Release date: October 16, 2020

Enhanced Static Analysis

We've extended dotTEST's static analysis capabilities with new features to help you focus on the most expedient tasks.

New Scoping Options to Target Modified Code on the Current Branch

We've added new options to create file filters that restrict the scope of analysis to files modified on your current working branch. This allows you to focus on identifying and fixing bugs introduced by your recent code changes before the code is merged with the main development stream.

In addition, you can narrow down the scope to locally modified files so that you can analyze the code you updated before checking it into source control.

See Defining File Filters Based on Source Control Data and Creating Custom Test Configurations.

New Report Reference Options for Defining the Code Analysis Baseline

You can now specify a path or URL to a reference report file that will be used as a baseline when performing analysis with dotTEST. This allows you to exclude previously reported findings from the current report in order to focus on the most recently detected code defects. Configuring Reporting Options.

Extended Security Compliance Pack

We've added support for the newly updated Common Weakness Enumeration (CWE). In addition, we've extended the OWASP Top 10 2017, PCI DSS 3.2​, and UL 2900 test configurations with new rules to help you achieve better compliance with the security standards. See the New and Updated Test Configurations section below.

New Suppression Format

You can now create suppressions for static analysis findings in parasoft.suppress files, which can be stored in source control along with your source files. You can create in-file suppressions in the dotTEST GUI or manually add information about findings you want to suppress to suppression files. See Suppressing Findings in the GUI and Suppressing the Reporting of Findings.

The previous XML-style format used to create suppressions in the GUI is deprecated. You can convert deprecated suppressions to the new in-file format at IDE startup. See Migrating suppressions.

Releasing Network License in the IDE

You can now optimize license token distribution by deactivating your network license when you are not actively using dotTEST in your IDE. This releases your license token so that it is available for another user. You can either manually deactivate your license or configure dotTEST to automatically release your license token when idle. See Setting the Parasoft License.

New and Updated Test Configurations

We've added the following test configurations:

  • CWE 4.2
  • CWE Top 25 2020
  • CWE Top 25 + On the Cusp 2020

We've updated the following test configurations:

  • OWASP Top 10 2017
  • PCI DSS 3.2​​
  • UL 2900

Removed Test Configurations

We've removed the following legacy test configurations for executing MSTest and NUnit tests:

  • Execute MSTests

  • Execute MSTests with Coverage

  • Run NUnit Tests
  • Run NUnit Tests with Coverage

You can execute MSTest and NUnit tests with the VSTest test configurations. See Unit Testing Overview and Running Unit Tests.

We've removed the outdated test configurations for CWE compliance:

  • CWE 4.0
  • CWE Top 25 2019
  • CWE Top 25 + On the Cusp 2019

New and Updated Static Analysis Rules

We've added the following rules:

Rule IDHeader
PB.AIOACAvoid possible integer overflow in assignment and comparison expressions
SEC.SDEAvoid inclusion of sensitive data in exception
SEC.RSAKSUse RSA keys of 2048 bits or longer
​​SEC.VLTValidate shortcut target paths before use
SEC.WEB.AXSSEEnable anti-XSS protection in Web.config files
SEC.WEB.CSPEnable Content Security Policy in Web.config files
SEC.WEB.UHCFAvoid instantiating the HttpClient class by creating a HttpClient object​

We've updated the following rules:

  • BD.PB.VOVR
  • BD.SECURITY.TDXSS
  • BRM.MLL
  • OPU.CPNEQ

The output messages of the following rules have been updated, and as a result, suppressions associated with these rules on DTP may no longer be available:

  • SEC.ALSI

Other Enhancements

  • You can now store dotTEST configuration settings in the user home directory or in your working directory.
  • You can now configure a test configuration to send advanced metadata to DTP to allow DTP to more accurately classify violations. See Creating Custom Test Configurations.
  • We've limited the number of Visual C++ Redistribution Packages required to perform analysis and testing with dotTEST. See Requirements.
  • You can limit the scope of test execution based on issue tracking tag associations made in the code. See Running Unit Tests.
  • The coverage report has been enhanced to reduce its size and optimize performance. See report.coverage.version.
  • We've added support for solution properties used at the project level.

Removed Support for Environments

Removed Support for Platforms

dotTEST no longer supports 32-bit operating systems.

Removed  Support for Control Management Systems

Support for the following SCMs is removed:

  • AccuRev
  • ClearCase
  • CVS
  • Serena Dimensions
  • StarTeam
  • Synergy CM
  • Visual Source Safe

Resolved Bugs and FRs

Bug/FR IDDescription
DT-11202OPU.CPNEQ false positive
DT-15542dotTEST cannot parse projects properly if they use variables defined at solution level
DT-15789Drop oldest dependencies on C++ redistributable packages
DT-15838dotTEST does not report all the violations on machine named with Chinese characters
DT-16026Garbled Japanese output in dotTEST VSCode extension
DT-16047dotTEST displays rule documents in English in VSCode using Japanese localization
XT-37872Parasoft Findings Jenkins Plugin rule documentation unreadable due to incorrect formatting
XT-38203Exception thrown when loading IDE license token

  • No labels