This release includes the following enhancements:
Release date: December 4, 2023
OpenAI Integration
- Parasoft dotTEST introduces seamless integration with OpenAI and Azure OpenAI, enhancing its testing capabilities. You can now utilize your OpenAI or Azure OpenAI account to generate recommended fixes for static analysis violations. This feature enables you to efficiently resolve static analysis violations.
- The Fix [rule] with Generative AI action in the IDE uses generative AI to provide analysis of a reported static analysis violation in the context of the associated code as well as an AI-generated suggested fix to resolve the violation. For details, see Generating a Suggested Fix.
To use this functionality, OpenAI must first be configured in the Parasoft Preferences. See Configuring OpenAI Settings.
Support for .NET 8
Support for .NET 8 has been added. See Supported Frameworks.
Support for C# 12
dotTEST can now analyze code written in C# 12.
Code Coverage Enhancements
- Test impact analysis workflows now support using a baseline report where metadata about lines of code that can be covered was collected during the build process. Previously, test impact analysis workflows only supported using a baseline report where this metadata was collected by scanning application binaries.
- The dottestcov application can now be run on .NET Framework 4.7.2 (in addition to .NET 6 runtime).
Enhanced Static Analysis
- The RuleWizard engine has been modernized to run on Roslyn infrastructure enabling support for .NET 8 and CQA.
- The accuracy of the following Rule Wizard rules has been improved as they are now executed via Roslyn infrastructure:
- APSC_DV.001460.IIDC
- APSC_DV.001460.UIS
- CS.IFD.DNPTHIS
- CS.OOM.CAST2CONCRETE
- CS.SERIAL.IIDC
- CS.SERIAL.UIS
- CS.SMC
- CS.TRS.LOCKSETGET
- CWE.502.IIDC
- CWE.502.UIS
- OWASP_ASVS_403.V1_5_2.IIDC
- OWASP_ASVS_403.V1_5_2.UIS
- OWASP_ASVS_403.V5_5_1.IIDC
- OWASP_ASVS_403.V5_5_1.UIS
- OWASP2017.A8.IIDC
- OWASP2017.A8.UIS
- OWASP2021.A8.IIDC
- OWASP2021.A8.UIS
- SEC.AUSD
New and Updated Test Configurations
The Security Compliance Pack has been extended by adding support for the following test configurations:
- CWE 4.13
- CWE Top 25 2023
- CWE Top 25 + On the Cusp 2023
- OWASP API Security Top 10-2023
The following test configurations have been updated:
- CWE Top 25 + On the Cusp 2022
- DISA-ASD-STIG
- HIPAA
- OWASP ASVS 4.0.3
- UL 2900
The following test configurations have been removed:
- CWE 4.10
- CWE Top 25 + On the Cusp 2021
- CWE Top 25 2021
Updated Static Analysis Rules
The following rules have been updated:
Rule ID | Updates |
|---|---|
| CS.SERIAL.IIDC | Added support for .NET and CQA. |
| CS.SERIAL.UIS | The performance of the rule has been improved. Added support for many serialization methods. Added support for .NET and CQA. The placement of existing violations may change to become more accurate. |
| SEC.WEB.UAA | Added support to allow reporting violations on derived attributes. |
Updated Flow Analysis Rules
The following rule has been updated:
Rule ID | Updates |
|---|---|
| BD.PB.ARRAY | Fixed false negatives. |
| BD.PB.VOVR | Added a parameter to allow reporting on unused values assigned to function parameters. Added a parameter to allow reporting on unused and overwritten initial values of function parameters. |
Additional Updates
- You can now configure dotTEST so that it runs in a FIPS-compliant mode. See Configuring FIPS Mode.
- The support for analyzing Razor/Blazor projects in Parasoft Plugin has been improved.
- The shipped JRE has been upgraded to version 11.0.20.1+1.
- Visual Studio Code users can now configure the mapping of dotTEST severity levels (1-5) to VS Code severity levels (Error/Warning/Information/Hint) and filter the violations inside VS Code based on dotTEST severities using a text pattern.
- It is now possible to suppress a finding in the next line. See Next Line Suppression.
Resolved Bugs and FRs
Bug/FR ID | Description |
|---|---|
| DT-12932 | User should see warnings for dependencies missing from project scope |
| DT-17632 | CS.NG.VAR.PNCFV - reports violation on local function |
| DT-18774 | No violation on razor file: rules CS.PB.DEFSWITCH, BD.EXCEPT.NR |
| DT-20571 | An error occurs when performing static analysis in Visual Studio 2022(17.2.4) |
| DT-20732 | Report.xml is not generated and Source Control service is unavailable |
| DT-20911 | The issue with rule CS.SEC.WEB.UAA and authorization attribute |
| DT-21320 | SymbolsParser exception on specific syntax |
| FA-9478 | BD.PB.CC false positive on comparing nullable value type object with primitive value |
| FA-9552 | BD.PB.ARRAY - potential false negative |
| XT-41333 | Empty file in report is marked as not checked but was tested |
| XT-41729 | Incorrectly generated PDF reports from CLI in Japanese env |
Deprecated Rules
Deprecated Rule | Suggested Rule |
|---|---|
| BD.PB.POVR | BD.PB.VOVR |
| CLS.ACNM | N/A |
| CLS.ARRD | N/A |
| CLS.ENFI | N/A |
| CLS.EVOL | N/A |
| CLS.EVTY | N/A |
| CLS.FIOL | N/A |
| CLS.GLBL | N/A |
| CLS.IDUN | N/A |
| CLS.MTV | N/A |
| CLS.PROL | N/A |
| CLS.UPN | N/A |
| CLS.UTN | N/A |
| PB.BOXING | N/A |
| SEC.MSCPV | N/A |
