OAS DB: a shared infrastructure to support OpenAPI research
It is common knowledge the great success achieved by the Web in the last decades. Together with the rise of Web systems in general, it came the increase of the number of Web APIs. There are many specifications used to describe an Web API. One of the most popular ones is OpenAPI. This specification a...
| Autor: | |
|---|---|
| Formato: | tesis de maestría |
| Estado: | Versión publicada |
| Fecha de publicación: | 2022 |
| País: | Brasil |
| Recursos: | Universidade de São Paulo (USP) |
| Repositorio: | Biblioteca Digital de Teses e Dissertações da USP |
| Idioma: | inglés |
| OAI Identifier: | oai:teses.usp.br:tde-25052022-214725 |
| Acesso em linha: | https://www.teses.usp.br/teses/disponiveis/100/100131/tde-25052022-214725/ |
| Access Level: | acceso abierto |
| Palavra-chave: | Análise estática Anti-pattern Code generation Geração de programas Injeção de defeitos em software OpenAPI Repositório Repository REST API Software fault injection Static analysis |
| Resumo: | It is common knowledge the great success achieved by the Web in the last decades. Together with the rise of Web systems in general, it came the increase of the number of Web APIs. There are many specifications used to describe an Web API. One of the most popular ones is OpenAPI. This specification allows one to describe all the resources that can be accessed and manipulated through a REST Web API. An OpenAPI specification can be used to perform different kinds of analysis and verification of the service implementing the described API. A common challenge faced by researchers, however, is the lack of shared validation infrastructure or a standard benchmark. The main contribution of our research is a software artifact --- called OAS DB (OpenAPI Specifications Database) --- that aims to provide researchers and industry practitioners with a complete solution to streamline the validation of new OpenAPI related techniques and tools. OAS DB is able to generate complete OpenAPI specifications and their corresponding mock implementations. It is also both capable of injecting faults and anti-patterns in these generated specifications/mock implementations and of indicating --- through machine-readable files --- which issues and anti-patterns are present in the generated assets. We use OAS DB to assess tools relying on both static and dynamic techniques to detect faults and anti-patterns in OpenAPI specifications. Our results indicate that these tools fail to detect relevant faults and anti-patterns in the synthetic APIs generated by OAS DB, indicating that there is room to improve these tools and the ways in which they are applying static and dynamic analysis techniques. The present work also has as contributions: a) a proof of concept REST API anti-pattern detector (which we call Oasis) and b) the description of a novel REST anti-pattern not described in the literature so far |
|---|