MOREST: Model-based RESTful API Testing with Execution Feedback
Thu 12 May 2022 12:25 - 12:30 at ICSE room 2 - Software Engineering in Practice 5 Chair(s): Mehrdad Sabetzadeh
RESTful APIs are arguably the most popular endpoints for accessing Web services. Blackbox testing is one of the emerging techniques for ensuring the reliability of RESTful APIs. The major challenge in testing RESTful APIs is the need for correct sequences of API operation calls for in-depth testing. To build meaningful operation call sequences, researchers have proposed techniques to learn and utilize the API dependencies based on OpenAPI specifications. However, these techniques either lack the overall awareness of how all the APIs are connected or the flexibility of adaptively fixing the learned knowledge.
In this paper, we propose MOREST, a model-based RESTful API testing technique that builds and maintains a dynamically updating RESTful-service Property Graph (RPG) to model the behaviors of RESTful-services and guide the call sequence generation. We empirically evaluated MOREST and the results demonstrate that \textsc{Morest} can successfully request an average of 152.66%-232.45% more API operations, cover 26.16%-103.24% more lines of code, and detect 40.64%-215.94% more bugs than state-of-the-art techniques.
In total, we applied MOREST to 6 real-world projects and found 44 bugs (13 of them cannot be detected by existing approaches). Specifically, 2 of the confirmed bugs are from Bitbucket, a famous code management service with more than 6 million users.
Wed 11 MayDisplayed time zone: Eastern Time (US & Canada) change
Thu 12 MayDisplayed time zone: Eastern Time (US & Canada) change
12:00 - 13:00 | Software Engineering in Practice 5Technical Track / SEIP - Software Engineering in Practice at ICSE room 2 Chair(s): Mehrdad Sabetzadeh University of Ottawa | ||
5m Talk | Automatic Anti-Pattern Detection in Microservice Architectures based on Distributed Tracing SEIP - Software Engineering in Practice Tim Hubener ING Bank N.V., Yaping Luo ING; Eindhoven University of Technology, Pieter Vallen ING, Jonck van der Kogel ING Bank N.V., Tom Liefheid ING Bank N.V., Michel Chaudron Eindhoven University of Technology, The Netherlands Media Attached | ||
5m Talk | Organizational Culture and its impact on the BizDev interface SEIP - Software Engineering in Practice Pre-print Media Attached | ||
5m Talk | A Software Impact Analysis Tool based on Change History Learning and its Evaluation SEIP - Software Engineering in Practice Haruya Iwasaki Shibaura Institute of Technologies, Tsuyoshi Nakajima Shibaura Institute of Technology, Ryota Tsukamoto Mitsubishi Electric Corporation, Kazuko Takahashi Mitsubishi Electric Corporation, Shuichi Tokumoto Mitsubishi Electric Corporation DOI Media Attached | ||
5m Talk | Looking for Lacunae in Bitcoin Core’s Fuzzing Efforts SEIP - Software Engineering in Practice Alex Groce Northern Arizona University, Kush Jain Carnegie Mellon University, Rijnard van Tonder Sourcegraph, Goutamkumar Tulajappa Kalburgi Northern Arizona University, Claire Le Goues Carnegie Mellon University | ||
5m Talk | AI for Automated Code Updates SEIP - Software Engineering in Practice Salwa Alamir J.P. Morgan AI Research, Petr Babkin J.P. Morgan AI Research, Nacho Navarro J.P. Morgan AI Research, Sameena Shah J.P. Morgan AI Research Pre-print Media Attached | ||
5m Talk | MOREST: Model-based RESTful API Testing with Execution Feedback Technical Track Yi Liu Nanyang Technological University, Yuekang Li Nanyang Technological University, Gelei Deng Nanyang Technological University, Yang Liu Nanyang Technological University, Ruiyuan Wan Huawei Inc., Runchao Wu Huawei Inc., Dandan Ji Huawei Inc., Shiheng Xu Huawei Inc., Minli Bao Huawei Inc. Pre-print Media Attached |