SGAFuzzer: Stateful GraphQL API Fuzzing

GraphQL has become increasingly popular in modern web development due to its flexibility and efficiency in data retrieval. However, existing fuzzing techniques for GraphQL APIs face challenges in handling dependencies between operations, which limits their ability to generate effective test cases and detect deep software bugs. This paper proposes SGAFuzzer, an automated stateful fuzzing framework designed to enhance the testing of GraphQL APIs. Specifically, SGAFuzzer performs static analysis of GraphQL schemas, using dependency object mapping and return path analysis to infer producer-consumer dependencies between operations. Subsequently, SGAFuzzer generates request templates based on the schema and employs a state-aware instantiation method, leveraging dependency storage and state caching to generate stateful test cases. We evaluated SGAFuzzer on five real-world GraphQL services. Experimental results demonstrate that SGAFuzzer outperforms state-of-the-art fuzzers in both operation coverage and bug detection count, successfully identifying 227 new bugs. These findings highlight {SGAFuzzer’s} effectiveness in deep stateful fuzzing of GraphQL APIs, leading to the discovery of complex state-dependent bugs.