In this release, we've focused on extending support for environments, increasing performance, and enhancing our security compliance solution.
Support for Environments
We've added support for:
- Visual Studio 2019
- .NET Framework 4.8
Extended Security Compliance Pack
We've added support for the latest version of Common Weaknesses Enumeration (CWE). We've added new static analysis rules and extended some existing rules to enable support for CWE 3.4, including CWE Top 25 2019 and On the Cusp guidelines; see the New and Updated Test Configurations section below.
Enhanced Static Analysis
- We've optimized static analysis to effectively reduce analysis times.
- We've enhanced static analysis in the IDE to make it faster and more efficient. We've dramatically increased performance in the CQA mode and extended the set of CQA-supported rules; see CQA Supported Rules.
- We've extended flow analysis with an option to separately analyze individual project in a solution to reduce memory usage; see Analyzing Solutions with Multiple Projects.
- We've added a NOMCIM metric to calculate the number of method calls in methods.
- We've added new and improved existing static analysis rules to extend dotTEST's testing capabilities; see the New and Updated Static Analysis Rules section below for details.
New and Updated Test Configurations
We've added the following test configurations:
- Check Code Compatibility against .NET 4.7.1
- Check Code Compatibility against .NET 4.7.2
- Check Code Compatibility against .NET 4.8
- CWE 3.4
- CWE Top 25 2019
- CWE Top 25 + On the Cusp 2019
The following test configurations have been updated to improve analysis results or enhance support for security standards:
- OWASP Top 10-2017
- PCI DSS 3.2
- UL 2900
Removed Test Configurations
- CWE 3.2
- CWE-SANS Top 25 2011
- CWE SANS Top 25 2011 + On the Cusp
Other Improvements
- We've extended the set of exit codes to help you diagnose and handle errors when using dotTEST in the command line; see Command Line Exit Codes.
- The
license.network.enabledoption has been renamed aslicense.network.use.specified.server; see Setting the License.
New and Updated Static Analysis Rules
The following rules have been added:
| Rule ID | Header |
|---|---|
| CS.BRM.SCHR | Avoid using the Strings.Chr() and Strings.ChrW() methods in C# code |
| PB.ACDE | Avoid calling the Application.DoEvents() method |
| SEC.WEB.DNICV | Do not disable SSL certificate validation |
The following static analysis rules have been updated to improve analysis results:
- BD.PB.EVIPT
- BD.SECURITY.TDSQLC
- CS.PB.ANIL
- NG.PRN.APNCTN
- OPU.CPTEQ
- PB.CFF
The output messages of the following rules have been updated, and as a result, suppressions associated with these rules on DTP may no longer be available:
- PB.CFF
Resolved Bugs and FRs
| Bug/FR ID | Description |
|---|---|
| DT-10960 | Possible false positive of CS.PB.ANIL |
| DT-10963 | CS.PB.ANIL potential false positive |
| DT-11644 | Missing uninstaller application after dotTEST is reinstalled |
| DT-13754 | Empty user rule map path after plugin installation |
| FA-7470 | No resource for translation of BD.SECURITY.TDRFL violation message |
| FA-7474 | Flow Analysis does not report violation on WebSite project |
| XT-36609 | £ character in password prevents Parasoft tool from connecting to DTP |
| XT-36611 | Publishing sim-link source code using 'min' option failed |
| XT-36843 | Concurrent builds which use cpptestcli do not wait for timeout when trying to pull license |
| XT-36950 | Update vulnerable libraries from XML Graphics Project |
| XT-37358 | 100% not being displayed in reports when achieving 100% test success |