TY - GEN
T1 - Search-Based Mock Generation of External Web Service Interactions
AU - Seran, Susruthan
AU - Zhang, Man
AU - Arcuri, Andrea
N1 - Publisher Copyright:
© 2024, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2024
Y1 - 2024
N2 - Testing large and complex enterprise software systems can be a challenging task. This is especially the case when the functionality of the system depends on interactions with other external services over a network (e.g., external REST APIs). Although several techniques in the research literature have been shown to be effective at generating test cases in many different software testing contexts, dealing with external services is still a major research challenge. In industry, a common approach is to mock external web services for testing purposes. However, generating and configuring mock web services can be a very time-consuming task. Furthermore, external services may not be under the control of the same developers of the tested application. In this paper, we present a novel search-based approach aimed at fully automated mocking external web services as part of white-box, search-based fuzzing. We rely on code instrumentation to detect all interactions with external services, and how their response data is parsed. We then use such information to enhance a search-based approach for fuzzing. The tested application is automatically modified (by manipulating DNS lookups) to rather interact with instances of mock web servers. The search process not only generates inputs to the tested applications, but also it automatically setups responses in those mock web server instances, aiming at maximizing code coverage and fault-finding. An empirical study on 3 open-source REST APIs from EMB, and one industrial API from an industry partner, shows the effectiveness of our novel techniques, i.e., significantly improves code coverage and fault detection.
AB - Testing large and complex enterprise software systems can be a challenging task. This is especially the case when the functionality of the system depends on interactions with other external services over a network (e.g., external REST APIs). Although several techniques in the research literature have been shown to be effective at generating test cases in many different software testing contexts, dealing with external services is still a major research challenge. In industry, a common approach is to mock external web services for testing purposes. However, generating and configuring mock web services can be a very time-consuming task. Furthermore, external services may not be under the control of the same developers of the tested application. In this paper, we present a novel search-based approach aimed at fully automated mocking external web services as part of white-box, search-based fuzzing. We rely on code instrumentation to detect all interactions with external services, and how their response data is parsed. We then use such information to enhance a search-based approach for fuzzing. The tested application is automatically modified (by manipulating DNS lookups) to rather interact with instances of mock web servers. The search process not only generates inputs to the tested applications, but also it automatically setups responses in those mock web server instances, aiming at maximizing code coverage and fault-finding. An empirical study on 3 open-source REST APIs from EMB, and one industrial API from an industry partner, shows the effectiveness of our novel techniques, i.e., significantly improves code coverage and fault detection.
KW - Automated Mock Generation
KW - Microservices
KW - Search-Based Test Generation
KW - Search-based Software Engineering
UR - https://www.scopus.com/pages/publications/85180530355
U2 - 10.1007/978-3-031-48796-5_4
DO - 10.1007/978-3-031-48796-5_4
M3 - 会议稿件
AN - SCOPUS:85180530355
SN - 9783031487958
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 52
EP - 66
BT - Search-Based Software Engineering - 15th International Symposium, SSBSE 2023, Proceedings
A2 - Arcaini, Paolo
A2 - Yue, Tao
A2 - Fredericks, Erik M.
PB - Springer Science and Business Media Deutschland GmbH
T2 - 15th International Symposium on Search-Based Software Engineering, SSBSE 2023
Y2 - 8 December 2023 through 8 December 2023
ER -