Page tree

Skip to end of metadata
Go to start of metadata

In this release, we've focused on improvements to our security compliance solution and enhancements to Unit Test Assistant.

Extended Support for Java

We've added support for Java 11.

Extended Support for IDEs and Build Systems

We've added support for:

  • Eclipse 4.9, 4.10, and 4.11
  • IntelliJ 2018.3 and 2019.1
  • Maven 3.6.0

Support for Platforms

We've added support for:

  • Windows Server 2019

The following operating systems are no longer supported:

  • Windows 8
  • Windows Server 2008

Security Compliance Pack

In this release, we've introduced the Security Compliance Pack to give you instant access to test configurations that help you enforce compliance with security standards and practices. The Security Compliance Pack includes the following test configurations:

  • CERT for Java
  • CWE 3.2
  • CWE SANS Top 25 2011
  • CWE SANS Top 25 2011+On the Cusp
  • OWASP Top 10-2017
  • PCI DSS 3.2
  • UL 2900

See Built-in Test Configurations: Security Compliance Pack for details.

(info) Security Compliance Pack requires dedicated license features to be activated. Contact Parasoft Support for more details on licensing.

Unit Test Assistant Enhancements

In this release, we've enhanced the test creation process and improved the recommendations that appear after test execution.

New and Improved Recommendations

  • We've added the NullPointerException Thrown recommendation type to help you prevent NullPointerException from being thrown; see NullPointerException Thrown.
  • We've enhanced Exceptions and assertion errors recommendations to include action links that help you handle exceptions and automatically update your test code; see Exceptions and Assertion Errors.
  • We've extended Uncovered code recommendations to be displayed for exception catch blocks that are not covered by any tests; see Uncovered Code.

Enhanced Unit Test Creation

You can now:

We've also improved the deep initialization mode to automatically initialize inaccessible fields and fields in parent classes when the tests are created.

Test Impact Analysis Improvements

  • Information about correlations between tests and code now persists between restarts of the IDE.
  • You can now use the context menu in the Impacted Unit Tests view to navigate to the test code and run selected tests.

See Test Impact Analysis for details.

New and Updated Test Configurations

We've added the following test configurations:

  • CWE 3.2
  • CWE SANS Top 25 2011+On the Cusp
  • CWE SANS Top 25 2011
  • OWASP Top 10-2017
  • PCI DSS 3.2
  • UL 2900

The following test configuration has been moved from the Static Analysis category to the Security Compliance Pack category (see Security Compliance Pack):

  • CERT for Java

The following test configurations have been updated to improve analysis results:

  • Demo Configuration
  • Flow Analysis Aggressive

See Built-in Test Configurations for the list of test configurations shipped with Jtest.

Deprecated Test Configurations

  • CWE-SANS Top 25 2011 – deprecated and replaced with the new CWE SANS Top 25 2011 test configuraion
  • PCI Data Security Standard – deprecated and replaced with the new PCI DSS 3.2 test configuration.

  • UL 2900 – deprecated and replaced with the new UL 2900 test configuration that includes CWE SANS Top 25 2011 on the Cusp and OWASP Top 10 2017 rules.
  • OWASP Top 10 2017 – deprecated and replaced with the new OWASP Top 10-2017

The deprecated test configurations are not available by default and can only be applied as user-defined test configuration. They are now shipped with Jtest in the following location: [INSTALL_DIR]\configs\Deprecated.

New Static Analysis Rules

We've added the following static analysis rules:

Rule ID

Header

BD.PB.CHECKRET

Consistently check the returned value of non-void functions

BD.PB.INTOVERF

Avoid integer overflows

BD.SECURITY.TDPASSWD

Protect against using unprotected credentials

CODSTA.ORG.TODOJAVA

Ensure that comments do not contain task tags

CODSTA.ORG.TODOPROP

Ensure that comments do not contain task tags

CODSTA.ORG.TODOXML

Ensure that comments do not contain task tags

SECURITY.IBA.AUXD

Avoid parsing untrusted data with XMLDecoder

SECURITY.IBA.DXXE

Disable XML external entity injection

SECURITY.IBA.RUIM

Ensure proper session expiration

SECURITY.IBA.SC

Disable LDAP deserialization

SECURITY.UEC.STTL

Ensure that sessions are configured to time out in 'web.xml' files

SECURITY.WSC.ACMD

Avoid using custom MessageDigest implementations

SECURITY.WSC.AISSAJAVA

Avoid using insecure cryptographic algorithms for data encryption with Spring

SECURITY.WSC.AISSAXML

Avoid using insecure cryptographic algorithms in Spring XML configurations

SECURITY.WSC.AUNC

Avoid using the javax.crypto.NullCipher class in non-test classes

SECURITY.WSC.DMDS

Avoid using the DriverManagerDataSource class in production code

SECURITY.WSC.EWSSEC

Avoid debug information from Spring Security framework to logs

SECURITY.WSC.HGRSI

Avoid using the 'getRequestedSessionId' method from the 'HttpServletRequest' class

SECURITY.WSC.HV

Ensure the HostnameVerifier.verify() method validates the certificate

SECURITY.WSC.MCMDU

MessageDigest objects must process the data with the 'update' method

SECURITY.WSC.MDSALT

Use hash functions with a salt

SECURITY.WSC.PBFA

Ensure sufficient protection against multiple failed authentication attempts

SECURITY.WSC.SCHTTP

Mark cookies as HttpOnly

SECURITY.WSC.SIKG

Initialize KeyGenerator instances

SECURITY.WSC.VSI

Properly validate server identity

Updated Static Analysis Rules

The output messages of the following rules have been updated, and as a result, suppressions associated with these rules on DTP may no longer be available:

  • PB.IKICO
  • PB.NUM.UBD
  • SECURITY.ESD.SIO
  • SECURITY.UEHL.LGE
  • SECURITY.WSC.ICA
  • SERIAL.RWAF
  • SECURITY.WSC.UOSC
  • PB.API.MASP

Resolved Bugs and FRs

Bug/FR ID

Description

JT-49237json test and resource paths does not exist
JT-70472'Flow Analysis Aggressive' test configuration unable to be edited when duplicated locally
JT-70473PB.NUM.UBD considers only float or double variables
JT-70475PB.IKICO false positive
JT-70584jtest-monitor goal is failing to generate coverage.xml file on the attached project
JT-70618Not able to collect Application Coverage on the prospect's project

JT-70653

The type Spring Security appear after jtest run in html report

JT-70653

The type Spring Security appear after jtest run in html report
JT-70817Import javafx.application cannot be resolved during analysis from CLI
JT-70827Providing . as an argument for project.location parameter does not work as expected

UTA-3675

Mocking recommendation when using Mockito annotations.

UTA-4019

Method not mocked for parameterized Spring test

XT-36321

Empty PDF report created in various versions of IntelliJ.

XT-36478

Unable to obtain license for Jtest run from IntelliJ IDE.

XT-36549

Can user name set inside the IDE override system user?

XT-36671

JUnit view is garbled when executing impact test in Eclipse.

XT-36705

Change based testing doesn't work in Japanese locale.

UTA-3675

Mocking recommendation when using Mockito annotations.

UTA-4019

Method not mocked for parameterized Spring test

  • No labels