This release includes the following enhancements:
Release date: 4 November, 2024
Support for Additional LLM Providers
The LLM integration support in Jtest has been expanded beyond OpenAI and Azure OpenAI to include any LLM provider with a chat completions endpoint compatible with the OpenAI REST API. This allows users enhanced privacy by integrating with locally deployed models instead of cloud-based models. See LLM Integration for more information.
AI Integration Enhancements
- You can now apply AI-recommended fixes directly to your code, with a difference editor that allows you to review the changes and either apply the fix in full or select a part of it to apply. See Improving Tests with AI, Generating a Suggested Fix and Working with Recommendations.
- A new feature has been added which allows AI to improve unit tests generated by the Unit Test Assistant (UTA). UTA may create a limited number of failing tests that provide some coverage even though they fail. With this new option, UTA uses LLM integration to update the failing tests to make them pass. See Use AI to fix failing generated tests.
- AI quick fixes are now added to assertion and exception recommendations for failing unit tests. The Fix with AI action link provides a suggestion on how to fix the test along with the ability to apply the fix directly to the test.
- Visual Studio Code plugin now supports AI-generated fixes to resolve static analysis violations. See Generating a Suggested Fix.
Unit Test Creation Enhancements
- Unit test creation analyzes a broader set of classes when creating tests, resulting in better initialized and constructed tests.
- When static method and constructor mocking is enabled, all required static mocks are now created by default during unit test creation, with the ability to configure exclusions. (Previously, users had to manually specify entities for static mock creation.) Mocking settings can be fine-tuned in the UTA Preferences. See Configuring Mocking Options.
- The default value for numbers in generated tests that are not required to be a specific value has been changed from 0 to 1.
Unit Test Recommendation Enhancements
- Added a new recommendation for identifying potential setup problems when multiple tests fail with the same exception or for similar reasons. This helps diagnose the root cause of recurring failures reported when running a set of tests. See Potential Setup Problems.
- A new action is available for static mocking recommendations that allows you to exclude specific patterns from mocking. For details, see Mocking Static Methods.
Live Static Analysis and Live Unit Testing
You can continuously monitor code quality and changes through Live Static Analysis and Live Unit Testing.
- The Live Static Analysis functionality allows you to automatically analyze your code in the background as you make changes to your code. Jtest will notify you when the code you are working on does not comply with your development policy; see Live Static Analysis.
- The Live Unit Testing functionality continuously discovers and executes impacted tests as you make changes to your code. You will be alerted about test failures related to your changes; see Live Unit Testing.
Code Coverage Enhancements
- Improved memory efficiency when processing application coverage.
- By default, coverage is not collected for test classes in the IDE (this can be changed in the settings; see Including Tests in Coverage Scope).
In-File Suppressions Enhancements
- Added the ability to easily customize the location of suppression files in both the CLI and IDE.
- Enhancements to suppression definitions:
- You can now use a file path containing wildcards for the file attribute.
- You can now specify a rule category, optionally with a severity suffix, for the rule-id attribute.
For details, see Defining Suppressions in Suppression Files.
Security Compliance Pack Enhancements
- Support for CWE version 4.15 has been added and some configurations have been updated. See the New and Updated Test Configurations section below.
- The CERT for Java and CERT for Java Guidelines test configurations have been extended with several new rules. See the New and Updated Test Configurations and New and Updated Static Analysis Rules sections below.
New and Updated Test Configurations
The Security Compliance Pack has been extended by adding support for the following test configuration:
- CWE 4.15
The following test configurations have been updated:
- CERT for Java
- CERT for Java Guidelines
- CWE Top 25 2023
- CWE Top 25 + On the Cusp 2023
- Recommended Rules
- UL 2900
The following test configuration has been removed:
- CWE 4.14
New and Updated Static Analysis Rules
The following rules have been added:
| Rule ID | Header |
|---|---|
| CODSTA.EPC.DNURT | Do not use raw types. |
| CODSTA.NTX | Removed usage of deprecated parser API. |
| CODSTA.ORG.EASE | Expressions used in assertions must not produce side effects. |
| PB.RE.COLNULL | Return empty arrays and collections instead of null. |
| PB.USC.NASSIGIO | Ensure the return values of specified file I/O methods are used. |
| PB.USC.NSIF | Do not place a semicolon immediately after an if, for, or while condition. |
| SECURITY.WSC.ASNF | Avoid implicit file creation when a String is passed as an argument. |
| SECURITY.WSC.CFAP | Create files with appropriate access permissions. |
| TRS.SGAS | Use the synchronized keyword on both the getter and setter methods, or on neither. |
The following rules have been updated:
Rule ID | Updates |
|---|---|
| CODSTA.NTX | Removed usage of deprecated parser API. |
| EJB.CPIM | Removed usage of deprecated parser API. |
| EXCEPT.NFE | Removed usage of deprecated parser API. |
| FORMAT.IND | Removed usage of deprecated parser API. |
| GLOBAL.AUT | Removed usage of deprecated parser API. |
| INTER.SEO | Improved support for Java 11 and higher. |
| PB.API.CMMT | Extended the list of verified methods. |
| PB.USC.AES | Improved accuracy. |
| SECURITY.WSC.DSER | Added a parameter allowing the validation of abstract classes. |
| SECURITY.WSC.SER | Added a parameter allowing the validation of abstract classes. |
| PROPS.PLAIN | Improved accuracy. |
| UC.ARTD | Removed usage of deprecated parser API. |
| UC.PM | Added a parameter to ignore the readObject and writeObject methods, regardless of Serializable interface implementation. |
Support for IDEs
The following IDEs are now supported:
- Eclipse 2024-06 (4.32)
- Eclipse 2024-09 (4.33)
- IntelliJ 2024.2
Additional Updates
- Support for Lombok 1.18.34 has been added.
- Support for Git versions up to 2.46 has been added.
- Support for running Jtest with Java 21 has been added.
- A new DTP Details profile has been added to the Findings View, allowing you to display additional metadata (including AI-generated metadata) for violations imported from DTP in the Findings view.
- The includeTestSources command line option has been added to the Jtest Maven and Gradle plugins. This option makes it possible to include test source code in the analysis. For details, see Modifying the Scope with the jtest.includeTestSources Option. The excludeTestSources plugin option has been removed for Maven and Gradle plugins.
- Unit Test Assistant settings are now supported within shared properties files. See Exporting and Importing Settings.
- You can now configure system proxy settings for Jtest via the command line. See How can I work with Jtest via proxy?.
AI recommendations for unsupported rules (Metrics and Code Duplicates) are now disabled.
Resolved Bugs and FRs
Bug/FR ID | Description |
|---|---|
| FA-9934 | Improve recipes containing conditions "foo() throw E" to be better resolvable by the generation engine |
| JT-76414 | UL 2900 inbuilt ruleset clarification - SECURITY.WSC.SER |
| JT-76534 | Fixing CWE SER violation leads to multiple other CWE violations |
| JT-76607 | The analysis scope is different between 2024.1 and 2023.1 |
| JT-76619 | Compilation errors in static analysis |
| JT-76843 | Rules SECURITY.WSC.DSER, SECURITY.WSC.SER reports false negative on abstract class and interface |
| UTA-7944 | java.lang.Throwable: AWT events are not allowed inside write action in IntelliJ |
