Morest: Model-based RESTful API Testing with Execution Feedback

44th International Conference on Software Engineering (ICSE 2022) RESTful APIs are arguably the most popular endpoints for accessing Web services. Blackbox testing is one of the emerging techniques for ensuring the reliability of RESTful APIs. The major challenge in testing RESTful APIs is the need...

Full description

Saved in:
Bibliographic Details
Main Authors Liu, Yi, Li, Yuekang, Deng, Gelei, Liu, Yang, Wan, Ruiyuan, Wu, Runchao, Ji, Dandan, Xu, Shiheng, Bao, Minli
Format Journal Article
LanguageEnglish
Published 26.04.2022
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:44th International Conference on Software Engineering (ICSE 2022) RESTful APIs are arguably the most popular endpoints for accessing Web services. Blackbox testing is one of the emerging techniques for ensuring the reliability of RESTful APIs. The major challenge in testing RESTful APIs is the need for correct sequences of API operation calls for in-depth testing. To build meaningful operation call sequences, researchers have proposed techniques to learn and utilize the API dependencies based on OpenAPI specifications. However, these techniques either lack the overall awareness of how all the APIs are connected or the flexibility of adaptively fixing the learned knowledge. In this paper, we propose Morest, a model-based RESTful API testing technique that builds and maintains a dynamically updating RESTful-service Property Graph (RPG) to model the behaviors of RESTful-services and guide the call sequence generation. We empirically evaluated Morest and the results demonstrate that Morest can successfully request an average of 152.66%-232.45% more API operations, cover 26.16%-103.24% more lines of code, and detect 40.64%-215.94% more bugs than state-of-the-art techniques. In total, we applied Morest to 6 real-world projects and found 44 bugs (13 of them cannot be detected by existing approaches). Specifically, 2 of the confirmed bugs are from Bitbucket, a famous code management service with more than 6 million users.
DOI:10.48550/arxiv.2204.12148