OAS DB: a shared infrastructure to support OpenAPI research

Bibliographic Details
Main Author: Stoll, Alex Braha
Publication Date: 2022
Format: Master thesis
Language: eng
Source: Biblioteca Digital de Teses e Dissertações da USP
Download full: https://www.teses.usp.br/teses/disponiveis/100/100131/tde-25052022-214725/
Summary: It is common knowledge the great success achieved by the Web in the last decades. Together with the rise of Web systems in general, it came the increase of the number of Web APIs. There are many specifications used to describe an Web API. One of the most popular ones is OpenAPI. This specification allows one to describe all the resources that can be accessed and manipulated through a REST Web API. An OpenAPI specification can be used to perform different kinds of analysis and verification of the service implementing the described API. A common challenge faced by researchers, however, is the lack of shared validation infrastructure or a standard benchmark. The main contribution of our research is a software artifact --- called OAS DB (OpenAPI Specifications Database) --- that aims to provide researchers and industry practitioners with a complete solution to streamline the validation of new OpenAPI related techniques and tools. OAS DB is able to generate complete OpenAPI specifications and their corresponding mock implementations. It is also both capable of injecting faults and anti-patterns in these generated specifications/mock implementations and of indicating --- through machine-readable files --- which issues and anti-patterns are present in the generated assets. We use OAS DB to assess tools relying on both static and dynamic techniques to detect faults and anti-patterns in OpenAPI specifications. Our results indicate that these tools fail to detect relevant faults and anti-patterns in the synthetic APIs generated by OAS DB, indicating that there is room to improve these tools and the ways in which they are applying static and dynamic analysis techniques. The present work also has as contributions: a) a proof of concept REST API anti-pattern detector (which we call Oasis) and b) the description of a novel REST anti-pattern not described in the literature so far
id USP_c899cfb19df75dde5200f9cf9dd4bece
oai_identifier_str oai:teses.usp.br:tde-25052022-214725
network_acronym_str USP
network_name_str Biblioteca Digital de Teses e Dissertações da USP
repository_id_str 2721
spelling OAS DB: a shared infrastructure to support OpenAPI researchOAS DB: uma infraestrutura compartilhada para apoiar a pesquisa envolvendo OpenAPIAnálise estáticaAnti-patternAnti-patternCode generationGeração de programasInjeção de defeitos em softwareOpenAPIOpenAPIRepositórioRepositoryREST APIREST APISoftware fault injectionStatic analysisIt is common knowledge the great success achieved by the Web in the last decades. Together with the rise of Web systems in general, it came the increase of the number of Web APIs. There are many specifications used to describe an Web API. One of the most popular ones is OpenAPI. This specification allows one to describe all the resources that can be accessed and manipulated through a REST Web API. An OpenAPI specification can be used to perform different kinds of analysis and verification of the service implementing the described API. A common challenge faced by researchers, however, is the lack of shared validation infrastructure or a standard benchmark. The main contribution of our research is a software artifact --- called OAS DB (OpenAPI Specifications Database) --- that aims to provide researchers and industry practitioners with a complete solution to streamline the validation of new OpenAPI related techniques and tools. OAS DB is able to generate complete OpenAPI specifications and their corresponding mock implementations. It is also both capable of injecting faults and anti-patterns in these generated specifications/mock implementations and of indicating --- through machine-readable files --- which issues and anti-patterns are present in the generated assets. We use OAS DB to assess tools relying on both static and dynamic techniques to detect faults and anti-patterns in OpenAPI specifications. Our results indicate that these tools fail to detect relevant faults and anti-patterns in the synthetic APIs generated by OAS DB, indicating that there is room to improve these tools and the ways in which they are applying static and dynamic analysis techniques. The present work also has as contributions: a) a proof of concept REST API anti-pattern detector (which we call Oasis) and b) the description of a novel REST anti-pattern not described in the literature so farJá é senso comum o grande sucesso alcançado pela Web nas últimas décadas. Junto à ascensão de sistemas Web em geral, veio também o aumento do número de APIs Web. Há muitas especificaçes usadas para descrever uma API Web. Uma das mais populares é a OpenAPI. Essa especificação permite descrever todos os recursos que podem ser acessados e manipulados por meio de uma API Web REST. Uma especificação OpenAPI pode ser usada para diferentes tipos de análises e verificaçes do serviço que implementa a API descrita. Um desafio comum enfrentado por pesquisadores, no entanto, é a inexistência de infra-estrutura compartilhada de validação ou de um benchmark padrão. A principal contribuição de nossa pesquisa é um artefato de software --- chamado OAS DB (OpenAPI Specifications Database) --- que tem por objetivo fornecer aos pesquisadores e profissionais da indústria uma solução completa para tornar mais eficiente a validação de novas técnicas e ferramentas relacionadas com OpenAPI. OAS DB consegue gerar especificaçes OpenAPI completas e as suas correspondentes implementaçes mock. É também capaz de injetar defeitos e anti-patterns nessas especificaçes/implementaçes mock geradas e também de indicar --- por meio de arquivos processáveis por software --- quais defeitos e anti-patterns estão presentes nesses arquivos gerados. Ferramentas que usam técnicas estáticas e dinâmicas para identificar defeitos e anti-patterns em especificações OpenAPI foram avaliadas usando o OAS DB. Os resultados indicam que essas ferramentas não detectam alguns defeitos e anti-patterns relevantes em APIs sintéticas geradas pela OAS DB. Esses resultados indicam que essas ferramentas e o modo como aplicam técnicas de análise dinâmica e estática podem ser melhorados. Este trabalho também tem como contribuiçes a) uma prova de conceito de dectector de anti-patterns REST (chamado Oasis) e b) a descrição de um novo anti-pattern REST ainda não documentado na literatura relevanteBiblioteca Digitais de Teses e Dissertações da USPChaim, Marcos LordelloStoll, Alex Braha2022-03-28info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttps://www.teses.usp.br/teses/disponiveis/100/100131/tde-25052022-214725/reponame:Biblioteca Digital de Teses e Dissertações da USPinstname:Universidade de São Paulo (USP)instacron:USPLiberar o conteúdo para acesso público.info:eu-repo/semantics/openAccesseng2024-10-09T13:16:04Zoai:teses.usp.br:tde-25052022-214725Biblioteca Digital de Teses e Dissertaçõeshttp://www.teses.usp.br/PUBhttp://www.teses.usp.br/cgi-bin/mtd2br.plvirginia@if.usp.br|| atendimento@aguia.usp.br||virginia@if.usp.bropendoar:27212024-10-09T13:16:04Biblioteca Digital de Teses e Dissertações da USP - Universidade de São Paulo (USP)false
dc.title.none.fl_str_mv OAS DB: a shared infrastructure to support OpenAPI research
OAS DB: uma infraestrutura compartilhada para apoiar a pesquisa envolvendo OpenAPI
title OAS DB: a shared infrastructure to support OpenAPI research
spellingShingle OAS DB: a shared infrastructure to support OpenAPI research
Stoll, Alex Braha
Análise estática
Anti-pattern
Anti-pattern
Code generation
Geração de programas
Injeção de defeitos em software
OpenAPI
OpenAPI
Repositório
Repository
REST API
REST API
Software fault injection
Static analysis
title_short OAS DB: a shared infrastructure to support OpenAPI research
title_full OAS DB: a shared infrastructure to support OpenAPI research
title_fullStr OAS DB: a shared infrastructure to support OpenAPI research
title_full_unstemmed OAS DB: a shared infrastructure to support OpenAPI research
title_sort OAS DB: a shared infrastructure to support OpenAPI research
author Stoll, Alex Braha
author_facet Stoll, Alex Braha
author_role author
dc.contributor.none.fl_str_mv Chaim, Marcos Lordello
dc.contributor.author.fl_str_mv Stoll, Alex Braha
dc.subject.por.fl_str_mv Análise estática
Anti-pattern
Anti-pattern
Code generation
Geração de programas
Injeção de defeitos em software
OpenAPI
OpenAPI
Repositório
Repository
REST API
REST API
Software fault injection
Static analysis
topic Análise estática
Anti-pattern
Anti-pattern
Code generation
Geração de programas
Injeção de defeitos em software
OpenAPI
OpenAPI
Repositório
Repository
REST API
REST API
Software fault injection
Static analysis
description It is common knowledge the great success achieved by the Web in the last decades. Together with the rise of Web systems in general, it came the increase of the number of Web APIs. There are many specifications used to describe an Web API. One of the most popular ones is OpenAPI. This specification allows one to describe all the resources that can be accessed and manipulated through a REST Web API. An OpenAPI specification can be used to perform different kinds of analysis and verification of the service implementing the described API. A common challenge faced by researchers, however, is the lack of shared validation infrastructure or a standard benchmark. The main contribution of our research is a software artifact --- called OAS DB (OpenAPI Specifications Database) --- that aims to provide researchers and industry practitioners with a complete solution to streamline the validation of new OpenAPI related techniques and tools. OAS DB is able to generate complete OpenAPI specifications and their corresponding mock implementations. It is also both capable of injecting faults and anti-patterns in these generated specifications/mock implementations and of indicating --- through machine-readable files --- which issues and anti-patterns are present in the generated assets. We use OAS DB to assess tools relying on both static and dynamic techniques to detect faults and anti-patterns in OpenAPI specifications. Our results indicate that these tools fail to detect relevant faults and anti-patterns in the synthetic APIs generated by OAS DB, indicating that there is room to improve these tools and the ways in which they are applying static and dynamic analysis techniques. The present work also has as contributions: a) a proof of concept REST API anti-pattern detector (which we call Oasis) and b) the description of a novel REST anti-pattern not described in the literature so far
publishDate 2022
dc.date.none.fl_str_mv 2022-03-28
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://www.teses.usp.br/teses/disponiveis/100/100131/tde-25052022-214725/
url https://www.teses.usp.br/teses/disponiveis/100/100131/tde-25052022-214725/
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv
dc.rights.driver.fl_str_mv Liberar o conteúdo para acesso público.
info:eu-repo/semantics/openAccess
rights_invalid_str_mv Liberar o conteúdo para acesso público.
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.coverage.none.fl_str_mv
dc.publisher.none.fl_str_mv Biblioteca Digitais de Teses e Dissertações da USP
publisher.none.fl_str_mv Biblioteca Digitais de Teses e Dissertações da USP
dc.source.none.fl_str_mv
reponame:Biblioteca Digital de Teses e Dissertações da USP
instname:Universidade de São Paulo (USP)
instacron:USP
instname_str Universidade de São Paulo (USP)
instacron_str USP
institution USP
reponame_str Biblioteca Digital de Teses e Dissertações da USP
collection Biblioteca Digital de Teses e Dissertações da USP
repository.name.fl_str_mv Biblioteca Digital de Teses e Dissertações da USP - Universidade de São Paulo (USP)
repository.mail.fl_str_mv virginia@if.usp.br|| atendimento@aguia.usp.br||virginia@if.usp.br
_version_ 1826319269231591424

Similar Items