Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space ENGINES1031 and version 10.4.1

...

Test configurations define how your code is analyzed and tested, including which static analysis rules are enabled, which tests to run, and other analysis parameters.C/C++test ships with built-in test configurations, but users can create and store their own test configurations in the DTP server . You can access the DTP server via the DTP plug-in. If you have administrator-level access in DTP Report Center, you can also create test configurations directly in DTP (administration> Engines> Test Configurations). (see the DTP documentation for details).

User-defined test configurations that are stored in DTP can be downloaded from the DTP server and stored in the [INSTALL_DIR]/configs/user directory as *.properties files. 

...

Use the -listconfigs switch to print the available test configurations. 

Anchor
Built-in Test Configurations
Built-in Test Configurations

Built-in Test Configurations


The following tables include the test configurations shipped in the [INSTALL]/configs/builtin directory.

...

Built-in Test ConfigurationDescription
Effective C++Checks rules from Scott Meyers’ "Effective C++" book. These rules check the efficiency of C++ programs.
Effective STLChecks rules from Scott Meyers’ "Effective STL" book.
Find Duplicated CodeApplies static code analysis rules that report duplicate code. Duplicate code may indicate poor application design and lead to maintainability issues.
Find Unused CodeIncludes rules for identifying unused/dead code.
Flow Analysis StandardDetects complex runtime errors without requiring test cases or application execution. Defects detected include using uninitialized or invalid memory, null pointer dereferencing, array and buffer overflows, division by zero, memory and resource leaks, and dead code. This requires a special Flow Analysis license option.
Flow Analysis AggressiveIncludes rules for deep flow analysis of code. A significant amount of time may be required to run this configuration.
Flow Analysis FastIncludes rules for shallow depth of flow analysis, which limits the number of potentially acceptable defects from being reported.
Global AnalysisChecks the Global Static Analysis rules.
Metrics

Computes values for  several code metrics.

Modern C++ (11, 14 and 17)Checks rules that enforce best practices for modern C++ standards (C++11, C++14, C++17).
Parasoft’s Recommended Rules

The default configuration of recommended rules

(deprecated)

.

Recommended Rules

The default configuration of recommended rules. Covers most Severity 1 and Severity 2 rules. Includes rules in the Flow Analysis Fast configuration.

Sutter-AlexandrescuChecks rules based on the book "C++ Coding Standards," by Herb Sutter and Andrei Alexandrescu.
The Power of TenChecks rules based on Gerard J. Holzmann’s article "The Power of Ten - Rules for Developing Safety Critical Code."
http://spinroot.com/gerard/pdf/Power_of_Ten.pdf

Anchor
Compliance Packs
Compliance Packs
Compliance Packs

Compliance Packs include test configurations tailored for particular compliance domains to help you enforce industry-specific compliance standards and practices.

Info
iconfalse
titleDisplaying compliance results on DTP

Some test configurations in this category have a corresponding "Compliance" extension on DTP, which allows you to view your security compliance status, generate compliance reports, and monitor the progress towards your security compliance goals.  These test configurations require dedicated license features to be activated. Contact Parasoft Support for more details on Compliance Packs licensing.

See the "Extensions for DTP" section in the DTP documentation for the list of available extensions, requirements, and usage.

Aerospace Pack

Scroll Table Layout
widths35%,65%

...

Built-in Test ConfigurationDescription
AUTOSAR C++14 Coding Guidelines

Checks rules that enforce the AUTOSAR C++ Coding Guidelines (Adaptive Platform, version 17-10).

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP. It requires dedicated license features to be activated. Contact your Parasoft representative for details.

HIS Source Code MetricsChecks metrics required by the Herstellerinitiative Software (HIS) group.
High Integrity C++Checks rules that enforce the High Integrity C++ Coding Standard.
MISRA C 1998Checks rules that enforce the MISRA C coding standards
MISRA C [ 2004, 2012]Checks rules that enforce the MISRA C 2004 or 2012 coding standards.coding standard.
MISRA C 2012

Checks rules that enforce the MISRA C 2012 coding standard.

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP. It requires dedicated license features to be activated. Contact your Parasoft representative for details.

MISRA C++ 2008Checks rules that enforce the MISRA C++ 2008 coding standards.

...

Built-in Test ConfigurationDescription

CWE-SANS Top 25 Most Dangerous Programming Errors

Includes rules that find issues classified as Top 25 Most Dangerous Programming Errors of the CWE-SANS standard.


OWASP Top 10 2017Includes rules that find issues identified in OWASP’s Top 10 standard
Payment Card Industry Data Security Standard

Includes rules that find issues identified in PCI Data Security Standard

SEI CERT C GuidelinesChecks rules and recommendations for the SEI CERT C Coding Standard. This standard provides guidelines for secure coding. The goal is to facilitate the development of safe, reliable, and secure systems by, for example, eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities.
SEI CERT C Rules

Checks rules for the SEI CERT C Coding Standard. This standard provides guidelines for secure coding. The goal is to facilitate the development of safe, reliable, and secure systems by, for example, eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities.

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP. It requires dedicated license features to be activated. Contact your Parasoft representative for details.

SEI CERT C++ Rules

Checks rules for the SEI CERT C++ Coding Standard. This standard provides guidelines for secure coding. The goal is to facilitate the development of safe, reliable, and secure systems by, for example, eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities.

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP. It requires dedicated license features to be activated. Contact your Parasoft representative for details.

Security RulesGeneral test configuration that finds security issues
UL 2900Includes rules that find issues identified in the UL-2900 standard.

...