6,725 research outputs found
Statically Checking Web API Requests in JavaScript
Many JavaScript applications perform HTTP requests to web APIs, relying on
the request URL, HTTP method, and request data to be constructed correctly by
string operations. Traditional compile-time error checking, such as calling a
non-existent method in Java, are not available for checking whether such
requests comply with the requirements of a web API. In this paper, we propose
an approach to statically check web API requests in JavaScript. Our approach
first extracts a request's URL string, HTTP method, and the corresponding
request data using an inter-procedural string analysis, and then checks whether
the request conforms to given web API specifications. We evaluated our approach
by checking whether web API requests in JavaScript files mined from GitHub are
consistent or inconsistent with publicly available API specifications. From the
6575 requests in scope, our approach determined whether the request's URL and
HTTP method was consistent or inconsistent with web API specifications with a
precision of 96.0%. Our approach also correctly determined whether extracted
request data was consistent or inconsistent with the data requirements with a
precision of 87.9% for payload data and 99.9% for query data. In a systematic
analysis of the inconsistent cases, we found that many of them were due to
errors in the client code. The here proposed checker can be integrated with
code editors or with continuous integration tools to warn programmers about
code containing potentially erroneous requests.Comment: International Conference on Software Engineering, 201
Towards property-based testing of RESTful web services
Developing APIs as Web Services over HTTP implies adding an extra layer to software, compared to the ones that we would need to develop an API distributed as, for example, a library. This additional layer must be included in testing too, but this implies that the software under test has an additional complexity due both to the need to use an intermediate protocol in tests and to the need to test compliance with the constraints imposed by that protocol: in this case the constraints defined by the REST architectural style. On the other hand, these requirements are common to all the Web Services, and because of that, we should be able to abstract this aspect of the testing model so that we can reuse it in testing any Web Service. In this paper, as a first step towards automating the testing of Web Services over HTTP, we describe a practical mechanism and model for testing RESTful Web Services without side effects and give an example of how we successfully adapted that mechanism to test two different existing Web Services: Storage Room by Thriventures and Google Tasks by Google. For this task we have used Erlang together with state machine models in the property-based testing tool Quviq QuickCheck, implemented using the statem module. 1
Granular confidentiality and integrity of JSON messages
Modern web and mobile-based applications exchange information with each other and with other services, through specific APIs that extend the applications multipart functionality and enable interoperable information exchange. Currently these mechanisms are implemented through the usage of RESTful APIs and data interchange is performed using the JSON format over the HTTP or HTTPS protocol. Most of the times, due to specific security requirements, the SSL/TLS protocol is used to create a secure authenticated channel between the two- communicating service end-points, where all the content is encrypted. This is an important security feature if the sender and the receptor are the only communicating parties, however this may not be the case. In this paper, a granular mechanism for selectively offering confidentiality and integrity to JSON messages, through the usage of public-key cryptography is presented. The proposed mechanism, as take in to consideration already existing mechanisms, such as XML security, to best fit developers’ acquaintance. In this paper, we will present the proposal of the syntax for the secure JSON format (SecJSON) and present a prototype implementation of that particular specification that was created to offer developers, written in Javascript and Node.JS, the possibility to offer this security mechanism into their own services and applications
User friendly knowledge acquisition system for medical devices actuation
Dissertação para obtenção do Grau de Mestre em
Engenharia BiomédicaInternet provides a new environment to develop a variety of applications. Hence,
large amounts of data, increasing every day, are stored and transferred through the internet.
These data are normally weakly structured making information disperse, uncorrelated,
non-transparent and difficult to access and share. Semantic Web, proposed by
theWorldWideWeb Consortium (W3C), addresses this problem by promoting semantic
structured data, like ontologies, enabling machines to perform more work involved in
finding, combining, and acting upon information on theWeb.
Pursuing this vision, a Knowledge Acquisition System (KAS) was created, written
in JavaScript using JavaScript Object Notation (JSON) as the data structure and JSON
Schema to define that structure. It grants new ways to acquire and store knowledge
semantically structured and human readable. Plus, structuring data with a Schema generates
a software robust and error – free.
A novel Human Computer Interaction (HCI) framework was constructed employing
this KAS, allowing the end user to configure and control medical devices. To demonstrate
the potential of this tool, we present the configuration and control of an electrostimulator.
Nowadays, most of the software for Electrostimulation is made with specific purposes,
and in some cases they have complicated user interfaces and large, bulky designs
that deter usability and acceptability. The HCI concedes the opportunity to configure
and control an electrostimulator that surpasses the specific use of several electrostimulator
software. In the configuration the user is able to compile different types of electrical
impulses (modes) in a temporal session, automating the control, making it simple and
user-friendly
- …