2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE)
Download PDF

Abstract

Representational state transfer (REST) is a widely employed architecture by web applications and cloud. Users can invoke such services according to the specification of their application interfaces, namely RESTful APIs. Existing approaches for fuzzing RESTful APIs are generally based on classic API-dependency graphs. However, such dependencies are inefficient for REST services due to the explosion of dependencies among APIs. In this paper, we propose a novel tree-based approach that can better capture the essential dependencies and largely improve the efficiency of RESTful API fuzzing. In particular, the hierarchical information of the endpoints across multiple APIs enables us to construct an API tree, and the relationships of tree nodes can indicate the priority of resource dependencies, e.g., it’s more likely that a node depends on its parent node rather than its offspring or siblings. We employ two real-world REST projects and the REST-Go benchmark for evaluation and compare the performance of foREST with two state-of-the-art fuzzing tools, RESTler and EvoMaster (black-box mode). Results show that foREST can achieve substantial coverage improvement in most experiments. Besides, foREST finds 20 new bugs previously unknown.
Like what you’re reading?
Already a member?Sign In
Member Price
$11
Non-Member Price
$21
Add to CartSign In
Get this article FREE with a new membership!

Related Articles