SlideShare a Scribd company logo

Deviation Testing: A Test Case Generation Technique for GraphQL APIs by Daniela Meneses Vargas, Andreina Cota Vidaurre

FAST
FAST

GraphQL is a flexible and expressive query language. With the objective to replace the flawed and inefficient REST architectural style, GraphQL has been adopted by numerous online APIs and services. Despite its popularity, testing theimplementation of a GraphQL schema is a crucial and still an open problem. We found that classical techniques of test generation may be efficiently applied to GraphQL server. We propose a simple but expressive technique called deviation testing that automatically searches for anomalies in the way a schema is served. We demonstrate the feasibility of our approach using an implementation of GraphQL for Pharo and VisualWorks. Running our technique on the popular Yelp and Apollo GraphQL server uncovered several anomalies in the way the schema is served.

Technology
1 of 30
Download to read offline
Deviation Testing A Test Case Generation Technique for GraphQL APIs Daniela Meneses Vargas Alison Fernández Blanco Andreina Cota Vidaurre Juan Pablo Sandoval Alcocer Milton Mamani Torres Alexandre Bergel Stéphane Ducasse
What is GraphQL?
REST (Representational State Transfer) ● REST has become the standard for designing web APIS ● Offers some great ideas, such as stateless server and structured access to resources ● It has shown to be too inflexible to keep up with the rapidly changing requirements of the clients that access them
REST - Overfetching { "film": { "id" : 1, "name" : "Schindler's List", "imageUrl" : "https://someimageurl.com/uxs.png", "rating" : 5, "gender" : "ACTION", "director" : { "name" : "James Cameron" } } } HTTP GET: /film/<id> Schindler's List
REST - Underfetching HTTP GET: /director/<id> /director/<id>/films /director/<id>/roleDirector: Steven Spielberg Films: Jurassic Park, War House, Indiana Jones Role: Film Director
GraphQL Query language and the execution engine of queries by using a type system you define for your data. ● GraphQL is not dealing with dedicated resources ● In GraphQL the server declares what resources are available and the client asks for what it needs
GraphQL - Schema type Query { director(id: Int): Director allFilms: [Film] film(id: Int): Film } type Director { name: String! id: Int! films: [Film] role: String imgUrl: String } type Film { name: String! director: Director rating: Int gender: String imgUrl: String } Schema Query All the types that are exposed in an API are written down in a schema using the SDL. Schema server as a contract between the client and the server { director(id: 1){ name films { name } role imgUrl } }
GraphQL HTTP POSTDirector: Steven Spielberg Films: Jurassic Park, War House, Indiana Jones Role: Film Director { director(id: 1){ name films { name } role imgUrl } } { "data": { "director": { "name": "Steven Spielberg", "films": [ { "name": "Jurassic Park", ...} ], "role": "Film Director", "imgUrl": "https://asd.com/qwerte.png" } } }
SGraphQL - GraphQL in Smalltalk https://github.com/OBJECTSEMANTICS/GraphQL
GraphQL AutoTest
Deviation Testing Technique that measures the difference between a test case and its automatic generated variations (deviations). The goal is increase the test coverage and help to find potential bugs in any GraphQL implementation.
Deviation Testing Workflow
Deviation Rules
Fields Selection Deviation { allFilms { name rating gender director { name } } } { allFilms { name rating gender } }
Fields Deviation Result Comparison { allFilms { name rating gender director { name } } } { "allFilms" : [ { "name" : "terminator", "rating" : 5, "gender" : "ACTION", "director" : { "name" : "James Cameron" } }, { "name" : "Star wars: New Hope", "rating" : 9, "gender" : "SCIENCE_FICTION", "director" : { "name" : "George Lucas" } } ] }
Fields Deviation Result Comparison { allFilms { name rating gender } } { "allFilms" : [ { "name" : "terminator", "rating" : 5, "gender" : "ACTION" }, { "name" : "Star wars: New Hope", "rating" : 9, "gender" : "SCIENCE_FICTION" } ] }
{ "allFilms" : [ { "name" : "terminator", "rating" : 5, "gender" : "ACTION", "director" : { "name" : "James Cameron" } }, { "name" : "Star wars: New Hope", "rating" : 9, "gender" : "SCIENCE_FICTION", "director" : { "name" : "George Lucas" } } ] } Fields Deviation Result Comparison { "allFilms" : [ { "name" : "terminator", "rating" : 5, "gender" : "ACTION" }, { "name" : "Star wars: New Hope", "rating" : 9, "gender" : "SCIENCE_FICTION" } ] }
Empty Field Deviation { film(id: 1) { name rating gender director { name } } } { film(id: 1) { } }
Empty Field Deviation { film(id: 1) { } } { "errors": [ { "message": "Syntax Error: Expected Name, found }", "locations": [ { "line": 4, "column": 3 } ] } ] }
Non Null Deviation { film(id: 1) { name rating gender director { name } } } { film(id: null) { name rating gender director { name } } }
Non Null Deviation { film(id: null) { name rating gender director { name } } } { "errors": [ { "message": "must provide an id", "locations": [ { "line": 2, "column": 12 } ], "path": [ "film" ] } ], "data": { "film": null } }
Type Deviation { film(id: “bad id”) { name rating gender director { name } } } { "errors": [ { "message": "No valid ID extracted from 1", "locations": [ { "line": 2, "column": 12 } ], "path": [ "film" ] } ], "data": { "film": null } }
Type Deviation { film(id: 1) { name rating gender director { name } } } { film(id: “bad id”) { name rating gender director { name } } }
Running the test generator 1 2 3 4
Case Studies Application Passed Failed Total Deviations Failed Smalltalk 38 10 48 Argument Types Empty Field Selections Yelp 90 5 95 Empty Field Selections Apollo 134 0 134 None
Future Work ● Add more deviation rules ● Support for multiple initial queries
Conclusions ● We created a tool to test a GraphQL standard compliance by creating deviated queries from the original and comparing the responses. ● We run the tool against SGraphQL Demo API, Yelp and Apollo Demo API; finding on two of them problems in the implementation of GraphQL standard.
Thanks! Semantics www.semantics.bo semantics.bolivia@gmail.com Daniela Meneses daniela11290@gmail.com Andreina Cota andycotvy@gmail.com
Implementation - Iterators
Implementation - Mutators

Recommended

GraphQL with Sangria
GraphQL with SangriaGraphQL with Sangria
GraphQL with SangriaAnthony SSI YAN KAI
 
Recommendations with Neo4j (FOSDEM 2015)
Recommendations with Neo4j (FOSDEM 2015)Recommendations with Neo4j (FOSDEM 2015)
Recommendations with Neo4j (FOSDEM 2015)GraphAware
 
Recommendations with Neo4j (FOSDEM 2015)
Recommendations with Neo4j (FOSDEM 2015)Recommendations with Neo4j (FOSDEM 2015)
Recommendations with Neo4j (FOSDEM 2015)Michal Bachman
 
Neo4j
Neo4jNeo4j
Neo4jGeorge Eleftheriadis
 
Microsoft cloud workshop - automated cloud service for MongoDB on Microsoft A...
Microsoft cloud workshop - automated cloud service for MongoDB on Microsoft A...Microsoft cloud workshop - automated cloud service for MongoDB on Microsoft A...
Microsoft cloud workshop - automated cloud service for MongoDB on Microsoft A...Chris Grabosky
 
GraphQL Overview and Practice
GraphQL Overview and PracticeGraphQL Overview and Practice
GraphQL Overview and PracticeSamuel slow
 
An introduction to Scala.js
An introduction to Scala.jsAn introduction to Scala.js
An introduction to Scala.jsKnoldus Inc.
 
Using Stargate APIs for Cassandra-Backed Applications
Using Stargate APIs for Cassandra-Backed ApplicationsUsing Stargate APIs for Cassandra-Backed Applications
Using Stargate APIs for Cassandra-Backed ApplicationsNordic APIs
 

Recommended

GraphQL with Sangria
GraphQL with SangriaGraphQL with Sangria
GraphQL with SangriaAnthony SSI YAN KAI
 
Recommendations with Neo4j (FOSDEM 2015)
Recommendations with Neo4j (FOSDEM 2015)Recommendations with Neo4j (FOSDEM 2015)
Recommendations with Neo4j (FOSDEM 2015)GraphAware
 
Recommendations with Neo4j (FOSDEM 2015)
Recommendations with Neo4j (FOSDEM 2015)Recommendations with Neo4j (FOSDEM 2015)
Recommendations with Neo4j (FOSDEM 2015)Michal Bachman
 
Neo4j
Neo4jNeo4j
Neo4jGeorge Eleftheriadis
 
Microsoft cloud workshop - automated cloud service for MongoDB on Microsoft A...
Microsoft cloud workshop - automated cloud service for MongoDB on Microsoft A...Microsoft cloud workshop - automated cloud service for MongoDB on Microsoft A...
Microsoft cloud workshop - automated cloud service for MongoDB on Microsoft A...Chris Grabosky
 
GraphQL Overview and Practice
GraphQL Overview and PracticeGraphQL Overview and Practice
GraphQL Overview and PracticeSamuel slow
 
An introduction to Scala.js
An introduction to Scala.jsAn introduction to Scala.js
An introduction to Scala.jsKnoldus Inc.
 
Using Stargate APIs for Cassandra-Backed Applications
Using Stargate APIs for Cassandra-Backed ApplicationsUsing Stargate APIs for Cassandra-Backed Applications
Using Stargate APIs for Cassandra-Backed ApplicationsNordic APIs
 
Threads, Critical Sections, and Termination
Threads, Critical Sections, and TerminationThreads, Critical Sections, and Termination
Threads, Critical Sections, and TerminationFAST
 
OOP with Smalltalk
OOP with SmalltalkOOP with Smalltalk
OOP with SmalltalkFAST
 
Powerlang: a Vehicle for Lively Implementing Programming Languages
Powerlang: a Vehicle for Lively Implementing Programming LanguagesPowerlang: a Vehicle for Lively Implementing Programming Languages
Powerlang: a Vehicle for Lively Implementing Programming LanguagesFAST
 
Constructing 3D scenes with Woden Engine
Constructing 3D scenes with Woden EngineConstructing 3D scenes with Woden Engine
Constructing 3D scenes with Woden EngineFAST
 
Demystifying the creation of coding tools
Demystifying the creation of coding toolsDemystifying the creation of coding tools
Demystifying the creation of coding toolsFAST
 
Application Starter: the entry point for your application
Application Starter: the entry point for your applicationApplication Starter: the entry point for your application
Application Starter: the entry point for your applicationFAST
 
Improving the Pharo VM
Improving the Pharo VMImproving the Pharo VM
Improving the Pharo VMFAST
 
What is (not) Pharo 8?
What is (not) Pharo 8?What is (not) Pharo 8?
What is (not) Pharo 8?FAST
 
Stargate: an interstellar journey to RESTful APIs
Stargate: an interstellar journey to RESTful APIsStargate: an interstellar journey to RESTful APIs
Stargate: an interstellar journey to RESTful APIsFAST
 
Opening Smalltalks 2019
Opening Smalltalks 2019Opening Smalltalks 2019
Opening Smalltalks 2019FAST
 
Smalltalk Computers, Past and Future by Jecel Mattos de Assumpção Jr
Smalltalk Computers, Past and Future by Jecel Mattos de Assumpção JrSmalltalk Computers, Past and Future by Jecel Mattos de Assumpção Jr
Smalltalk Computers, Past and Future by Jecel Mattos de Assumpção JrFAST
 
Adaptive Compilation by Jecel Mattos de Assumpção Jr
Adaptive Compilation by Jecel Mattos de Assumpção JrAdaptive Compilation by Jecel Mattos de Assumpção Jr
Adaptive Compilation by Jecel Mattos de Assumpção JrFAST
 
Choosing where to run our objects: the S8 Smalltalk approach by Description:F...
Choosing where to run our objects: the S8 Smalltalk approach by Description:F...Choosing where to run our objects: the S8 Smalltalk approach by Description:F...
Choosing where to run our objects: the S8 Smalltalk approach by Description:F...FAST
 
Using 128 GPU cores, Tensorflow and VASmalltalk to detect Kolsh beers with ES...
Using 128 GPU cores, Tensorflow and VASmalltalk to detect Kolsh beers with ES...Using 128 GPU cores, Tensorflow and VASmalltalk to detect Kolsh beers with ES...
Using 128 GPU cores, Tensorflow and VASmalltalk to detect Kolsh beers with ES...FAST
 
Improving VASmalltalk deployment, availability and scalability with Docker by...
Improving VASmalltalk deployment, availability and scalability with Docker by...Improving VASmalltalk deployment, availability and scalability with Docker by...
Improving VASmalltalk deployment, availability and scalability with Docker by...FAST
 
VASmalltalk and Raspberry Pi powering the largest MIDI instrument of the world
VASmalltalk and Raspberry Pi powering the largest MIDI instrument of the worldVASmalltalk and Raspberry Pi powering the largest MIDI instrument of the world
VASmalltalk and Raspberry Pi powering the largest MIDI instrument of the worldFAST
 
Hands-on Raspberry Pi and VA Smalltalk - Starting Workshop
Hands-on Raspberry Pi and VA Smalltalk - Starting WorkshopHands-on Raspberry Pi and VA Smalltalk - Starting Workshop
Hands-on Raspberry Pi and VA Smalltalk - Starting WorkshopFAST
 
Live typing: Update and what's next by Hernan Wilkinson
Live typing: Update and what's next by Hernan WilkinsonLive typing: Update and what's next by Hernan Wilkinson
Live typing: Update and what's next by Hernan WilkinsonFAST
 
Enhanced Email Protocol Framework for VAST by Seth Berman
Enhanced Email Protocol Framework for VAST by Seth BermanEnhanced Email Protocol Framework for VAST by Seth Berman
Enhanced Email Protocol Framework for VAST by Seth BermanFAST
 
VA Smalltalk Product Update by Seth Berman
VA Smalltalk Product Update by Seth BermanVA Smalltalk Product Update by Seth Berman
VA Smalltalk Product Update by Seth BermanFAST
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 

More Related Content

More from FAST

Threads, Critical Sections, and Termination
Threads, Critical Sections, and TerminationThreads, Critical Sections, and Termination
Threads, Critical Sections, and TerminationFAST
 
OOP with Smalltalk
OOP with SmalltalkOOP with Smalltalk
OOP with SmalltalkFAST
 
Powerlang: a Vehicle for Lively Implementing Programming Languages
Powerlang: a Vehicle for Lively Implementing Programming LanguagesPowerlang: a Vehicle for Lively Implementing Programming Languages
Powerlang: a Vehicle for Lively Implementing Programming LanguagesFAST
 
Constructing 3D scenes with Woden Engine
Constructing 3D scenes with Woden EngineConstructing 3D scenes with Woden Engine
Constructing 3D scenes with Woden EngineFAST
 
Demystifying the creation of coding tools
Demystifying the creation of coding toolsDemystifying the creation of coding tools
Demystifying the creation of coding toolsFAST
 
Application Starter: the entry point for your application
Application Starter: the entry point for your applicationApplication Starter: the entry point for your application
Application Starter: the entry point for your applicationFAST
 
Improving the Pharo VM
Improving the Pharo VMImproving the Pharo VM
Improving the Pharo VMFAST
 
What is (not) Pharo 8?
What is (not) Pharo 8?What is (not) Pharo 8?
What is (not) Pharo 8?FAST
 
Stargate: an interstellar journey to RESTful APIs
Stargate: an interstellar journey to RESTful APIsStargate: an interstellar journey to RESTful APIs
Stargate: an interstellar journey to RESTful APIsFAST
 
Opening Smalltalks 2019
Opening Smalltalks 2019Opening Smalltalks 2019
Opening Smalltalks 2019FAST
 
Smalltalk Computers, Past and Future by Jecel Mattos de Assumpção Jr
Smalltalk Computers, Past and Future by Jecel Mattos de Assumpção JrSmalltalk Computers, Past and Future by Jecel Mattos de Assumpção Jr
Smalltalk Computers, Past and Future by Jecel Mattos de Assumpção JrFAST
 
Adaptive Compilation by Jecel Mattos de Assumpção Jr
Adaptive Compilation by Jecel Mattos de Assumpção JrAdaptive Compilation by Jecel Mattos de Assumpção Jr
Adaptive Compilation by Jecel Mattos de Assumpção JrFAST
 
Choosing where to run our objects: the S8 Smalltalk approach by Description:F...
Choosing where to run our objects: the S8 Smalltalk approach by Description:F...Choosing where to run our objects: the S8 Smalltalk approach by Description:F...
Choosing where to run our objects: the S8 Smalltalk approach by Description:F...FAST
 
Using 128 GPU cores, Tensorflow and VASmalltalk to detect Kolsh beers with ES...
Using 128 GPU cores, Tensorflow and VASmalltalk to detect Kolsh beers with ES...Using 128 GPU cores, Tensorflow and VASmalltalk to detect Kolsh beers with ES...
Using 128 GPU cores, Tensorflow and VASmalltalk to detect Kolsh beers with ES...FAST
 
Improving VASmalltalk deployment, availability and scalability with Docker by...
Improving VASmalltalk deployment, availability and scalability with Docker by...Improving VASmalltalk deployment, availability and scalability with Docker by...
Improving VASmalltalk deployment, availability and scalability with Docker by...FAST
 
VASmalltalk and Raspberry Pi powering the largest MIDI instrument of the world
VASmalltalk and Raspberry Pi powering the largest MIDI instrument of the worldVASmalltalk and Raspberry Pi powering the largest MIDI instrument of the world
VASmalltalk and Raspberry Pi powering the largest MIDI instrument of the worldFAST
 
Hands-on Raspberry Pi and VA Smalltalk - Starting Workshop
Hands-on Raspberry Pi and VA Smalltalk - Starting WorkshopHands-on Raspberry Pi and VA Smalltalk - Starting Workshop
Hands-on Raspberry Pi and VA Smalltalk - Starting WorkshopFAST
 
Live typing: Update and what's next by Hernan Wilkinson
Live typing: Update and what's next by Hernan WilkinsonLive typing: Update and what's next by Hernan Wilkinson
Live typing: Update and what's next by Hernan WilkinsonFAST
 
Enhanced Email Protocol Framework for VAST by Seth Berman
Enhanced Email Protocol Framework for VAST by Seth BermanEnhanced Email Protocol Framework for VAST by Seth Berman
Enhanced Email Protocol Framework for VAST by Seth BermanFAST
 
VA Smalltalk Product Update by Seth Berman
VA Smalltalk Product Update by Seth BermanVA Smalltalk Product Update by Seth Berman
VA Smalltalk Product Update by Seth BermanFAST
 

More from FAST (20)

Threads, Critical Sections, and Termination
Threads, Critical Sections, and TerminationThreads, Critical Sections, and Termination
Threads, Critical Sections, and Termination
 
OOP with Smalltalk
OOP with SmalltalkOOP with Smalltalk
OOP with Smalltalk
 
Powerlang: a Vehicle for Lively Implementing Programming Languages
Powerlang: a Vehicle for Lively Implementing Programming LanguagesPowerlang: a Vehicle for Lively Implementing Programming Languages
Powerlang: a Vehicle for Lively Implementing Programming Languages
 
Constructing 3D scenes with Woden Engine
Constructing 3D scenes with Woden EngineConstructing 3D scenes with Woden Engine
Constructing 3D scenes with Woden Engine
 
Demystifying the creation of coding tools
Demystifying the creation of coding toolsDemystifying the creation of coding tools
Demystifying the creation of coding tools
 
Application Starter: the entry point for your application
Application Starter: the entry point for your applicationApplication Starter: the entry point for your application
Application Starter: the entry point for your application
 
Improving the Pharo VM
Improving the Pharo VMImproving the Pharo VM
Improving the Pharo VM
 
What is (not) Pharo 8?
What is (not) Pharo 8?What is (not) Pharo 8?
What is (not) Pharo 8?
 
Stargate: an interstellar journey to RESTful APIs
Stargate: an interstellar journey to RESTful APIsStargate: an interstellar journey to RESTful APIs
Stargate: an interstellar journey to RESTful APIs
 
Opening Smalltalks 2019
Opening Smalltalks 2019Opening Smalltalks 2019
Opening Smalltalks 2019
 
Smalltalk Computers, Past and Future by Jecel Mattos de Assumpção Jr
Smalltalk Computers, Past and Future by Jecel Mattos de Assumpção JrSmalltalk Computers, Past and Future by Jecel Mattos de Assumpção Jr
Smalltalk Computers, Past and Future by Jecel Mattos de Assumpção Jr
 
Adaptive Compilation by Jecel Mattos de Assumpção Jr
Adaptive Compilation by Jecel Mattos de Assumpção JrAdaptive Compilation by Jecel Mattos de Assumpção Jr
Adaptive Compilation by Jecel Mattos de Assumpção Jr
 
Choosing where to run our objects: the S8 Smalltalk approach by Description:F...
Choosing where to run our objects: the S8 Smalltalk approach by Description:F...Choosing where to run our objects: the S8 Smalltalk approach by Description:F...
Choosing where to run our objects: the S8 Smalltalk approach by Description:F...
 
Using 128 GPU cores, Tensorflow and VASmalltalk to detect Kolsh beers with ES...
Using 128 GPU cores, Tensorflow and VASmalltalk to detect Kolsh beers with ES...Using 128 GPU cores, Tensorflow and VASmalltalk to detect Kolsh beers with ES...
Using 128 GPU cores, Tensorflow and VASmalltalk to detect Kolsh beers with ES...
 
Improving VASmalltalk deployment, availability and scalability with Docker by...
Improving VASmalltalk deployment, availability and scalability with Docker by...Improving VASmalltalk deployment, availability and scalability with Docker by...
Improving VASmalltalk deployment, availability and scalability with Docker by...
 
VASmalltalk and Raspberry Pi powering the largest MIDI instrument of the world
VASmalltalk and Raspberry Pi powering the largest MIDI instrument of the worldVASmalltalk and Raspberry Pi powering the largest MIDI instrument of the world
VASmalltalk and Raspberry Pi powering the largest MIDI instrument of the world
 
Hands-on Raspberry Pi and VA Smalltalk - Starting Workshop
Hands-on Raspberry Pi and VA Smalltalk - Starting WorkshopHands-on Raspberry Pi and VA Smalltalk - Starting Workshop
Hands-on Raspberry Pi and VA Smalltalk - Starting Workshop
 
Live typing: Update and what's next by Hernan Wilkinson
Live typing: Update and what's next by Hernan WilkinsonLive typing: Update and what's next by Hernan Wilkinson
Live typing: Update and what's next by Hernan Wilkinson
 
Enhanced Email Protocol Framework for VAST by Seth Berman
Enhanced Email Protocol Framework for VAST by Seth BermanEnhanced Email Protocol Framework for VAST by Seth Berman
Enhanced Email Protocol Framework for VAST by Seth Berman
 
VA Smalltalk Product Update by Seth Berman
VA Smalltalk Product Update by Seth BermanVA Smalltalk Product Update by Seth Berman
VA Smalltalk Product Update by Seth Berman
 

Recently uploaded

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 

Recently uploaded (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 

Deviation Testing: A Test Case Generation Technique for GraphQL APIs by Daniela Meneses Vargas, Andreina Cota Vidaurre

  • 1. Deviation Testing A Test Case Generation Technique for GraphQL APIs Daniela Meneses Vargas Alison Fernández Blanco Andreina Cota Vidaurre Juan Pablo Sandoval Alcocer Milton Mamani Torres Alexandre Bergel Stéphane Ducasse
  • 3. REST (Representational State Transfer) ● REST has become the standard for designing web APIS ● Offers some great ideas, such as stateless server and structured access to resources ● It has shown to be too inflexible to keep up with the rapidly changing requirements of the clients that access them
  • 4. REST - Overfetching { "film": { "id" : 1, "name" : "Schindler's List", "imageUrl" : "https://someimageurl.com/uxs.png", "rating" : 5, "gender" : "ACTION", "director" : { "name" : "James Cameron" } } } HTTP GET: /film/<id> Schindler's List
  • 5. REST - Underfetching HTTP GET: /director/<id> /director/<id>/films /director/<id>/roleDirector: Steven Spielberg Films: Jurassic Park, War House, Indiana Jones Role: Film Director
  • 6. GraphQL Query language and the execution engine of queries by using a type system you define for your data. ● GraphQL is not dealing with dedicated resources ● In GraphQL the server declares what resources are available and the client asks for what it needs
  • 7. GraphQL - Schema type Query { director(id: Int): Director allFilms: [Film] film(id: Int): Film } type Director { name: String! id: Int! films: [Film] role: String imgUrl: String } type Film { name: String! director: Director rating: Int gender: String imgUrl: String } Schema Query All the types that are exposed in an API are written down in a schema using the SDL. Schema server as a contract between the client and the server { director(id: 1){ name films { name } role imgUrl } }
  • 8. GraphQL HTTP POSTDirector: Steven Spielberg Films: Jurassic Park, War House, Indiana Jones Role: Film Director { director(id: 1){ name films { name } role imgUrl } } { "data": { "director": { "name": "Steven Spielberg", "films": [ { "name": "Jurassic Park", ...} ], "role": "Film Director", "imgUrl": "https://asd.com/qwerte.png" } } }
  • 9. SGraphQL - GraphQL in Smalltalk https://github.com/OBJECTSEMANTICS/GraphQL
  • 11. Deviation Testing Technique that measures the difference between a test case and its automatic generated variations (deviations). The goal is increase the test coverage and help to find potential bugs in any GraphQL implementation.
  • 14. Fields Selection Deviation { allFilms { name rating gender director { name } } } { allFilms { name rating gender } }
  • 15. Fields Deviation Result Comparison { allFilms { name rating gender director { name } } } { "allFilms" : [ { "name" : "terminator", "rating" : 5, "gender" : "ACTION", "director" : { "name" : "James Cameron" } }, { "name" : "Star wars: New Hope", "rating" : 9, "gender" : "SCIENCE_FICTION", "director" : { "name" : "George Lucas" } } ] }
  • 16. Fields Deviation Result Comparison { allFilms { name rating gender } } { "allFilms" : [ { "name" : "terminator", "rating" : 5, "gender" : "ACTION" }, { "name" : "Star wars: New Hope", "rating" : 9, "gender" : "SCIENCE_FICTION" } ] }
  • 17. { "allFilms" : [ { "name" : "terminator", "rating" : 5, "gender" : "ACTION", "director" : { "name" : "James Cameron" } }, { "name" : "Star wars: New Hope", "rating" : 9, "gender" : "SCIENCE_FICTION", "director" : { "name" : "George Lucas" } } ] } Fields Deviation Result Comparison { "allFilms" : [ { "name" : "terminator", "rating" : 5, "gender" : "ACTION" }, { "name" : "Star wars: New Hope", "rating" : 9, "gender" : "SCIENCE_FICTION" } ] }
  • 18. Empty Field Deviation { film(id: 1) { name rating gender director { name } } } { film(id: 1) { } }
  • 19. Empty Field Deviation { film(id: 1) { } } { "errors": [ { "message": "Syntax Error: Expected Name, found }", "locations": [ { "line": 4, "column": 3 } ] } ] }
  • 20. Non Null Deviation { film(id: 1) { name rating gender director { name } } } { film(id: null) { name rating gender director { name } } }
  • 21. Non Null Deviation { film(id: null) { name rating gender director { name } } } { "errors": [ { "message": "must provide an id", "locations": [ { "line": 2, "column": 12 } ], "path": [ "film" ] } ], "data": { "film": null } }
  • 22. Type Deviation { film(id: “bad id”) { name rating gender director { name } } } { "errors": [ { "message": "No valid ID extracted from 1", "locations": [ { "line": 2, "column": 12 } ], "path": [ "film" ] } ], "data": { "film": null } }
  • 23. Type Deviation { film(id: 1) { name rating gender director { name } } } { film(id: “bad id”) { name rating gender director { name } } }
  • 24. Running the test generator 1 2 3 4
  • 25. Case Studies Application Passed Failed Total Deviations Failed Smalltalk 38 10 48 Argument Types Empty Field Selections Yelp 90 5 95 Empty Field Selections Apollo 134 0 134 None
  • 26. Future Work ● Add more deviation rules ● Support for multiple initial queries
  • 27. Conclusions ● We created a tool to test a GraphQL standard compliance by creating deviated queries from the original and comparing the responses. ● We run the tool against SGraphQL Demo API, Yelp and Apollo Demo API; finding on two of them problems in the implementation of GraphQL standard.