REST APIs have a pivotal role in accessing protected resources. Despite the availability of security testing tools, mass assignment vulnerabilities are common in REST APIs, leading to unauthorized manipulation of sensitive data. We propose a lightweight approach to mine the REST API specifications and identify operations and attributes that are prone to mass assignment. We conducted a preliminary study on 100 APIs and found 25 prone to this vulnerability. We confirmed nine real vulnerable operations in six APIs.

翻译：REST API在访问受保护资源中起着关键作用。尽管已有安全测试工具可用，批量赋值漏洞在REST API中仍普遍存在，导致敏感数据被未授权操作。我们提出了一种轻量级方法，用于挖掘REST API规范并识别易受批量赋值影响的操作和属性。我们对100个API进行了初步研究，发现其中25个存在此漏洞倾向。我们在6个API中确认了9个真实存在漏洞的操作。