In this release, we've focused on extending Jtest's unit testing capabilities and enhancing our security compliance solution.
Support for IDEs
We've added support for the following IDEs:
- Eclipse 2019-06 (4.12)
- Eclipse 2019-09 (4.13)
Enhanced Unit Testing
Support for JUnit 5
Jtest now ships with support for JUnit 5. You can execute JUnit 5 tests and collect coverage information on the desktop and in the command line. In addition, desktop users can create and enhance JUnit 5 tests with Unit Test Assistant, as well as perform test impact analysis in Eclipse or IntelliJ IDEA.
We've added the JUnit 5 Best Practices test configuration to help you handle projects that include both JUnit 4 and JUnit 5 tests or assist you in migrating your tests from the earlier versions of the framework to JUnit 5; see Built-in Test Configurations.
Historical results associated with tests created in legacy frameworks, such as Junit 3 or JUnitParams 10.0.4, may no longer be available on DTP.
Extended Security Compliance Pack
We've added support for the latest version of Common Weaknesses Enumeration (CWE). We've added new static analysis rules and extended some existing rules to enable support for CWE 3.4, including CWE Top 25 2019 and One On the Cusp guidelines; see the New and Updated Test Configurations section below.
New and Updated Test Configurations
We've added the following test configurations:
- CWE 3.4
- CWE Top 25 2019
- CWE Top 25 + On the Cusp 2019
JUnit 4 Best Practices
JUnit 5 Best Practices
The TDD test configuration has been renamed as "TDD Best Practices".
Removed Test Configurations
- CWE 3.2
- CWE-SANS Top 25 2011
- CWE SANS Top 25 2011 + On the Cusp
- Unit Test Assistant
- Unit Testing Best Practices
- We've added the
-project.jsonpath option. If you you create your .json file manually (with the the
-project.* options), you can configure this option to customize the default name and location of the file; see Creating Custom .json Data Files.
- We've changed the structure of coverage data files to enhance the mechanism of matching static and dynamic coverage. In consequence, Jtest no longer allows you to analyze coverage data files that were generated with earlier Jtest versions. To collect and merge coverage data, ensure that all Jtest instances thought your infrastructure have the same version.
license.network.enabled option has been renamed as
license.network.use.specified.server; see Setting the License.
- We've optimized memory usage to increase performance.
New and Updated Static Analysis Rules
The following rules have been added:
|BD.SECURITY.TDCODE||Validate potentially tainted data before it is used in methods that generate code|
|BD.SECURITY.TDSESSION||Do not store untrusted data in HTTP session|
|Include a meaningful file header comment in every source file|
|Avoid using loops in JUnit tests|
Ensure that JUnit 5 test classes that use @Ignore are annotated with
@ExtendWith(IgnoreCondition.class) or @EnableJUnit4MigrationSupport
|Do not use JUnit 4 annotations when migrating tests to JUnit 5|
|Do not use the TemporaryFolder Rule in JUnit 5 tests|
|Avoid untrusted input when logging messages with Seam Logging API|
|Prevent external processes from blocking on output or error streams|
|Always specify absolute paths to execute commands|
|Validate objects before deserialization|
|Do not disable CSRF protection|
|Do not disable CSRF protection|
Ensure that methods annotated with @RequestMapping specify the HTTP request method
In addition, we've added a NOMCIM metric to calculate the number of method calls in methods.
The following static analysis rules have been updated to improve analysis results:
The severity level of the following rules has been changed:
- SECURITY.WSC.ASAPI – severity 5 has been increased to severity 3
The output messages of the following rules have been updated, and as a result, suppressions associated with these rules on DTP may no longer be available:
Resolved Bugs and FRs
|JT-70763||Request to have FORMAT.MCH rule implemented in Jtest 10.x|
|JT-70857||Document with Deprecated Rules|
|JT-71241||Review why not existing exit code 137 is beeing reported|
|JT-71244||Dependencies not found when importing as virtual folder|
|JT-71273||Empty test scope for project imported to IntelliJ with "Create separate module per source set" option|
|JT-71381||Lack of problem details in parasoft console during unsuccesfull launching pre/post analysis script|
|JT-71382||jtestcli.bat is not able to obtain license from DTP when executed via Eclipse runner|
|JT-71397||Extend FORMAT.LL rule to treat tab the same way like editor does|
|JT-71592||Error message when project.location path doesn't exist|
|JT-71830||NumberFormatException in GLOBAL.ACD rule in ACD.java|
|JT-71831||ArrayIndexOutOfBoundsException: 0 in PB.EB rule|
|UTA-3956||Test classes not created due to naming conflict|
|UTA-4459 ||Spring MVC test uses constant name instead of value.|
|UTA-4511 ||Don't mock calls to getClass or toString|
|UTA-4529 ||Recommendation instability due to dumb mode.|
|UTA-4529||Annotation values are not fully supported by UTA syntax tree.|
|UTA-4554||Performance issue with decompiling classes during test case creation.|
|XT-36609||£ character in password prevents Parasoft tool from connecting to DTP|
|XT-36611||Publishing sim-link source code using 'min' option failed|
|XT-36843||Concurrent builds which use cpptestcli do not wait for timeout when trying to pull license|
|XT-36950||Update vulnerable libraries from XML Graphics Project|
|XT-37358||100% not being displayed in reports when achieving 100% test success|