Modern web services increasingly rely on REST APIs. Effectively testing these APIs is challenging due to the vast search space to be explored, which involves selecting API operations for sequence creation, choosing parameters for each operation from a potentially large set of parameters, and sampling values from the virtually infinite parameter input space. Current testing tools lack efficient exploration mechanisms, treating all operations and parameters equally (i.e., not considering their importance or complexity) and lacking prioritization strategies. Furthermore, these tools struggle when response schemas are absent in the specification or exhibit variants. To address these limitations, we present an adaptive REST API testing technique that incorporates reinforcement learning to prioritize operations and parameters during exploration. Our approach dynamically analyzes request and response data to inform dependent parameters and adopts a sampling-based strategy for efficient processing of dynamic API feedback. We evaluated our technique on ten RESTful services, comparing it against state-of-the-art REST testing tools with respect to code coverage achieved, requests generated, operations covered, and service failures triggered. Additionally, we performed an ablation study on prioritization, dynamic feedback analysis, and sampling to assess their individual effects. Our findings demonstrate that our approach outperforms existing REST API testing tools in terms of effectiveness, efficiency, and fault-finding ability.

翻译：现代Web服务越来越依赖于REST API。由于需要探索庞大的搜索空间——包括选择用于序列创建的API操作、从潜在的大量参数中为每个操作选择参数、以及从几乎无限的参数输入空间中采样值——有效测试这些API极具挑战性。现有测试工具缺乏高效的探索机制，将所有操作和参数同等对待（即未考虑其重要性或复杂性），且缺乏优先级排序策略。此外，当规范中缺失响应模式或存在变体时，这些工具会陷入困境。为解决上述局限性，我们提出一种自适应REST API测试技术，该技术融合强化学习以在探索过程中优先处理操作和参数。我们的方法动态分析请求与响应数据以推断相关参数，并采用基于采样的策略高效处理动态API反馈。我们在十个REST服务上评估了该技术，并将其与当前最先进的REST测试工具在代码覆盖率、生成请求数、操作覆盖率和触发的服务故障数方面进行了对比。此外，我们针对优先级排序、动态反馈分析和采样进行了消融研究，以评估其各自影响。实验结果表明，我们的方法在有效性、效率和故障发现能力方面均优于现有REST API测试工具。