datetime,),
"nested.path.id": (int,),
}))
# name: test_bar
dict({
'date_created': datetime,
'value': 'Some computed value!!',
})
# ---
NOTE: When
regex
isTrue
all matcher mappings are treated as regex patterns
path_value(mapping=None, *, **kwargs)
Shares the same kwargs
as path_type
matcher, with the exception of the mapping
argument type.
Only runs replacement for objects at a matching path where the value of the mapping also matches the object data string repr.
Argument | Description |
---|---|
mapping | Dict of path string to object value string representations |
See
test_regex_matcher_str_value
for example usage.
exclude
This allows you to filter out object properties from the serialized snapshot.
The exclude parameter takes a filter function that accepts two keyword arguments.
It should return true
if the property should be excluded, or false
if the property should be included.
Argument | Description |
---|---|
prop | Current property on the object, could be any hashable value that can be used to retrieve a value e.g. 1 , "prop_str" , SomeHashableObject |
path | Ordered path traversed to the current value e.g. (("a", dict), ("b", dict)) from { "a": { "b": { "c": 1 } } } } |
Syrupy comes with built-in helpers that can be used to make easy work of using the filter options.
props(prop_name, *prop_name)
Easy way to build a filter that excludes based on string based property names.
Takes an argument list of property names, with support for indexed iterables.
from syrupy.filters import props
def test_bar(snapshot):
actual = {
"id": uuid.uuid4(),
"list": [1,2,3],
}
assert actual == snapshot(exclude=props("id", "1"))
# name: test_bar
dict({
'list': list([
1,
3,
]),
})
# ---
paths(path_string, *path_strings)
Easy way to build a filter that uses full path strings delimited with .
.
Takes an argument list of path strings.
from syrupy.filters import paths
def test_bar(snapshot):
actual = {
"date": datetime.now(),
"list": [1,2,3],
}
assert actual == snapshot(exclude=paths("date", "list.1"))
# name: test_bar
dict({
'list': list([
1,
3,
]),
})
# ---
include
This allows you filter an object's properties to a subset using a predicate. This is the opposite of exclude. All the same property filters supporterd by exclude are supported for include
.
The include parameter takes a filter function that accepts two keyword arguments.
It should return true
if the property should be include, or false
if the property should not be included.
Argument | Description |
---|---|
prop | Current property on the object, could be any hashable value that can be used to retrieve a value e.g. 1 , "prop_str" , SomeHashableObject |
path | Ordered path traversed to the current value e.g. (("a", dict), ("b", dict)) from { "a": { "b": { "c": 1 } } } } |
Note that include
has some caveats which make it a bit more difficult to use than exclude
. Both include
and exclude
are evaluated for each key of an object before traversing down nested paths. This means if you want to include a nested path, you must include all parents of the nested path, otherwise the nested child will never be reached to be evaluated against the include predicate. For example:
obj = {
"nested": { "key": True }
}
assert obj == snapshot(include=paths("nested", "nested.key"))
The extra "nested" is required, otherwise the nested dictionary will never be searched -- it'd get pruned too early.
To avoid adding duplicate path parts, we provide a convenient paths_include
which supports a list/tuple instead of a string for each path to match:
obj = {
"other": False,
"nested": { "key": True }
}
assert obj == snapshot(include=paths_include(["other"], ["nested", "key"]))
extension_class
This is a way to modify how the snapshot matches and serializes your data in a single assertion.
def test_foo(snapshot):
actual_svg = "<svg></svg>"
assert actual_svg == snapshot(extension_class=SVGImageSnapshotExtension)
diff
This is an option to snapshot only the diff between the actual object and a previous snapshot, with the diff
argument being the previous snapshot index
/name
.
def test_diff(snapshot):
actual0 = [1,2,3,4]
actual1 = [0,1,3,4]
assert actual0 == snapshot
assert actual1 == snapshot(diff=0)
# This is equivalent to the lines above
# Must use the index name to diff when given
assert actual0 == snapshot(name='snap_name')
assert actual1 == snapshot(diff='snap_name')
Syrupy comes with a few built-in preset configurations for you to choose from. You should also feel free to extend the AbstractSyrupyExtension
if your project has a need not captured by one our built-ins.
AmberSnapshotExtension
: This is the default extension which generates .ambr
files. Serialization of most data types are supported.
\r
and \n
characters are all written as \n
. This is to allow interoperability of snapshots between operating systems that use disparate line control characters.SingleFileSnapshotExtension
: Unlike the AmberSnapshotExtension
, which groups all tests within a single test file into a singular snapshot file, this extension creates one .raw
file per test case.PNGImageSnapshotExtension
: An extension of single file, this should be used to produce .png
files from a byte string.SVGImageSnapshotExtension
: Another extension of single file. This produces .svg
files from an svg string.JSONSnapshotExtension
: Another extension of single file. This produces .json
files from dictionaries and lists.name
By default, if you make multiple snapshot assertions within a single test case, an auto-increment identifier will be used to index the snapshots. You can override this behaviour by specifying a custom snapshot name to use in place of the auto-increment number.
def test_case(snapshot):
assert "actual" == snapshot(name="case_a")
assert "other" == snapshot(name="case_b")
Warning: If you use a custom name, you must make sure the name is not re-used within a test case.
By overriding the provided AbstractSyrupyExtension
you can implement varied custom behaviours.
See examples of how syrupy can be used and extended in the test examples.
It is possible to override include
, exclude
, matchers
and extension_class
on a more global level just once,
instead of every time per test. By default, after every assertion the modified values per snapshot assert are reverted
to their default values. However, it is possible to override those default values with ones you would like persisted,
which will be treated as the new defaults.
To achieve that you can use snapshot.with_defaults
, which will create new instance of SnapshotAssertion
with the provided values.
snapshot.use_extension
is retained for compatibility. However, it is limited to only overriding the default extension class.
This extension can be useful when testing API responses, or when you have to deal with long dictionaries that are cumbersome to validate inside a test. For example:
import pytest
from syrupy.extensions.json import JSONSnapshotExtension
@pytest.fixture
def snapshot_json(snapshot):
return snapshot.with_defaults(extension_class=JSONSnapshotExtension)
# or return snapshot.use_extension(JSONSnapshotExtension)
def test_api_call(client, snapshot_json):
resp = client.post("/endpoint")
assert resp.status_code == 200
assert snapshot_json == resp.json()
API responses often contain dynamic data, like IDs or dates. You can still validate and store other data of a response by leveraging syrupy matchers. For example:
from datetime import datetime
from syrupy.matchers import path_type
def test_api_call(client, snapshot_json):
resp = client.post("/user", json={"name": "Jane"})
assert resp.status_code == 201
matcher = path_type({
"id": (int,),
"registeredAt": (datetime,)
})
assert snapshot_json(matcher=matcher) == resp.json()
The generated snapshot:
{
"id": "<class 'int'>",
"registeredAt": "<class 'datetime'>",
"name": "Jane"
}
Or a case where the value needs to be replaced using a condition e.g. file path string
import re
from syrupy.matchers import path_type
def test_matches_generated_string_value(snapshot, tmp_file):
matcher = path_value(
mapping={"file_path": r"\w+://(.*/)+dir/filename.txt"},
replacer=lambda _, match: match[0].replace(match[1], "<tmp-file-path>/"),
types=(str,),
)
assert snapshot(matcher=matcher) == tmp_file
The generated snapshot:
{
"name": "Temp Files",
"file_path": "scheme://<tmp-file-path>/dir/filename.txt"
}
Syrupy does not support inline snapshots. For inline snapshots, we recommend checking out the inline-snapshot library.
The PyCharm IDE comes with a built-in tool for visualizing differences between expected and actual results in a test. To properly render Syrupy snapshots in the PyCharm diff viewer, we need to apply a patch to the diff viewer library. To do this, use the --snapshot-patch-pycharm-diff
flag, e.g.:
In your pytest.ini
:
[pytest]
addopts = --snapshot-patch-pycharm-diff
See #675 for the original issue.
pytest-xdist
support only partially exists. There is no issue when it comes to reads however when you attempt to run pytest --snapshot-update
, if running with more than 1 process, the ability to detect unused snapshots is disabled. See #535 for more information.We welcome contributions to patch these known limitations.
pip uninstall syrupy
If you have decided not to use Syrupy for your project after giving us a try, we'd love to get your feedback. Please create a GitHub issue if applicable.
Feel free to open a PR or GitHub issue. Contributions welcome!
To develop locally, clone this repository and run . script/bootstrap
to install test dependencies. You can then use invoke --list
to see available commands.
This section is automatically generated via tagging the all-contributors bot in a PR:
@all-contributors please add <username> for <contribution type>
Syrupy is licensed under Apache License Version 2.0.
FAQs
Pytest Snapshot Test Utility
We found that syrupy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.ย It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socketโs threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.