RESTRuler: Towards Automatically Identifying Violations of RESTful
Design Rules in Web APIs
- URL: http://arxiv.org/abs/2402.13710v1
- Date: Wed, 21 Feb 2024 11:25:22 GMT
- Title: RESTRuler: Towards Automatically Identifying Violations of RESTful
Design Rules in Web APIs
- Authors: Justus Bogner, Sebastian Kotstein, Daniel Abajirov, Timothy Ernst,
Manuel Merkel
- Abstract summary: We present RESTRuler, a Java-based open-source tool that uses static analysis to detect design rule violations in OpenAPI descriptions.
For robustness, RESTRuler successfully analyzed 99% of the used real-world OpenAPI definitions.
For performance efficiency, the tool performed well for the majority of files and could analyze 84% in less than 23 seconds with low CPU and RAM usage.
- Score: 3.4711214580685557
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: RESTful APIs based on HTTP are one of the most important ways to make data
and functionality available to applications and software services. However, the
quality of the API design strongly impacts API understandability and usability,
and many rules have been specified for this. While we have evidence for the
effectiveness of many design rules, it is still difficult for practitioners to
identify rule violations in their design. We therefore present RESTRuler, a
Java-based open-source tool that uses static analysis to detect design rule
violations in OpenAPI descriptions. The current prototype supports 14 rules
that go beyond simple syntactic checks and partly rely on natural language
processing. The modular architecture also makes it easy to implement new rules.
To evaluate RESTRuler, we conducted a benchmark with over 2,300 public OpenAPI
descriptions and asked 7 API experts to construct 111 complicated rule
violations. For robustness, RESTRuler successfully analyzed 99% of the used
real-world OpenAPI definitions, with some failing due to excessive size. For
performance efficiency, the tool performed well for the majority of files and
could analyze 84% in less than 23 seconds with low CPU and RAM usage. Lastly,
for effectiveness, RESTRuler achieved a precision of 91% (ranging from 60% to
100% per rule) and recall of 68% (ranging from 46% to 100%). Based on these
variations between rule implementations, we identified several opportunities
for improvements. While RESTRuler is still a research prototype, the evaluation
suggests that the tool is quite robust to errors, resource-efficient for most
APIs, and shows good precision and decent recall. Practitioners can use it to
improve the quality of their API design.
Related papers
- Understanding Code Understandability Improvements in Code Reviews [79.16476505761582]
We analyzed 2,401 code review comments from Java open-source projects on GitHub.
83.9% of suggestions for improvement were accepted and integrated, with fewer than 1% later reverted.
arXiv Detail & Related papers (2024-10-29T12:21:23Z) - Reinforcement Learning-Based REST API Testing with Multi-Coverage [4.127886193201882]
MUCOREST is a novel Reinforcement Learning (RL)-based API testing approach that leverages Q-learning to maximize code coverage and output coverage.
MUCOREST significantly outperforms state-of-the-art API testing approaches by 11.6-261.1% in the number of discovered API bugs.
arXiv Detail & Related papers (2024-10-20T14:20:23Z) - FANTAstic SEquences and Where to Find Them: Faithful and Efficient API Call Generation through State-tracked Constrained Decoding and Reranking [57.53742155914176]
API call generation is the cornerstone of large language models' tool-using ability.
Existing supervised and in-context learning approaches suffer from high training costs, poor data efficiency, and generated API calls that can be unfaithful to the API documentation and the user's request.
We propose an output-side optimization approach called FANTASE to address these limitations.
arXiv Detail & Related papers (2024-07-18T23:44:02Z) - KAT: Dependency-aware Automated API Testing with Large Language Models [1.7264233311359707]
KAT (Katalon API Testing) is a novel AI-driven approach that autonomously generates test cases to validate APIs.
Our evaluation of KAT using 12 real-world services shows that it can improve validation coverage, detect more undocumented status codes, and reduce false positives in these services.
arXiv Detail & Related papers (2024-07-14T14:48:18Z) - ReGAL: Refactoring Programs to Discover Generalizable Abstractions [59.05769810380928]
Generalizable Abstraction Learning (ReGAL) is a method for learning a library of reusable functions via codeization.
We find that the shared function libraries discovered by ReGAL make programs easier to predict across diverse domains.
For CodeLlama-13B, ReGAL results in absolute accuracy increases of 11.5% on LOGO, 26.1% on date understanding, and 8.1% on TextCraft, outperforming GPT-3.5 in two of three domains.
arXiv Detail & Related papers (2024-01-29T18:45:30Z) - Exception-aware Lifecycle Model Construction for Framework APIs [4.333061751230906]
This paper adopts a static analysis technique to extract exception summary information in the framework API code.
It generates exception-aware API lifecycle models for the given framework/library project.
Compared to the exception-unaware API lifecycle modeling on 60 versions, JavaExp can identify 18% times more API changes.
arXiv Detail & Related papers (2024-01-05T06:35:47Z) - Leveraging Large Language Models to Improve REST API Testing [51.284096009803406]
RESTGPT takes as input an API specification, extracts machine-interpretable rules, and generates example parameter values from natural-language descriptions in the specification.
Our evaluations indicate that RESTGPT outperforms existing techniques in both rule extraction and value generation.
arXiv Detail & Related papers (2023-12-01T19:53:23Z) - Adaptive REST API Testing with Reinforcement Learning [54.68542517176757]
Current testing tools lack efficient exploration mechanisms, treating all operations and parameters equally.
Current tools struggle when response schemas are absent in the specification or exhibit variants.
We present an adaptive REST API testing technique incorporates reinforcement learning to prioritize operations during exploration.
arXiv Detail & Related papers (2023-09-08T20:27:05Z) - RestGPT: Connecting Large Language Models with Real-World RESTful APIs [44.94234920380684]
A tool-augmented large language models (LLMs) have achieved remarkable progress in tackling a broad range of tasks.
To address the practical challenges of tackling complex instructions, we propose RestGPT, which exploits the power of robustness.
To fully evaluate RestGPT, we propose RestBench, a high-quality benchmark which consists of two real-world scenarios and human-annotated instructions.
arXiv Detail & Related papers (2023-06-11T08:53:12Z) - EDEFuzz: A Web API Fuzzer for Excessive Data Exposures [3.5061201620029885]
Excessive Data Exposure (EDE) was the third most significant API vulnerability of 2019.
There are few automated tools -- either in research or industry -- to effectively find and remediate such issues.
We build the first fuzzing tool -- that we call EDEFuzz -- to systematically detect EDEs.
arXiv Detail & Related papers (2023-01-23T04:05:08Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.