DOI: 10.1145/3808202 ISSN: 2994-970X

SpecWeaver: End-to-End HTTP API Specification Inference across Multi-layer Routing in Production Web Services

Wenbo Hu, Jie Lu, Jingting Chen, Feng Li, Chenghang Shi, Xiaonan Shi, Jinchen Wang, Wei Huo

HTTP API specifications are essential for modern web development, yet existing tools fail in production environments due to multi-layer routing. Production deployments employ infrastructure-level and framework-level routing that apply sequential rewrite and dispatch rules, creating a gap between client-visible external paths and internal paths. To address this challenge, we present SpecWeaver, the first tool to automatically extract and unify heterogeneous configuration-defined routing rules with code-level handlers. Our approach combines routing component information gathering, iterative configuration discovery using LLMs, and routing extraction from diverse configuration files to construct a routing graph representation that captures end-to-end routing relationships. Evaluated on 10 production applications, SpecWeaver extracts 36,361 rewrite rules and 48,394 dispatch rules with 99.44%/100% precision, materializes 8,288 external API paths, contributes 5,162 previously undocumented APIs with 160 unauthenticated endpoints, helps an existing testing tool improve testing coverage by 328.6% compared to the baseline, and discovers 305 bugs.

More from our Archive