research-article

Combinatorial testing of RESTful APIs

Authors:
Huayao Wu

Nanjing University, China

Nanjing University, China
View Profile

,
Lixin Xu

Nanjing University, China

Nanjing University, China
View Profile

,
Xintao Niu

Nanjing University, China

Nanjing University, China
View Profile

,
Changhai Nie

Nanjing University, China

Nanjing University, China
View Profile

ICSE '22: Proceedings of the 44th International Conference on Software EngineeringMay 2022Pages 426–437https://doi.org/10.1145/3510003.3510151

Published:05 July 2022Publication History

ICSE '22: Proceedings of the 44th International Conference on Software Engineering

Pages 426–437

ABSTRACT

This paper presents RestCT, a systematic and fully automatic approach that adopts Combinatorial Testing (CT) to test RESTful APIs. RestCT is systematic in that it covers and tests not only the interactions of a certain number of operations in RESTful APIs, but also the interactions of particular input-parameters in every single operation. This is realised by a novel two-phase test case generation approach, which first generates a constrained sequence covering array to determine the execution orders of available operations, and then applies an adaptive strategy to generate and refine several constrained covering arrays to concretise input-parameters of each operation. RestCT is also automatic in that its application relies on only a given Swagger specification of RESTful APIs. The creation of CT test models (especially, the inferring of dependency relationships in both operations and input-parameters), and the generation and execution of test cases are performed without any human intervention. Experimental results on 11 real-world RESTful APIs demonstrate the effectiveness and efficiency of RestCT. In particular, RestCT can find eight new bugs, where only one of them can be triggered by the state-of-the-art testing tool of RESTful APIs.

References

Juan C Alonso. 2021. Automated generation of realistic test inputs for web APIs. In ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE). 1666--1668. Google ScholarDigital Library
Fuad Sameh Alshraiedeh and Norliza Katuk. 2020. A URI parsing technique and algorithm for anti-pattern detection in RESTful Web services. International Journal of Web Information Systems 17, 1 (2020), 1--17. Google ScholarCross Ref
Andrea Arcuri. 2017. RESTful API automated test case generation. In International Conference on Software Quality, Reliability and Security (QRS). 9--20. Google ScholarCross Ref
Andrea Arcuri. 2019. RESTful API automated test case generation with EvoMaster. ACM Transactions on Software Engineering and Methodology (TOSEM) 28, 1 (2019), 1--37. Google ScholarDigital Library
Andrea Arcuri. 2020. Automated blackbox and whitebox testing of RESTful APIs with EvoMaster. IEEE Software (2020). Google ScholarCross Ref
Andrea Arcuri and Juan P Galeotti. 2020. Handling SQL databases in automated system test generation. ACM Transactions on Software Engineering and Methodology (TOSEM) 29, 4 (2020), 1--31. Google ScholarDigital Library
Andrea Arcuri and Juan P Galeotti. 2021. Enhancing search-based testing with testability transformations for existing APIs. ACM Transactions on Software Engineering and Methodology (TOSEM) 31, 1 (2021), 1--34. Google ScholarDigital Library
Vaggelis Atlidakis, Roxana Geambasu, Patrice Godefroid, Marina Polishchuk, and Baishakhi Ray. 2020. Pythia: grammar-based fuzzing of REST APIs with coverage-guided feedback and learning-based mutations. arXiv preprint (2020). https://arxiv.org/abs/2005.11498.Google Scholar
Vaggelis Atlidakis, Patrice Godefroid, and Marina Polishchuk. 2019. RESTler: stateful REST API fuzzing. In International Conference on Software Engineering (ICSE). 748--758. Google ScholarDigital Library
Vaggelis Atlidakis, Patrice Godefroid, and Marina Polishchuk. 2020. Checking security properties of cloud service REST APIs. In International Conference on Software Testing, Validation and Verification (ICST). 387--397. Google ScholarCross Ref
Steven Bucaille, Javier Luis Cánovas Izquierdo, Hamza Ed-Douibi, and Jordi Cabot. 2020. An OpenAPI-based testing framework to monitor non-functional properties of REST APIs. In International Conference on Web Engineering. 533--537. Google ScholarDigital Library
Sujit Kumar Chakrabarti and Prashant Kumar. 2009. Test-the-REST: An approach to testing RESTful web-services. In Computation World: Future Computing, Service Computation, Cognitive, Adaptive, Content, Patterns. 302--308. Google ScholarDigital Library
Sujit Kumar Chakrabarti and Reswin Rodriquez. 2010. Connectedness testing of RESTful web-services. In India software engineering conference. 143--152. Google ScholarDigital Library
Yixiong Chen, Yang Yang, Zhanyao Lei, Mingyuan Xia, and Zhengwei Qi. 2021. Bootstrapping automated testing for RESTful web services. In International Conference on Fundamental Approaches to Software Engineering. 46--66. Google ScholarDigital Library
Davide Corradini, Amedeo Zampieri, Michele Pasqua, and Mariano Ceccato. 2021. Empirical comparison of black-box test case generation tools for RESTful APIs. In International Working Conference on Source Code Analysis and Manipulation (SCAM). 226--236. Google ScholarCross Ref
Davide Corradini, Amedeo Zampieri, Michele Pasqua, and Mariano Ceccato. 2021. Restats: A test coverage tool for RESTful APIs. In International Conference on Software Maintenance and Evolution (ICSME). 594--598. Google ScholarCross Ref
Alexandre L. Correa, Thiago Silva-de-Souza, Eber Assis Schmitz, and Antonio Juarez Alencar. 2012. Defining RESTful web services test cases from UML models. In International Conference on Software Engineering & Knowledge Engineering. 319--323.Google Scholar
Hamza Ed-Douibi, Javier Luis Cánovas Izquierdo, and Jordi Cabot. 2018. Automatic generation of test cases for REST APIs: a specification-based approach. In International Enterprise Distributed Object Computing Conference. 181--190. Google ScholarCross Ref
Tobias Fertig and Peter Braun. 2015. Model-driven testing of RESTful APIs. In International Conference on World Wide Web: Companion. 1497--1502. Google ScholarDigital Library
Patrice Godefroid, Bo-Yuan Huang, and Marina Polishchuk. 2020. Intelligent REST API data fuzzing. In Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE). 725--736. Google ScholarDigital Library
Patrice Godefroid, Daniel Lehmann, and Marina Polishchuk. 2020. Differential regression testing for REST APIs. In International Symposium on Software Testing and Analysis (ISSTA). 312--323. Google ScholarDigital Library
Stefan Karlsson, Adnan Čaušević, and Daniel Sundmark. 2020. QuickREST: property-based test generation of OpenAPI-described RESTful APIs. In International Conference on Software Testing, Validation and Verification (ICST). 131--141. Google ScholarCross Ref
D Richard Kuhn, James M Higdon, James F Lawrence, Raghu N Kacker, and Yu Lei. 2012. Combinatorial methods for event sequence testing. In International Conference on Software Testing, Verification and Validation (ICST). 601--609. Google ScholarCross Ref
D. Richard Kuhn, Raghu N. Kacker, and Yu Lei. 2013. Introduction to combinatorial testing. CRC press.Google Scholar
D. Richard Kuhn and Dolores R. Wallace. 2004. Software fault interactions and implications for software testing. IEEE Transactions on Software Engineering (TSE) 30, 6 (2004), 418--421. Google ScholarDigital Library
Pablo Lamela Seijas, Huiqing Li, and Simon Thompson. 2013. Towards property-based testing of RESTful web services. In ACM SIGPLAN workshop on Erlang. 77--78. Google ScholarDigital Library
Nuno Laranjeiro, João Agnelo, and Jorge Bernardino. 2021. A black box tool for robustness testing of REST services. IEEE Access 9 (2021), 24738--24754. Google ScholarCross Ref
Li Li and Wu Chou. 2015. Compatibility modeling and testing of REST API based on REST chart. In International Conference on Web Information Systems and Technologies. 194--202. Google ScholarCross Ref
Alberto Martin-Lopez. 2020. Automated analysis of inter-parameter dependencies in web APIs. In International Conference on Software Engineering: Companion (ICSE-Companion). 140--142. Google ScholarDigital Library
Alberto Martin-Lopez, Sergio Segura, Carlos Muller, and Antonio Ruiz-Cortés. 2021. Specification and automated analysis of inter-parameter dependencies in web APIs. IEEE Transactions on Services Computing (2021). to-be-published. Google ScholarCross Ref
Alberto Martin-Lopez, Sergio Segura, and Antonio Ruiz-Cortés. 2019. A catalogue of inter-parameter dependencies in RESTful web APIs. In International Conference on Service-Oriented Computing (ICSOC). 399--414. Google ScholarDigital Library
Alberto Martin-Lopez, Sergio Segura, and Antonio Ruiz-Cortés. 2019. Test coverage criteria for RESTful web APIs. In International Workshop on Automating TEST Case Design, Selection, and Evaluation. 15--21. Google ScholarDigital Library
Alberto Martin-Lopez, Sergio Segura, and Antonio Ruiz-Cortés. 2020. RESTest: black-box constraint-based testing of RESTful web APIs. In International Conference on Service-Oriented Computing (ICSOC). 459--475. Google ScholarDigital Library
Flávio Medeiros, Christian Kästner, Márcio Ribeiro, Rohit Gheyi, and Sven Apel. 2016. A comparison of 10 sampling algorithms for configurable systems. In International Conference on Software Engineering (ICSE). 643--654. Google ScholarDigital Library
A Giuliano Mirabella, Alberto Martin-Lopez, Sergio Segura, Luis Valencia-Cabrera, and Antonio Ruiz-Cortés. 2021. Deep learning-based prediction of test input validity for RESTful APIs. In International Workshop on Deep Learning for Testing and Testing for Deep Learning. 9--16. Google ScholarCross Ref
Changhai Nie and Hareton Leung. 2011. A survey of combinatorial testing. Comput. Surveys 43, 2 (2011), 1--29. Google ScholarDigital Library
Justyna Petke, Myra B Cohen, Mark Harman, and Shin Yoo. 2015. Practical combinatorial interaction testing: Empirical findings on efficiency and early fault detection. IEEE Transactions on Software Engineering (TSE) 41, 9 (2015), 901--924. Google ScholarDigital Library
Pedro Victor Pontes Pinheiro, Andre Takeshi Endo, and Adenilso Simao. 2013. Model-based testing of RESTful web services using UML protocol state machines. In Brazilian Workshop on Systematic and Automated Software Testing. 1--10.Google Scholar
Leonard Richardson, Mike Amundsen, Michael Amundsen, and Sam Ruby. 2013. RESTful web APIs: services for a changing world. O'Reilly Media, Inc.Google Scholar
Omur Sahin and Bahriye Akay. 2021. A discrete dynamic artificial bee colony with hyper-scout for RESTful web service API test suite generation. Applied Soft Computing 104 (2021), 107246. Google ScholarDigital Library
Sergio Segura, José A Parejo, Javier Troya, and Antonio Ruiz-Cortés. 2018. Metamorphic testing of RESTful web APIs. IEEE Transactions on Software Engineering 44, 11 (2018), 1083--1099. Google ScholarCross Ref
Emanuele Viglianisi, Michael Dallago, and Mariano Ceccato. 2020. RestTestGen: automated black-box testing of RESTful APIs. In International Conference on Software Testing, Validation and Verification (ICST). 142--152. Google ScholarCross Ref
Diba Vosta. 2020. Evaluation of the t-wise approach for testing REST APIs. Master's thesis. KTH, School of Electrical Engineering and Computer Science.Google Scholar
Henry Vu, Tobias Fertig, and Peter Braun. 2018. Automation of integration testing of RESTful hypermedia systems: A model-driven approach. In International Conference on Web Information Systems and Technologies. 404--411. Google ScholarCross Ref
Huayao Wu, Changhai Nie, Justyna Petke, Yue Jia, and Mark Harman. 2021. Comparative analysis of constraint handling techniques for constrained combinatorial testing. IEEE Transactions on Software Engineering (TSE) 47, 11 (2021), 2549--2562. Google ScholarCross Ref
Man Zhang and Andrea Arcuri. 2021. Adaptive hypermutation for search-based system test generation: A study on REST APIs with EvoMaster. ACM Transactions on Software Engineering and Methodology (TOSEM) 31, 1 (2021), 1--52. Google ScholarDigital Library
Man Zhang and Andrea Arcuri. 2021. Enhancing resource-based test case generation for RESTful APIs with SQL handling. In International Symposium on Search Based Software Engineering (SSBSE). 103--117. Google ScholarDigital Library
Man Zhang, Bogdan Marculescu, and Andrea Arcuri. 2019. Resource-based test case generation for RESTful web services. In Genetic and Evolutionary Computation Conference (GECCO). 1426--1434. Google ScholarDigital Library
Man Zhang, Bogdan Marculescu, and Andrea Arcuri. 2021. Resource and dependency based test case generation for RESTful Web services. Empirical Software Engineering 26, 4 (2021), 1--61. Google ScholarDigital Library

Index Terms

Combinatorial testing of RESTful APIs
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Online testing of RESTful APIs: promises and challenges
ESEC/FSE 2022: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering

Online testing of web APIs—testing APIs in production—is gaining traction in industry. Platforms such as RapidAPI and Sauce Labs provide online testing and monitoring services of web APIs 24/7, typically by re-executing manually designed test cases on ...
Read More
RESTest: automated black-box testing of RESTful web APIs
ISSTA 2021: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis

Testing RESTful APIs thoroughly is critical due to their key role in software integration. Existing tools for the automated generation of test cases in this domain have shown great promise, but their applicability is limited as they mostly rely on ...
Read More
Testing RESTful APIs: A Survey
In industry, RESTful APIs are widely used to build modern Cloud Applications. Testing them is challenging, because not only do they rely on network communications, but also they deal with external services like databases. Therefore, there has been a large ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ICSE '22: Proceedings of the 44th International Conference on Software Engineering
May 2022
2508 pages
ISBN:9781450392211
DOI:10.1145/3510003
General Chair:
Matthew B Dwyer
University of Virginia
,
Program Chairs:
Daniela Damian
University of Victoria, Canada
,
Andreas Zeller
CISPA, Germany
Copyright © 2022 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 5 July 2022
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Badges
- Artifacts Available / v1.1
- Artifacts Evaluated & Reusable / v1.1
Author Tags
RESTful API
combinatorial testing
test case generation
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate276of1,856submissions,15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 10
  Total Citations
  View Citations
- 434
  Total Downloads
- Downloads (Last 12 months)250
- Downloads (Last 6 weeks)25
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Combinatorial testing of RESTful APIs

ICSE '22: Proceedings of the 44th International Conference on Software Engineering

ABSTRACT

References

Cited By

Index Terms

Recommendations

Online testing of RESTful APIs: promises and challenges

RESTest: automated black-box testing of RESTful web APIs

Testing RESTful APIs: A Survey