Alberto Martin-Lopez, Sergio Segura, Carlos Müller, and Antonio Ruiz-Cortés
Universidad de Sevilla - {amarlop, sergiosegura, cmuller, aruiz}@us.es
In this page we include all complementary resources to the paper entitled Specification and Automated Analysis of Inter-Parameter Dependencies in Web APIs.
The contributions presented in this paper are built on the results of a study on the presence of inter-parameter dependencies in real-world APIs presented in ICSOC’19. According to the diff tool Copyleaks, the percentage of similarity of both publications is 14.2%.
Note: if you are unable to see the embedded Google Sheet, it may be due to a current bug in Google Docs (see here and here). As a work around, you can log out of your Google account or go incognito mode. Or you can see the non-embedded version of the dataset HERE.
This dataset contains all the information regarding the 40 web APIs selected for our study on the presence of inter-parameter dependencies in real-world web APIs, as well as statistics and charts regarding the number and type of dependencies found.
Next we list the resources involved in the development and validation of IDL and IDLReasoner.
Here is a preview of the full version of the grammar of IDL. It is also available here.
grammar es.us.isa.interparamdep.InterparameterDependenciesLanguage with org.eclipse.xtext.common.Terminals
generate interparameterDependenciesLanguage "http://www.isa.us.es/interparamdep/InterparameterDependenciesLanguage"
Model:
dependencies+=Dependency*
;
Dependency:
dep=(RelationalDependency | ArithmeticDependency | ConditionalDependency | PredefinedDependency) ';' NL?
;
terminal NL:
('\r'? '\n')+
;
terminal BOOLEAN:
'true'|'false'
;
terminal DOUBLE:
('-'' '*)? INT ('.' INT)?
;
@Override
terminal ID:
('^')?('a'..'z'|'A'..'Z'|'_'|'.') ('a'..'z'|'A'..'Z'|'_'|'.'|'0'..'9')*
;
terminal ID_SPECIAL_CHARS:
'['('^')?('a'..'z'|'A'..'Z'|'_'|'.'|'-'|'/'|':') ('a'..'z'|'A'..'Z'|'_'|'.'|'-'|'/'|':'|'0'..'9')*']'
;
RelationalOperator:
'<' | '>' | '<=' | '>=' | '==' | '!='
;
ArithmeticOperator:
'+' | '-' | '*' | '/'
;
Not:
'NOT'
;
LogicalOperator:
'AND' | 'OR'
;
RelationalDependency:
param1=Param relationalOp=RelationalOperator param2=Param
;
ArithmeticDependency:
operation=Operation relationalOp=RelationalOperator result=DOUBLE
;
Operation:
firstParam=Param operationContinuation=OperationContinuation |
openingParenthesis='(' operation=Operation closingParenthesis=')' (operationContinuation=OperationContinuation)?
;
OperationContinuation:
arithOp=ArithmeticOperator additionalParams=(Param|Operation)
;
ConditionalDependency:
'IF' condition=Predicate 'THEN' consequence=Predicate
;
Predicate returns GeneralPredicate:
firstClause=Clause (clauseContinuation=ClauseContinuation)?
;
Clause returns GeneralClause:
firstElement=(Term|RelationalDependency|ArithmeticDependency|PredefinedDependency) |
not=Not? openingParenthesis='(' predicate=Predicate closingParenthesis=')'
;
Term returns GeneralTerm:
not=Not? param=Param |
not=Not? param=ParamValueRelation
;
Param:
name=(ID|ID_SPECIAL_CHARS)
;
ParamValueRelation:
Param '==' stringValues+=STRING('|'stringValues+=STRING)* |
Param 'LIKE' patternString=STRING |
Param '==' booleanValue=BOOLEAN |
Param relationalOp=RelationalOperator doubleValue=DOUBLE
;
ClauseContinuation returns GeneralClauseContinuation:
logicalOp=LogicalOperator additionalElements=Predicate
;
PredefinedDependency returns GeneralPredefinedDependency:
not=Not? predefDepType=('Or' | 'OnlyOne' | 'AllOrNone' | 'ZeroOrOne') '(' predefDepElements+=PositivePredicate (',' predefDepElements+=PositivePredicate)+ ')'
;
PositivePredicate returns GeneralPredicate:
firstClause=PositiveClause (clauseContinuation=PositiveClauseContinuation)?
;
PositiveTerm returns GeneralTerm:
param=Param |
param=ParamValueRelation |
RelationalDependency
;
PositiveClause returns GeneralClause:
firstElement=(PositiveTerm|RelationalDependency|ArithmeticDependency|PositivePredefinedDependency) |
openingParenthesis='(' predicate=PositivePredicate closingParenthesis=')'
;
PositiveClauseContinuation returns GeneralClauseContinuation:
logicalOp=LogicalOperator additionalElements=PositivePredicate
;
PositivePredefinedDependency returns GeneralPredefinedDependency:
predefDepType=('Or' | 'OnlyOne' | 'AllOrNone' | 'ZeroOrOne') '(' predefDepElements+=PositivePredicate (',' predefDepElements+=PositivePredicate)+ ')'
;
If you want to check the real IDL specifications, go here. Next, we give some more details regarding the APIs and operations selected for assessing the expressiveness capabilities of IDL:
Aiming to gain confidence on the correctness of the developed tools, we have created a thorough test suite comprising 218 test cases for validating both the language (IDL) and the constraint programming-aided tool (IDLReasoner):
We have created a demo video showing some of the capabilities of the IDL editor and the IDLReasoner analysis library. Note: if you are unable to see the embedded video, click here to go to the original site.
Aiming to show the potential of our approach, we have performed two experiments in the context of automated testing of RESTful web services. The data resulting from the experiments is freely available in this repository. Among other results, we uncovered the following bugs in the services tested:
test_1h7fvyyo3bo12_PostProducts.open_at accepts a timestamp representing a future date. When sending a value higher than the maximum int32 value such as 2147483653, the API returns a server error. Test ID: test_1hrgf37q8oca8_getBusinesses.test_1hbd8xv6txw6w_getBusinesses.location parameter to Egypt and the language to fi_FI (Finnish), the error LOCATION_NOT_FOUND is returned. However, changing the language makes the error disappear and actual results are returned. Test ID: test_r1cuuplspdnq_getBusinesses.open_now and open_at set to false obtain successful responses, even though the API documentation explicitly states that both parameters cannot be used together. Test ID: test_1h7wh51d7ps1i_getBusinesses.businesses[].price includes values not enumerated in the documentation ([$, $$, $$$, $$$$]), for example, € and ¥¥¥. Test ID: test_trz3ptplfcj6_getBusinesses.businesses[].rating propoerty set to 0.0, even though the documentation explicitly states that this value must be between 1 and 5. Test ID: test_1iusr05s43p0l_getBusinesses.test_1h7fu0woe00tv_youtubesearchlist.items[].snippet.publishTime, which is not defined in the API specification. Test ID: test_1hbghsasm15cz_youtubesearchlist.