Cargando…
Bootstrapping Automated Testing for RESTful Web Services
Modern RESTful services expose RESTful APIs to integrate with diversified applications. Most RESTful API parameters are weakly typed, which greatly increases the possible input value space. This poses difficulties for automated testing tools to generate effective test cases to reveal web service def...
| Autores principales: | , , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
2021
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7978668/ http://dx.doi.org/10.1007/978-3-030-71500-7_3 |
| _version_ | 1783667220925120512 |
|---|---|
| author | Chen, Yixiong Yang, Yang Lei, Zhanyao Xia, Mingyuan Qi, Zhengwei |
| author_facet | Chen, Yixiong Yang, Yang Lei, Zhanyao Xia, Mingyuan Qi, Zhengwei |
| author_sort | Chen, Yixiong |
| collection | PubMed |
| description | Modern RESTful services expose RESTful APIs to integrate with diversified applications. Most RESTful API parameters are weakly typed, which greatly increases the possible input value space. This poses difficulties for automated testing tools to generate effective test cases to reveal web service defects related to parameter validation. We call this phenomenon the type collapse problem. To remedy this problem, we introduce FET (Format-encoded Type) techniques, including the FET, the FET lattice, and the FET inference to model fine-grained information for API parameters. Enhanced by FET techniques, automated testing tools can generate targeted test cases. We demonstrate Leif, a trace-driven fuzzing tool, as a proof-of-concept implementation of FET techniques. Experiment results on 27 commercial services show that FET inference precisely captures documented parameter definitions, which helps Leif to discover 11 new bugs and reduce [Formula: see text] fuzzing time as compared to state-of-the-art fuzzers. |
| format | Online Article Text |
| id | pubmed-7978668 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2021 |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-79786682021-03-23 Bootstrapping Automated Testing for RESTful Web Services Chen, Yixiong Yang, Yang Lei, Zhanyao Xia, Mingyuan Qi, Zhengwei Fundamental Approaches to Software Engineering Article Modern RESTful services expose RESTful APIs to integrate with diversified applications. Most RESTful API parameters are weakly typed, which greatly increases the possible input value space. This poses difficulties for automated testing tools to generate effective test cases to reveal web service defects related to parameter validation. We call this phenomenon the type collapse problem. To remedy this problem, we introduce FET (Format-encoded Type) techniques, including the FET, the FET lattice, and the FET inference to model fine-grained information for API parameters. Enhanced by FET techniques, automated testing tools can generate targeted test cases. We demonstrate Leif, a trace-driven fuzzing tool, as a proof-of-concept implementation of FET techniques. Experiment results on 27 commercial services show that FET inference precisely captures documented parameter definitions, which helps Leif to discover 11 new bugs and reduce [Formula: see text] fuzzing time as compared to state-of-the-art fuzzers. 2021-02-24 /pmc/articles/PMC7978668/ http://dx.doi.org/10.1007/978-3-030-71500-7_3 Text en © The Author(s) 2021 Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. |
| spellingShingle | Article Chen, Yixiong Yang, Yang Lei, Zhanyao Xia, Mingyuan Qi, Zhengwei Bootstrapping Automated Testing for RESTful Web Services |
| title | Bootstrapping Automated Testing for RESTful Web Services |
| title_full | Bootstrapping Automated Testing for RESTful Web Services |
| title_fullStr | Bootstrapping Automated Testing for RESTful Web Services |
| title_full_unstemmed | Bootstrapping Automated Testing for RESTful Web Services |
| title_short | Bootstrapping Automated Testing for RESTful Web Services |
| title_sort | bootstrapping automated testing for restful web services |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7978668/ http://dx.doi.org/10.1007/978-3-030-71500-7_3 |
| work_keys_str_mv | AT chenyixiong bootstrappingautomatedtestingforrestfulwebservices AT yangyang bootstrappingautomatedtestingforrestfulwebservices AT leizhanyao bootstrappingautomatedtestingforrestfulwebservices AT xiamingyuan bootstrappingautomatedtestingforrestfulwebservices AT qizhengwei bootstrappingautomatedtestingforrestfulwebservices |