Release date: October 16, 2020
Enhanced Static Analysis
We've extended dotTEST's static analysis capabilities with new features to help you focus on the most expedient tasks.
New Scoping Options to Target Modified Code on the Current Branch
We've added new options to create file filters that restrict the scope of analysis to files modified on your current working branch. This allows you to focus on identifying and fixing bugs introduced by your recent code changes before the code is merged with the main development stream.
In addition, you can narrow down the scope to locally modified files so that you can analyze the code you updated before checking it into source control.
See Defining File Filters Based on Source Control Data and Creating Custom Test Configurations.
New Report Reference Options for Defining the Code Analysis Baseline
You can now specify a path or URL to a reference report file that will be used as a baseline when performing analysis with dotTEST. This allows you to exclude previously reported findings from the current report in order to focus on the most recently detected code defects. Configuring Reporting Options.
Extended Security Compliance Pack
We've added support for the newly updated Common Weakness Enumeration (CWE). In addition, we've extended the OWASP Top 10 2017, PCI DSS 3.2, and UL 2900 test configurations with new rules to help you achieve better compliance with the security standards. See the New and Updated Test Configurations section below.
New Suppression Format
You can now create suppressions for static analysis findings in parasoft.suppress files, which can be stored in source control along with your source files. You can create in-file suppressions in the dotTEST GUI or manually add information about findings you want to suppress to suppression files. See Suppressing Findings in the GUI and Suppressing the Reporting of Findings.
The previous XML-style format used to create suppressions in the GUI is deprecated. You can convert deprecated suppressions to the new in-file format at IDE startup. See Migrating suppressions.
Releasing Network License in the IDE
You can now optimize license token distribution by deactivating your network license when you are not actively using dotTEST in your IDE. This releases your license token so that it is available for another user. You can either manually deactivate your license or configure dotTEST to automatically release your license token when idle. See Setting the Parasoft License.
New and Updated Test Configurations
We've added the following test configurations:
- CWE 4.2
- CWE Top 25 2020
- CWE Top 25 + On the Cusp 2020
We've updated the following test configurations:
- OWASP Top 10 2017
- PCI DSS 3.2
- UL 2900
Removed Test Configurations
We've removed the following legacy test configurations for executing MSTest and NUnit tests:
Execute MSTests
Execute MSTests with Coverage
- Run NUnit Tests
- Run NUnit Tests with Coverage
You can execute MSTest and NUnit tests with the VSTest test configurations. See Unit Testing Overview and Running Unit Tests.
We've removed the outdated test configurations for CWE compliance:
- CWE 4.0
- CWE Top 25 2019
- CWE Top 25 + On the Cusp 2019
New and Updated Static Analysis Rules
We've added the following rules:
| Rule ID | Header |
|---|---|
| PB.AIOAC | Avoid possible integer overflow in assignment and comparison expressions |
| SEC.SDE | Avoid inclusion of sensitive data in exception |
| SEC.RSAKS | Use RSA keys of 2048 bits or longer |
| SEC.VLT | Validate shortcut target paths before use |
| SEC.WEB.AXSSE | Enable anti-XSS protection in Web.config files |
| SEC.WEB.CSP | Enable Content Security Policy in Web.config files |
| SEC.WEB.UHCF | Avoid instantiating the HttpClient class by creating a HttpClient object |
We've updated the following rules:
- BD.PB.VOVR
- BD.SECURITY.TDXSS
- BRM.MLL
- OPU.CPNEQ
The output messages of the following rules have been updated, and as a result, suppressions associated with these rules on DTP may no longer be available:
- SEC.ALSI
Other Enhancements
- You can now store dotTEST configuration settings in the user home directory or in your working directory.
- You can now configure a test configuration to send advanced metadata to DTP to allow DTP to more accurately classify violations. See Creating Custom Test Configurations.
- We've limited the number of Visual C++ Redistribution Packages required to perform analysis and testing with dotTEST. See Requirements.
- You can limit the scope of test execution based on issue tracking tag associations made in the code. See Running Unit Tests.
- The coverage report has been enhanced to reduce its size and optimize performance. See report.coverage.version.
- We've added support for solution properties used at the project level.
Removed Support for Environments
Removed Support for Platforms
dotTEST no longer supports 32-bit operating systems.
Removed Support for Control Management Systems
Support for the following SCMs is removed:
- AccuRev
- ClearCase
- CVS
- Serena Dimensions
- StarTeam
- Synergy CM
- Visual Source Safe
Resolved Bugs and FRs
| Bug/FR ID | Description |
|---|---|
| DT-11202 | OPU.CPNEQ false positive |
| DT-15542 | dotTEST cannot parse projects properly if they use variables defined at solution level |
| DT-15789 | Drop oldest dependencies on C++ redistributable packages |
| DT-15838 | dotTEST does not report all the violations on machine named with Chinese characters |
| DT-16026 | Garbled Japanese output in dotTEST VSCode extension |
| DT-16047 | dotTEST displays rule documents in English in VSCode using Japanese localization |
| XT-37872 | Parasoft Findings Jenkins Plugin rule documentation unreadable due to incorrect formatting |
| XT-38203 | Exception thrown when loading IDE license token |
