REST APIs have a pivotal role in accessing protected resources within cyberspace. Despite the availability of security testing tools, mass assignment vulnerabilities are common, yielding unauthorized access to sensitive data. We propose a lightweight approach to mine the REST API specifications and identify operations and attributes that are prone to mass assignment. We conducted a preliminary study on 100 APIs and found 25 prone to this vulnerability. We confirmed nine real vulnerable operations in six open-source APIs.

翻译：REST API 在网络空间访问受保护资源中扮演着关键角色。尽管存在安全测试工具，但大规模赋值漏洞仍然普遍存在，导致敏感数据被未经授权访问。我们提出了一种轻量级方法，用于挖掘 REST API 规约并识别易受大规模赋值影响的操作和属性。我们对100个API进行了初步研究，发现其中25个易于遭受此漏洞。我们在六个开源API中确认了九个真实存在漏洞的操作。