ART (Acronis REST Tooling) - A Kick-Start into the Open-Source World
Fuzzing a service based on Swagger annotation
ART (Acronis REST Tooling) is a Golang utility that validates REST API given a service’s annotation and its location. ART is API-agnostic, and it can be used by anyone to improve the quality of their services. It has been developed by Acronis and now it’s open-sourcing to help developers to improve the quality of services over the world.
Why is this so important?
Nowadays many companies create a platform based on their products. One of the required steps is opening their APIs to a wide community of developers to share expertise and simplify usage. HTTP REST is the de-facto standard of API for services. It is language-agnostic and there are specific formats of API description (annotation), the most popular of which is Swagger. From a development point of view, Swagger is a separate file and there is no guarantee to have it equal to the real REST API implemented within a service. An out-of-date Swagger causes failures of an APIs usage, disappointment, and even money loss. Thus it is really important to have annotation (Swagger) being continually verified against implementation.
ART is a tool that intends to solve this challenge.
The ART functionalities are not just checks of implementation vs annotation. ART also supports static checks, like verification of a Swagger against certain rules (e.g. API Guideline). Another element of ART’s advanced functionality is fuzzing. Given a successful sequence of requests, ART replays the sequence multiple times, fuzzing the last request in a sequence with a dynamic check, and verifying that the response fits the annotation. Fuzzing includes passing invalid argument types, absence of required input, and more.
CloudFest Hackathon is a kick-start of ART into the open-source world.
To have such kind of utilities useful over time, a continuous utility evolution is very important.
ART has a simple extension interface to create new checks, both static and dynamic. During the Hackathon we expect developers to write new checks/fuzzing for ART. We’d also suggest that participants run ART against some public services, helping them to find issues.
The project would be very interesting for developers who practice HTTP REST API in their everyday life. Golang is a plus. But even for those who have a vague idea of REST, the project could be a fantastic chance to dive into a world of microservices and to try it first-hand.
Anna Melekhova is a Platform Architect in Acronis. She used to be a kernel developer for virtual machines but then found new opportunities in clouds. Anna is fond of predicting future failures and trying to fix them in advance. More than 15 years in IT.