-
Notifications
You must be signed in to change notification settings - Fork 0
Fault Classification
Classification of faults into their into Root Causes (Internal, Interaction, and Environment,) and Influence (Functional, and Non-Functional).
| Functional | Non-Functional | |
|---|---|---|
| Internal | F1, F2, F3, F4, F5, F6, F7, F8, F9, F10, F11, F14, F17, F18, F19, F20, F21, F22, F23, F25, F27 | |
| Interaction | F13, F24 | F12, F15, F26, F16 |
| Environment |
Taxonomy of issues in microservice systems.
| Fault ID | Fault Description | Category | Sub-Category | Type of Issue |
|---|---|---|---|---|
| F1 | Wrong status codes in HTTP responses | Technical Debt | Code Debt | Inconsistent Code |
| F2 | Incorrect password-length validation | Technical Debt | Code Debt | Logic Sequence Error |
| F3 | Overwriting instead of combining results | Technical Debt | Code Debt | Data Overwrite Error |
| F4 | Incorrect null-checks on collections |
Technical Debt | Code Debt | Condition Logic Error |
| F5 | Incorrect null-checks on Optional objects |
Technical Debt | Code Debt | Condition Logic Error |
| F6 | Incorrect handling of non-existent routes | Technical Debt | Code Debt | Condition Logic Error |
| F7 | Index conflict with ConsignPrice objects in database |
Technical Debt | Code Debt | Insufficient Value Validation |
| F8 | Missing null-checks leading to an unhandled NullPointerException
|
Technical Debt | Code Debt | Insufficient Value Validation |
| F9 | Improper date handling in URL path variables | Technical Debt | Code Debt | Insufficient Value Validation |
| F10 | Misuse of java.util.Date constructor |
Technical Debt | Code Debt | Initialization Error |
| F11 | Inconsistent return types in fallback methods | Compilation Issue | Syntax Error | - |
| F12 | Publicly accessible admin paths due to improper security configuration | Security Issue | Authorization | Handling Authorization Header |
| F13 | Invalid endpoint call for empty path variables | Technical Debt | Code Debt | Insufficient Value Validation |
| F14 | Incorrect usage of BigDecimal.add
|
Technical Debt | Code Debt | Ignored Return Value |
| F15 | Improper ordering of security matchers | Security Issue | Authorization | Handling Authorization Header |
| F16 | Insufficient timeout settings | Exception Handling | Communication Exception | Timeout Error |
| F17 | Misconfigured initialization data | Technical Debt | Code Debt | Insufficient Value Validation |
| F18 | Comparing travelDate to the wrong field |
Technical Debt | Code Debt | Condition Logic Error |
| F19 | Reversed logic for cookie validation | Technical Debt | Code Debt | Condition Logic Error |
| F20 | Missing isEmpty-check on response data |
Technical Debt | Code Debt | Insufficient Value Validation |
| F21 | Potentially infinite loop in seat assignment | Technical Debt | Code Debt | Infinite Loop |
| F22 | Incorrect status code for missing authorization | Technical Debt | Code Debt | Inconsistent Code |
| F23 | Wrong order of if-conditions |
Technical Debt | Code Debt | Logic Sequence Error |
| F24 | Incorrect HTTP method in HTTP request | Service Execution | Service Communication | HTTP Connection |
| F25 | Comparing enumeration constant to the wrong field | Technical Debt | Code Debt | Condition Logic Error |
| F26 | Security configuration mismatch | Security Issue | Authorization | Handling Authorization Header |
| F27 | Missing check for UUID in path variable |
Technical Debt | Code Debt | Insufficient Value Validation |
Taxonomy of faults in microservice systems and their association with non-functional attributes.
| Fault ID | Fault Description | Silva et al. Sub-Category | Fault | Characteristic |
|---|---|---|---|---|
| F1 | Wrong status codes in HTTP responses | Analysability | Invalid Response Data Fault | Maintainability |
| F2 | Incorrect password-length validation | Confidentiality | Insufficient Credentials Accepted | Security |
| F3 | Overwriting instead of combining results | Functional Completeness | Internal Fault | Implementation |
| F4 | Incorrect null-checks on collections |
Functional Completeness | Internal Fault | Implementation |
| F5 | Incorrect null-checks on Optional objects |
Functional Completeness | Internal Fault | Implementation |
| F6 | Incorrect handling of non-existent routes | Functional Completeness | Internal Fault | Implementation |
| F7 | Index conflict with ConsignPrice objects in database |
Integrity | Not Validating Input/Data | Security |
| F8 | Missing null-checks leading to an unhandled NullPointerException
|
Functional Completeness | Internal Fault | Implementation |
| F9 | Improper date handling in URL path variables | Functional Completeness | Internal Fault | Implementation |
| F10 | Misuse of java.util.Date constructor |
Functional Completeness | Internal Fault | Implementation |
| F11 | Inconsistent return types in fallback methods | Analysability | Invalid Response Data Fault | Maintainability |
| F12 | Publicly accessible admin paths due to improper security configuration | Authenticity | Faulty Authorization | Security |
| F13 | Invalid endpoint call for empty path variables | Analysability | Invalid Request Data Fault | Maintainability |
| F14 | Incorrect usage of BigDecimal.add
|
Functional Completeness | Internal Fault | Implementation |
| F15 | Improper ordering of security matchers | Authenticity | Faulty Authorization | Security |
| F16 | Insufficient timeout settings | Temporal Behavior | Long Response Time | Service Discovery |
| F17 | Misconfigured initialization data | Integrity | Not Validating Input/Data | Security |
| F18 | Comparing travelDate to the wrong field |
Functional Completeness | Internal Fault | Implementation |
| F19 | Reversed logic for cookie validation | Functional Completeness | Internal Fault | Implementation |
| F20 | Missing isEmpty-check on response data |
Integrity | Not Validating Input/Data | Security |
| F21 | Potentially infinite loop in seat assignment | Functional Completeness | Internal Fault | Implementation |
| F22 | Incorrect status code for missing authorization | Analysability | Invalid Response Data Fault | Maintainability |
| F23 | Wrong order of if-conditions |
Functional Completeness | Internal Fault | Implementation |
| F24 | Incorrect HTTP method in HTTP request | Analysability | Invalid Request Data Fault | Maintainability |
| F25 | Comparing enumeration constant to the wrong field | Functional Completeness | Internal Fault | Implementation |
| F26 | Security configuration mismatch | Authenticity | Faulty Authorization | Security |
| F27 | Missing check for UUID in path variable |
Integrity | Not Validating Input/Data | Security |
Taxonomy of integration-relevant faults.
| Fault ID | Category | Sub-Category | Sub-Sub-Category |
|---|---|---|---|
| F12 | Connection Fault | Unauthorized Access Granted | |
| F13 | Execution Fault | Incorrect Result | Incorrect Input |
| F15 | Connection Fault | Unauthorized Access Granted | |
| F16 | Execution Fault | Timed Out | Service Too Slow |
| F24 | Connection Fault | Connection Denied | Wrong Configuration |
| F26 | Connection Fault | Unauthorized Access Granted |
-
F12: Connection Fault → Unauthorized Access Granted
F12 allows users to bypass administrator-only restrictions by appending a trailing slash to the path. As this fault results in incorrect behavior (unintended access), the fault could be assigned to the top-level category Execution Fault. Nonetheless, since this fault is related to requesting service endpoints, F12 fits more accurately to Connection Fault. However, the taxonomy provides no subcategory covering scenarios where unauthorized access is incorrectly granted. Therefore, as F12 does not align with any existing subcategory, we introduced a custom subcategory, Unauthorized Access Granted, that highlights a fault not captured by the taxonomy.
-
F13: Execution Fault → Incorrect Result → Incorrect Input
F13 causes an invalid request to be sent when an empty string is provided as the path variable. While it might appear as a Connection Fault, this fault does not lie in the connection between services (since the correct service is addressed) but rather in the misconfiguration of a parameter. The incorrect input of an empty string in the URL path leads to the unexpected outcome of an exception. Consequently, F13 fits most accurately under Execution Fault → Incorrect Result → Incorrect Input.
-
F15: Connection Fault → Unauthorized Access Granted
F15 involves an incorrect order of the andMatchers in the Spring Security configuration that allows users to access protected endpoints without proper authorization. Similar to F12, this fault could be assigned to Execution Fault, as it leads to the unexpected outcome of granting users unrestricted access. Nonetheless, like F12, this fault aligns better with Connection Fault, as F15 manifests when services request such misconfigured endpoints. Since this taxonomy does not provide a subcategory for incorrectly allowing unrestricted access, we also assigned this fault to the custom subcategory Unauthorized Access Granted.
-
F16: Execution Fault → Timed Out → Service Too Slow
F16 results in a timeout exception, as the specified timeout values in ts-preserve-service and ts-preserve-other-service are insufficient. There are three subcategories in this taxonomy related to timeouts: one under the category of Connection Fault, another under Service Deployment Fault, and a third under Execution Fault. This fault cannot reasonably be classified to Service Deployment Fault since it is unrelated to the service deployment. Furthermore, it cannot be classified as a Connection Fault, as the connection does not time out due to overloaded or unresponsive services. Instead, the services called by ts-preserve-service or ts-preserve-other service are too slow in their execution, requiring more time than the specified timeout value permits. Therefore, this fault aligns most closely with the category Execution Fault → Timed Out → Service Too Slow.
-
F24: Connection Fault → Connection Denied → Wrong Configuration
F24 unexpectedly triggers a 405 (Method Not Allowed) because the ts-rebook-service misconfigures the HTTP method for an endpoint in the ts-order-service to POST instead of DELETE. As this fault is related to the connection between the ts-rebook- service and ts-order service, and the request is denied by the ts-order-service due to a misconfiguration of the endpoint, F24 is most accurately placed in Connection Fault → Connection Denied → Wrong Configuration.
-
F26: Connection Fault → Unauthorized Access Granted
F26 involves a mismatch in the security configuration, where the path of an endpoint is incompletely specified, allowing unauthorized access to an endpoint that should have been restricted. Like F12 and F15, this fault fits most accurately to the top-level category of Connection Fault. However, due to a missing subcategory covering a scenario where restricted access is incorrectly granted, F26 was assigned to the custom subcategory Unauthorized Access Granted.
- Home
- Test Suite Creation
- Fault Identification
- Fault Classification
- Commit History Analysis
- Dependency of Test Cases and Detected Faults
- Adjustments to the Original Source Code