Modern
web
applications
make
extensive
use
of
API
calls
to
update
the
UI
state
in
response
user
events
or
server-side
changes.
For
such
applications,
API-level
testing
can
play
an
important
role,
in-between
unit-level
and
UI-level
(or
end-to-end)
testing.
Existing
tools
require
specifications
(e.g.,
OpenAPI),
which
often
may
not
be
available
or,
when
available,
inconsistent
with
implementation,
thus
limiting
applicability
automated
applications.
In
this
paper,
we
present
approach
that
leverages
enable
for
Our
technique
navigates
application
under
test
automatically
generates
suite,
along
OpenAPI
specification
describes
application's
APIs
(for
REST-based
applications).
A
key
element
our
solution
is
a
dynamic
inferring
endpoints
path
parameters
via
navigation
directed
probing.
We
evaluated
its
accuracy
effectiveness
"carved"
tests.
results
on
seven
open-source
show
achieves
98%
precision
56%
recall
endpoints.
The
carved
tests,
added
suites
generated
by
two
REST
tools,
increase
statement
coverage
52%
29%
branch
99%
75%,
average.
main
benefits
are:
(1)
it
enables
cases
where
existing
are
inapplicable
(2)
creates
cover
code
efficiently
while
exercising
as
they
would
invoked
from
UI,
augment
suites.
The
widespread
adoption
of
REST
APIs,
coupled
with
their
growing
complexity
and
size,
has
led
to
the
need
for
automated
API
testing
tools.
Current
tools
focus
on
structured
data
in
specifications
but
often
neglect
valuable
insights
available
unstructured
natural-language
descriptions
specifications,
which
leads
suboptimal
test
coverage.
Recently,
address
this
gap,
researchers
have
developed
techniques
that
extract
rules
from
these
human-readable
query
knowledge
bases
derive
meaningful
input
values.
However,
are
limited
types
they
can
prone
produce
inaccurate
results.
This
paper
presents
RESTGPT,
an
innovative
approach
leverages
power
intrinsic
context-awareness
Large
Language
Models
(LLMs)
improve
testing.
RESTGPT
takes
as
specification,
extracts
machine-interpretable
rules,
generates
example
parameter
values
specification.
It
then
augments
original
specification
Our
evaluations
indicate
outperforms
existing
both
rule
extraction
value
generation.
Given
promising
results,
we
outline
future
research
directions
advancing
through
LLMs.
Web
APIs
following
the
REST
architectural
style
(so-called
RESTful
web
APIs)
have
become
de-facto
standard
for
software
integration.
As
gain
momentum,
so
does
testing
of
them.
However,
there
is
a
lack
mechanisms
to
assess
adequacy
approaches
in
this
context,
which
makes
it
difficult
automatically
measure
and
compare
their
effectiveness.
In
paper,
we
first
present
set
ten
coverage
criteria
that
allow
determine
degree
test
suite
exercises
different
inputs
(i.e.
requests)
outputs
responses)
API.
We
then
arrange
proposed
into
eight
Test
Coverage
Levels
(TCLs),
where
TCL0
represents
weakest
level
TCL7
strongest
one.
This
enables
automated
assessment
comparison
techniques
according
overall
TCL
achieved
by
generated
suites.
Our
evaluation
results
on
two
open-source
with
real
bugs
show
levels
nicely
correlate
code
fault
detection
measurements.
ACM Transactions on Software Engineering and Methodology,
Journal Year:
2020,
Volume and Issue:
29(4), P. 1 - 31
Published: July 6, 2020
Automated
system
test
generation
for
web/enterprise
systems
requires
either
a
sequence
of
actions
on
GUI
(e.g.,
clicking
HTML
links
and
form
buttons)
or
direct
HTTP
calls
when
dealing
with
web
services
REST
SOAP).
When
doing
white-box
testing
such
systems,
their
code
can
be
analyzed,
the
same
type
heuristics
branch
distance
)
used
in
search-based
unit
employed
to
improve
performance.
However,
do
often
interact
database.
To
obtain
higher
coverage
find
new
faults,
state
databases
needs
taken
into
account
generating
tests.
In
this
work,
we
present
novel
heuristic
enhance
software
which
takes
accessed
databases.
Furthermore,
enable
SQL
data
directly
from
cases.
This
is
useful
it
too
difficult
time
consuming
generate
right
events
put
database
state.
Also,
that
are
“read-only”
under
test,
actual
generated
by
other
services.
We
implemented
our
technique
as
an
extension
E
VO
M
ASTER
,
where
tests
JUnit
format.
Experiments
six
RESTful
APIs
(five
open-source
one
industrial)
show
techniques
significantly
(up
+16.5%),
finding
seven
faults
those
systems.
Modern
web
applications
make
extensive
use
of
API
calls
to
update
the
UI
state
in
response
user
events
or
server-side
changes.
For
such
applications,
API-level
testing
can
play
an
important
role,
in-between
unit-level
and
UI-level
(or
end-to-end)
testing.
Existing
tools
require
specifications
(e.g.,
OpenAPI),
which
often
may
not
be
available
or,
when
available,
inconsistent
with
implementation,
thus
limiting
applicability
automated
applications.
In
this
paper,
we
present
approach
that
leverages
enable
for
Our
technique
navigates
application
under
test
automatically
generates
suite,
along
OpenAPI
specification
describes
application's
APIs
(for
REST-based
applications).
A
key
element
our
solution
is
a
dynamic
inferring
endpoints
path
parameters
via
navigation
directed
probing.
We
evaluated
its
accuracy
effectiveness
"carved"
tests.
results
on
seven
open-source
show
achieves
98%
precision
56%
recall
endpoints.
The
carved
tests,
added
suites
generated
by
two
REST
tools,
increase
statement
coverage
52%
29%
branch
99%
75%,
average.
main
benefits
are:
(1)
it
enables
cases
where
existing
are
inapplicable
(2)
creates
cover
code
efficiently
while
exercising
as
they
would
invoked
from
UI,
augment
suites.
