On GitHub, we found code that mistakenly attempts to make a request to https://api. spotify.com/v1/seach , as opposed to invoking the correct URL ending with /search .
This is what I mean by stone-age why don’t we have more static support on checking stupid errors like that!
A programmer wishing to avoid such errors can manually assess the correctness of web API requests by consulting the API’s (online) documentation or formal web API specifications. Such specifications, like the OpenAPI Specification (or formerly known as Swagger ), can be created by API providers or third parties to document valid URLs, HTTP methods, as well as inputs and outputs that a web API expects.Getting out the stone-age: our static checker on web API requests
In essence, our tool automates this manual process by doing two things:
First, our approach extracts a request’s URL string, HTTP method, and the corresponding request data using an inter-procedural string analysis
This task is not super easy task because we need an inter-procedural static program analysis capable of extracting strings. Yunhui has described the magic behind this analysis .
Making use of available Swagger specifications for the definitions of valid URLs, HTTP methods, and data. Our approach checks whether the request extracted from the first step conforms to given web API specifications. Erik has shared some interesting insights about these specifications in aprevious post.Our check is quite precise!
If you ask me, this numbers mean that we are ready to deploy our approach!Atom plug-in
And we have! Our checker is already integrated as a plug-in in Atom, as described in Erik’s previous post! It can also be integrated with continuous integration tools to warn programmers about code containing potentially erroneous requests.