CRUDinfer: Automated CRUD Semantics Inference for REST APIs Through Black-box Testing
This program is tentative and subject to change.
REST APIs are the de facto standard for web service interaction, praised for flexibility and simplicity of adoption. Nevertheless, the lack of mandatory implementation guidelines for REST APIs has led to the diffusion of poor-quality and difficult-to-maintain web services. A key concern in this context is the misuse of CRUD (Create, Read, Update, and Delete) semantics of API operations. While best practices suggest mapping CRUD verbs to HTTP methods ($\mathtt{POST}$, $\mathtt{GET}$, $\mathtt{PUT}$/$\mathtt{PATCH}$, and $\mathtt{DELETE}$, respectively), many implementations fail to adhere to such a guideline. This common \emph{anti-pattern} makes interaction with the API ambiguous, hindering maintainability and decreasing the effectiveness of automated REST API testing.
In this paper, we propose $\mathsf{CRUDinfer}$, a novel approach to automatically infer REST API operation CRUD semantics by leveraging (black-box) interactions with the API. The approach incrementally refines the knowledge about API operations’ CRUD semantics via \emph{CRUD test scenarios}. Specifically, it employs interaction patterns typical of each CRUD semantics verb to craft test scenarios (i.e., HTTP interactions) for API operations with the aim of confirming their semantics. Testing failures indicate a mismatch between the intended CRUD semantics and the actual implementation. Thus, it refines API operations’ CRUD semantics knowledge through improved test scenarios.
Empirical evaluation indicates high inference capabilities for \tool, with an overall precision higher than 95% on the considered benchmark REST APIs.
This program is tentative and subject to change.
Wed 15 AprDisplayed time zone: Brasilia, Distrito Federal, Brazil change
11:00 - 12:30 | Evolution 1Journal-first Papers / Research Track at Oceania VIII Chair(s): Leopoldo Teixeira Federal University of Pernambuco | ||
11:00 15mTalk | Func: Reducing the impact of Android framework evolution on malware detection Journal-first Papers Hailong Yu Harbin Institute of Technology, Harbin Institute of Technology Zhengzhou Research Institute, Tiantian Wang Harbin Institute of Technology, Lwin Khin Shar Singapore Management University, Hanmeng Li Harbin Institute of Technology, David Lo Singapore Management University | ||
11:15 15mTalk | Unraveling Code Clone Dynamics in Deep Learning Frameworks Journal-first Papers Maram Assi Université du Québec à Montréal, Safwat Hassan University of Toronto, Ying Zou Queen's University, Kingston, Ontario | ||
11:30 15mTalk | Remediating Superfluous Re-Rendering in React ApplicationsDistinguished Paper Award Research Track Farideh Khalili , Satyajit Gokhale Amazon, Alexi Turcotte CISPA, Dale Xu Boston University, Frank Tip Northeastern University | ||
11:45 15mTalk | Minimizing Breaking Changes and Redundancy in Mitigating Technical Lag for Java Projects Research Track Rui Lu East China Normal University, Lyuye Zhang Nanyang Technological University, Kaixuan Li Nanyang Technological University, Min Zhang East China Normal University, Yixiang Chen East China Normal University Pre-print | ||
12:00 15mTalk | CRUDinfer: Automated CRUD Semantics Inference for REST APIs Through Black-box Testing Research Track Michele Pasqua University of Verona, Davide Corradini University of Luxembourg, Michele Perlotto University of Naples, Mariano Ceccato University of Verona | ||
12:15 15mTalk | Diffploit: Facilitating Cross-Version Exploit Migration for Open Source Library Vulnerabilities Research Track Zirui Chen , Zhipeng Xue Zhejiang University, Jiayuan Zhou Queen's University, Xing Hu Zhejiang University, Xin Xia Zhejiang University, Xiaohu Yang Zhejiang University | ||