Willkommen
Herzlich Willkommen auf der Homepage des REAL SOA Security REST Conformance Test Tool (REST-CTT). Diese Seite stellt Ihnen die Ergebnisse unserer empirischen Studie der REST Frameworks und der REST Cloud Services vor, die mit REST-CTT durchgeführt wurden. Falls Sie selber ihre eigenen REST Services testen möchten, können Sie REST-CTT hier herunterladen.Ergebnisse der REST Frameworks
Die untere Tabelle stellt die Ergebnisse der Konformitätsanalyse des ESOCC 2014 Papers [1] und des OBJEKTspektrum Artikels [2] dar. Hierbei haben wir die Frameworks Laravel (PHP), Play (Java/Scala), restify (Node.js), Ruby on Rails und ASP.NET (C#) evaluiert.
| Test identifier and description | Consolidated View | PHP | Play | Node | Jersey | RoR | ASP |
|---|---|---|---|---|---|---|---|
| POST | |||||||
| PO.1 application/x-www-form-urlencoded | 201 | 201 | 201 | 201 | 201 | 400 | No Response |
| PO.1 application/json | 201 | 201 | 201 | 201 | 201 | 406 | 201 |
| PO.1 application/xml | 201 | 201 | 201 | 201 | 201 | 406 | 400 |
| PO.2 Unsupported content type | 415 | 415 | 415 | 415 | 415 | 400 | 500 |
| PO.3 Content type and payload mismatch | 400 | 500 | 400 | 400 | 400 | 400 | 400 |
| PO.3 No content type but with payload | 400 | 415 | 500 | 415 | 500 | 400 | 500 |
| PO.4 Wrong content length | 400 | No Response | No Response | No Response | No Response | No Response | No Response |
| PO.4 Content length as String | 400 | No Response | No Response | No Response | 400 | 400 | 400 |
| PO.4 No content length | 411 | No Response | 400 | No Response | 400 | 411 | 411 |
| PO.5 Wrong action on resource | 405 | 404 | 404 | 405 | 405 | 404 | 400 |
| PO.5 Wrong resource identifier | 404 | 404 | 404 | 404 | 404 | 404 | 404 |
| PO.6 Malformed XML | 400 | 500 | 400 | 400 | 400 | 400 | 400 |
| PO.6 Malformed JSON | 400 | 500 | 400 | 400 | 400 | 400 | 400 |
| PO.7 Wellformed JSON, unprocessible content | 400 | 500 | 400 | 400 | 400 | 400 | 400 |
| PO.7 Wellformed XML, unprocessible content | 400 | 500 | 400 | 400 | 400 | 400 | 400 |
| PO.8 Unknown protocol version | 505 | 201 | 201 | 201 | 505 | 406 | 201 |
| HEAD | |||||||
| HE.1 application/json | 200 | 200 | 200 | 200 | 200 | 200 | 405 |
| HE.1 application/xml | 200 | 200 | 200 | 200 | 200 | 200 | 405 |
| HE.2 Unsupported media type | 406 | 200 | 406 | 406 | 500 | 406 | 405 |
| HE.3 Wrong resource identifier | 404 | 404 | 404 | 404 | 404 | 404 | 404 |
| HE.3 Not exsiting resource | 404 | 200 | 400 | 404 | 404 | 404 | 405 |
| HE.4 Containing content | 400 | 200 | 200 | 200 | 200 | 400 | 405 |
| HE.5 No accept header | 200 | 200 | 200 | 200 | 200 | 200 | 405 |
| HE.6 Unknown protocol version | 505 | 200 | 200 | 200 | 505 | 200 | 405 |
| OPTIONS | |||||||
| OP.1 Ping * | 200 | 200 | 400 | 404 | 200 | 404 | 400 |
| OP.2 Regular | 200 | 200 | 200 | 405 | 200 | 404 | 405 |
| OP.2 Regular with resource id | 200 | 200 | 200 | 405 | 200 | 404 | 405 |
| OP.3 application/json | 200 | 200 | 200 | 405 | 200 | 404 | 405 |
| OP.3 application/xml | 200 | 200 | 200 | 405 | 200 | 404 | 405 |
| OP.4 Unsupported media type in accept header | 406 | 200 | 200 | 406 | 200 | 404 | 405 |
| OP.5 Wrong resource identifier | 404 | 404 | 404 | 404 | 404 | 404 | 404 |
| OP.5 Not existing resource | 404 | 200 | 400 | 405 | 200 | 404 | 405 |
| OP.6 Containing content | 400 | 200 | 400 | 405 | 200 | 400 | 405 |
| OP.7 Unknown protocol version | 505 | 200 | 200 | 405 | 505 | 404 | 405 |
| GET | |||||||
| GE.1 application/json | 200 | 200 | 200 | 200 | 200 | 200 | 200 |
| GE.1 application/xml | 200 | 200 | 200 | 200 | 200 | 200 | 200 |
| GE.2 Unsupported media type | 406 | 200 | 415 | 406 | 500 | 406 | 200 |
| GE.3 Wrong resource identifier | 404 | 404 | 404 | 404 | 404 | 404 | 404 |
| GE.3 Not existing resource | 404 | 200 | 400 | 404 | 404 | 404 | 200 |
| GE.4 Containing content | 400 | 200 | 200 | 200 | 200 | 400 | 200 |
| GE.5 No accept header | 200 | 200 | 200 | No Response | 200 | 200 | 200 |
| GE.6 Unknown protocol version | 505 | 200 | 200 | No Response | 505 | 200 | 200 |
| PUT | |||||||
| PU.1 application/x-www-form-urlencoded | 204 | 204 | 204 | 204 | 204 | 400 | 500 |
| PU.1 application/json | 204 | 200 | 204 | 204 | 204 | 204 | 500 |
| PU.1 application/xml | 204 | 204 | 204 | 204 | 415 | 204 | 500 |
| PU.2 Unsupported content type | 415 | 415 | 415 | 415 | 415 | 400 | 500 |
| PU.3 Partial update | 400 | 500 | 204 | 204 | 406 | 204 | 500 |
| PU.4 Content type and payload mismatch | 400 | 500 | 400 | 400 | 400 | 400 | 500 |
| PU.4 No content type but with payload | 400 | 415 | 500 | 415 | 415 | 400 | 500 |
| PU.5 Wrong content length | 400 | No Response | No Response | No Response | No Response | No Response | No Response |
| PU.5 Content length as String | 400 | No Response | No Response | No Response | 400 | 400 | 400 |
| PU.5 No content length | 411 | No Response | 400 | No Response | 400 | 411 | 411 |
| PU.6 Wrong action on resource | 404 | 404 | 404 | 404 | 404 | 404 | 404 |
| PU.6 Not existing resource | 404 | 500 | 400 | 500 | 415 | 404 | 500 |
| PU.7 Malformed XML | 400 | 500 | 400 | 400 | 415 | 400 | 500 |
| PU.7 Malformed XML isComplete=EVIL | 400 | 500 | 400 | 500 | 415 | 404 | 500 |
| PU.7 Malformed JSON | 400 | 500 | 400 | 400 | 400 | 400 | 500 |
| PU.7 Malformed JSON isComplete=EVIL | 400 | 500 | 400 | 400 | 400 | 400 | 500 |
| PU.8 Wellformed JSON, unprocessible content | 400 | 500 | 400 | 400 | 400 | 400 | 500 |
| PU.8 Wellformed XML, unprocessible content | 400 | 500 | 400 | 400 | 415 | 400 | 500 |
| PU.9 Unknown protocol version | 505 | 500 | 400 | 500 | 505 | 404 | 500 |
| PATCH | |||||||
| PA.1 application/x-www-form-urlencoded | 204 | 500 | 204 | 204 | 204 | 400 | 204 |
| PA.1 application/json | 204 | 500 | 204 | 204 | 204 | 204 | 204 |
| PA.1 application/xml | 204 | 204 | 204 | 204 | 415 | 400 | 500 |
| PA.2 Unsupported content type | 415 | 415 | 415 | 415 | 415 | 400 | 500 |
| PA.3 Complete update | 204 | 200 | 204 | 204 | 204 | 204 | 204 |
| PA.4 Content type mismatch and payload | 400 | 500 | 400 | 400 | 400 | 400 | 500 |
| PA.4 No content type but with payload | 400 | 415 | 500 | 415 | 415 | 400 | 500 |
| PA.5 Wrong content length | 400 | No Response | No Response | No Response | No Response | No Response | No Response |
| PA.5 Content length as String | 400 | No Response | No Response | No Response | 400 | 400 | 400 |
| PA.5 No content length | 411 | No Response | 400 | No Response | 400 | 400 | 500 |
| PA.6 Wrong action on resource | 404 | 404 | 404 | 404 | 404 | 404 | 404 |
| PA.6 Not existing resource | 404 | 500 | 400 | 404 | 415 | 404 | 500 |
| PA.7 Malformed XML | 400 | 500 | 400 | 400 | 415 | 400 | 500 |
| PA.7 Malformed XML isComplete=Evil | 400 | 500 | 400 | 404 | 415 | 404 | 500 |
| PA.7 Malformed JSON | 400 | 500 | 400 | 400 | 400 | 400 | 204 |
| PA.7 Malformed JSON isComplete=Evil | 400 | 500 | 400 | 404 | 406 | 404 | 204 |
| PA.8 Wellformed JSON, unprocessible content | 400 | 500 | 400 | 404 | 404 | 404 | 204 |
| PA.8 Wellformed XML, unprocessible content | 400 | 500 | 400 | 404 | 415 | 404 | 500 |
| PA.9 Unknown protocol version | 505 | 500 | 400 | 404 | 505 | 404 | 204 |
| DELETE | |||||||
| DE.1 Regular | 204 | 204 | 204 | 204 | 204 | 204 | 204 |
| DE.2 Regular isComplete=false | 403 | 204 | 403 | 403 | 403 | 204 | 403 |
| DE.3 all | 405 | 404 | 404 | 405 | 405 | 404 | 404 |
| DE.4 Not existing resource | 404 | 500 | 400 | 404 | 404 | 404 | 500 |
| DE.5 Containing content | 400 | 204 | 204 | 204 | 204 | 204 | 403 |
| DE.6 Unknown protocol version | 505 | 204 | 204 | 204 | 505 | 204 | 403 |
| EVIL | |||||||
| EV.1 application/json | 501 | 501 | 404 | No Response | 405 | 500 | 404 |
| EV.1 application/xml | 501 | 501 | 404 | No Response | 405 | 500 | 404 |
| EV.2 Unsupported media type | 501 | 501 | 404 | No Response | 405 | 500 | 404 |
| EV.3 Wrong resource identifier | 501 | 501 | 404 | No Response | 404 | 500 | 404 |
| EV.4 Containing content | 501 | 501 | 404 | No Response | 405 | 500 | 404 |
| EV.5 Unknown protocol version | 501 | 501 | 404 | No Response | 505 | 500 | 404 |
Ergebnisse der REST Cloud Services
Die folgende Tabelle zeigt die Analyseergebnisse des Konformitätstest der REST Cloud File Storage Services von Amazon, Google, HP und von Microsoft, deren Untersuchung auf Grundlage des WEBIST 2015 Papers [3] erfolgte.| Test identifier and description | Consolidated View | Amazon | HP | Microsoft | |
|---|---|---|---|---|---|
| POST | |||||
| PO.1 Content-Type application/json | 201 | 412 | 400 | 204 | 400 |
| PO.1 Content-Type application/xml | 201 | 412 | 400 | 204 | 400 |
| PO.2 Unsupported Content-Type | 415 | 412 | 400 | 204 | 400 |
| PO.3 Content-Type and payload mismatch | 400 | 412 | 400 | 204 | 400 |
| PO.3 No Content-Type but with payload | 400 | 412 | 400 | 204 | 400 |
| PO.4 Content-Length bigger than payload size | 400 | 412 | No Response | No Response | 400 |
| PO.4 Content-Length as String | 400 | 400 | 400 | 400 | 400 |
| PO.4 No Content-Length | 411 | 412 | 411 | 204 | 411 |
| PO.5 Wrong action on resource | 405 | 405 | 400 | 404 | 405 |
| PO.5 Not existing resource | 404 | 412 | 400 | 204 | 405 |
| PO.6 Malformed application/json | 400 | 412 | 400 | 204 | 400 |
| PO.6 Malformed application/xml | 400 | 412 | 400 | 204 | 400 |
| PO.7 Wellformed application/json, unprocessible content | 400 | 412 | 400 | 204 | 400 |
| PO.7 Wellformed application/xml, unprocessible content | 400 | 412 | 400 | 204 | 400 |
| PO.8 Unknown protocol version | 505 | 505 | 400 | 501 | 400 |
| OPTIONS | |||||
| OP.1 Ping * | 200 | 400 | 200 | 200 | 400 |
| OP.2 Regular | 200 | 400 | 200 | 200 | 400 |
| OP.2 Regular with resource id | 200 | 400 | 200 | 200 | 400 |
| OP.3 Accept application/json | 200 | 400 | 200 | 200 | 400 |
| OP.3 Accept application/xml | 200 | 400 | 200 | 200 | 400 |
| OP.4 Unsupported media type in accept header | 415 | 400 | 200 | 200 | 400 |
| OP.5 Wrong resource identifier | 404 | 400 | 200 | 200 | 400 |
| OP.5 Not existing resource | 404 | 400 | 200 | 200 | 400 |
| OP.6 Containing content | 400 | 400 | 200 | 200 | 400 |
| OP.7 Unknown protocol version | 505 | 505 | 200 | 501 | 400 |
| HEAD | |||||
| HE.1 Accept application/json | 200 | 200 | 200 | 200 | 200 |
| HE.1 Accept application/xml | 200 | 200 | 200 | 200 | 200 |
| HE.2 Unsupported media type | 406 | 200 | 200 | 200 | 200 |
| HE.3 Wrong resource identifier | 404 | 404 | 404 | 404 | 404 |
| HE.3 Not existing resource | 404 | 404 | 404 | 404 | 404 |
| HE.4 Containing content | 400 | 200 | 400 | 200 | 200 |
| HE.5 No Accept header | 200 | 200 | 200 | 200 | 200 |
| HE.6 Unknown protocol version | 505 | 505 | 200 | 501 | 200 |
| GET | |||||
| GE.1 Accept application/json | 200 | 200 | 200 | 200 | 200 |
| GE.1 Accept application/xml | 200 | 200 | 200 | 200 | 200 |
| GE.2 Unsupported media type | 406 | 200 | 200 | 200 | 200 |
| GE.3 Wrong resource identifier | 404 | 404 | 404 | 404 | 404 |
| GE.3 Not existing resource | 404 | 404 | 404 | 404 | 404 |
| GE.4 Containing content | 400 | 200 | 400 | 200 | 200 |
| GE.5 No Accept header | 200 | 200 | 200 | 200 | 200 |
| GE.6 Unknown protocol version | 505 | 505 | 200 | 501 | 200 |
| PUT | |||||
| PU.1 Content-Type application/json | 204 | 200 | 200 | 201 | 201 |
| PU.1 Content-Type application/xml | 204 | 200 | 200 | 201 | 201 |
| PU.2 Unsupported Content-Type | 415 | 200 | 200 | 201 | 201 |
| PU.3 Partial update with Content-Type application/json | 400 | 200 | 200 | 201 | 201 |
| PU.3 Partial update with Content-Type application/xml | 400 | 200 | 200 | 201 | 201 |
| PU.4 Content-Type and payload mismatch | 400 | 200 | 200 | 201 | 201 |
| PU.4 No Content-Type but with payload | 400 | 200 | 200 | 201 | 201 |
| PU.5 Content-Length bigger than payload size | 400 | No Response | No Response | No Response | No Response |
| PU.5 Content-Length as String | 400 | 400 | 400 | 400 | 400 |
| PU.5 No Content-Length | 411 | 411 | 411 | 411 | 411 |
| PU.6 Wrong resource identifier | 404 | 400 | 400 | 202 | 404 |
| PU.6 Not existing resource | 404 | 200 | 200 | 201 | 201 |
| PU.7 Malformed application/json | 400 | 200 | 200 | 201 | 201 |
| PU.7 Malformed application/xml | 400 | 200 | 200 | 201 | 201 |
| PU.8 Wellformed application/json, unprocessible content | 400 | 200 | 200 | 201 | 201 |
| PU.8 Wellformed application/xml, unprocessible content | 400 | 200 | 200 | 201 | 201 |
| PU.9 Unknown protocol version | 505 | 505 | 200 | 501 | 201 |
| PU.5 Content-Length smaller than payload size | 400 | 400 | 200 | 201 | 201 |
| PU.10 Content-Length exceeding the allowed payload size | 413 | 400 | ? | 413 | 413 |
| PATCH | |||||
| PA.1 Content-Type application/json | 204 | 405 | 405 | 501 | 400 |
| PA.1 Content-Type application/xml | 204 | 405 | 405 | 501 | 400 |
| PA.2 Unsupported Content-Type | 415 | 405 | 405 | 501 | 400 |
| PA.3 Complete update with Content-Type application/json | 204 | 405 | 405 | 501 | 400 |
| PA.3 Complete update with Content-Type application/xml | 204 | 405 | 405 | 501 | 400 |
| PA.4 Content-Type and payload mismatch | 400 | 405 | 405 | 501 | 400 |
| PA.4 No Content-Type but with payload | 400 | 405 | 405 | 501 | 400 |
| PA.5 Wrong Content-Length | 400 | 405 | No Response | 501 | 400 |
| PA.5 Content-Length as String | 400 | 400 | 400 | 501 | 400 |
| PA.5 No Content-Length | 411 | 405 | 405 | 501 | 400 |
| PA.6 Wrong resource identifier | 404 | 405 | 405 | 501 | 400 |
| PA.6 Not existing resource | 404 | 405 | 405 | 501 | 400 |
| PA.7 Malformed application/json | 400 | 405 | 405 | 501 | 400 |
| PA.7 Malformed application/xml | 400 | 405 | 405 | 501 | 400 |
| PA.8 Wellformed application/json, unprocessible content | 400 | 405 | 405 | 501 | 400 |
| PA.8 Wellformed application/xml, unprocessible content | 400 | 405 | 405 | 501 | 400 |
| PA.9 Unknown protocol version | 505 | 505 | 405 | 501 | 400 |
| DELETE | |||||
| DE.1 Regular | 204 | 204 | 204 | 204 | 202 |
| DE.3 All resources | 405 | 409 | 409 | 409 | 400 |
| DE.4 Not existing resource | 404 | 204 | 404 | 404 | 404 |
| DE.5 Containing content | 400 | 204 | 400 | 204 | 202 |
| DE.6 Unknown protocol version | 505 | 505 | 204 | 501 | 202 |
| EVIL | |||||
| EV.1 Accept application/json | 501 | 405 | 502 | 501 | 400 |
| EV.1 Accept application/xml | 501 | 405 | 502 | 501 | 400 |
| EV.2 Unsupported media type in accept header | 501 | 405 | 502 | 501 | 400 |
| EV.3 Wrong resource identifier | 501 | 405 | 502 | 501 | 400 |
| EV.4 Containg content | 501 | 405 | 502 | 501 | 400 |
| EV.5 Unknown protocol version | 501 | 505 | 502 | 501 | 400 |
REST-CTT
REST-CTT ist ein Konformitätsanalysewerkzeug für REST-basierte Dienste.
Anhand eines vordefinierten Testkatalogs [1] führt es eine strukturierte Analyse des zu testenden REST Service durch und liefert daraufhin einen Evalutionsbericht zurück. Auf diese Grundlage können nun Entwickler und Softwaretester die Konformität und Kompatibilität von vorhandenen bzw. selbst entwickelten REST Services untersuchen. Das Tool ist eine Webanwendung und wird über einen Webbrowser angesprochen. Dies ermöglicht Ihnen nicht nur den Aufruf der Anwendung auf den lokalen Rechner, sondern auch die Möglichkeit es innerhalb eines LANs (Firmennetz, Heimnetzwerk, ...) auszuführen. Zusätzlich bringt REST-CTT ebenfalls eine REST-API mit. Somit können Sie die Applikation auch als REST Dienst verwenden.
Download
Systemvoraussetzungen:
- Betriebssystem: Linux, MAC OS X, Windows
- Java 1.7 und höher
Referenzen
[1]
Peter Leo Gorski, Luigi Lo Iacono, Hoai Viet Nguyen und Daniel Behnam Torkian, "SOA-Readiness of REST", Third European Conference on Service-Oriented and Cloud Computing (ESOCC), 2014
[2]
Peter Leo Gorski, Luigi Lo Iacono, Hoai Viet Nguyen Daniel, Behnam Torkian, Christian Nadolny, Markus Roskosch und Benjamin Horvat, "SOA und REST-Services: Ist REST reif genug, um SOA-Umgebungen zu verwirklichen?", OBJEKTspektrum 01/2015, 2014
[3]
Luigi Lo Iacono und Hoai Viet Nguyen, "Towards Conformance Testing of REST-based Web Services", 11th International Conference on Web Information Systems and Technologies , 2015
REAL SOA Security wird gefördert von:
