blogccasion

Dog food in REST Compile & Describe

Thomas Steiner headshot

By Thomas Steiner. Written on . Work

dog foodDog food in REST Compile & Describe

A lot of companies, including the one I work for, are eating their own dog food as a means of improving the overall quality of their products. I am planning to follow this pattern in REST Describe & Compile, that is to say in the Grammars and Namespace Discoverer modules. I am thinking of a module that uses code created by REST Compile, and then executes this code in order to retrieve the namespaces and particular XML schemas a certain web service uses. So the process flow would be:
  1. Analyze a request URI and generate a first reqest-based WADL
  2. Use this WADL file to generate request code
  3. Execute the generated code on the server, i.e. place a real API request
  4. Harvest the returned response and discover the contained namespaces and XML schemas
  5. Refine the previously generated WADL, and add the response-based WADL information
  6. Return the final version of the WADL
  7. Return the final version of the code with proper response handling
This raises the question about security. Is executing code on your server a good idea? How can evil requests be detected? Can someone create a request that transforms into WADL that then in turn transforms into code that harms your server? What do you think?

Image from buzzle.com