SafeRESTScript: Statically Checking REST API Consumers
Nuno Burnay, Ant\'onia Lopes, Vasco T. Vasconcelos
TL;DR
SafeRESTScript is a static analysis language that enables early detection of REST API call errors in web applications, improving reliability and developer productivity by catching issues before runtime.
Contribution
It introduces SafeRESTScript, a JavaScript-like language with rich types and native REST call validation against API specifications written in HeadREST.
Findings
Successfully detects missing or invalid data in REST calls
Supports semantic validation of REST APIs with refinement types
Prototype implementation available as an Eclipse plugin
Abstract
Consumption of REST services has become a popular means of invoking code provided by third parties, particularly in web applications. Nowadays programmers of web applications can choose TypeScript over JavaScript to benefit from static type checking that enables validating calls to local functions or to those provided by libraries. Errors in calls to REST services, however, can only be found at run-time. In this paper, we present SafeRESTScript (SRS, for short) a language that extends the support of static analysis to calls to REST services, with the ability to statically find common errors such as missing or invalid data in REST calls and misuse of the results from such calls. SafeRESTScript features a syntax similar to JavaScript and is equipped with (i) a rich collection of types (including objects, arrays and refinement types)and (ii) primitives to natively support REST calls that…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsLogic, programming, and type systems · Web Application Security Vulnerabilities · Security and Verification in Computing