Release date: April 15, 2020
In this release, we've focused on extending support for environments and frameworks, as well as enhancing our security compliance solution.
Support for Visual Studio Code
You can now leverage dotTEST's static analysis capabilities in Visual Studio Code IDE. dotTEST ships with an extension for Visual Studio Code, which allows you to run static code analysis, review the results directly in the IDE, suppress unwanted findings, and more. See Extension for Visual Studio Code for details.
Support for Source Control Management Systems
We've added support for:
- Git 1.8, 1.9, 2.x
- SVN 1.10, 1.11, 1.12, 1.13
- Microsoft Team Foundation Server 2017, 2018, 2019
See Deprecated Support for Environments and Systems for information about deprecated and removed support for source control management systems.
Extended Support for C#
We've added support for features and enhancements of C# 8.0.
Extended Support for .NET Core
- You can now analyze projects developed in .NET Core 3.1.
- dotTEST now supports the portable format of PDB files when collecting coverage for .NET Core projects.
Extended Security Compliance Pack
The Security Pack now supports CWE 4.0. In addition, we've enhanced support for CWE Top 25 2019 and On the Cusp guidelines by adding new rules and updating the existing test configurations. See New and Updated Test Configurations below for details.
New Versioning Convention
All Parasoft products, including dotTEST, now follow a new versioning scheme: YYYY.release.
New and Updated Test Configurations
We've added a new test configuration to help you detect weaknesses identified in Common Weaknesses Enumeration (CWE) 4.0:
- CWE 4.0
We've updated the following test configurations to extend support for security standards:
- CWE Top 25 2019
- CWE Top 25 + On the Cusp 2019
Removed Test Configurations
- CWE 3.4
New and Updated Static Analysis Rules
We've added the following rules:
| Rule ID | Header |
|---|---|
| BD.SECURITY.IDENTITY | Always revert the impersonated user to the previous identity |
| BD.SECURITY.SENSLOG | Avoid passing sensitive information to log methods |
| BD.SECURITY.TDALLOC | Validate potentially tainted data before it is used to determine the size of memory allocation |
| BD.SECURITY.TDCODE | Validate potentially tainted data before it is used in methods that generate code |
| BD.SECURITY.TDPASSWD | Protect against using unprotected credentials |
| SEC.ALSI | Avoid logging sensitive information |
| SEC.ATA | Do not use the Trace.Assert() method in production code |
| SEC.PBRTE | Always specify absolute path to execute commands |
We've updated the following rule by adding a parameter to let you customize the maximum line length:
- BRM.MLL - Keep line length within predefined parameters
Deprecated Support for Environments and Systems
Support for the following environments and systems is now deprecated and will be removed in future releases.
Windows 7
Support for Windows 7 is deprecated, following the system's EOL.
Source Control Management Systems
Support for the following SCMs is deprecated:
- AccuRev
- ClearCase
- CVS
- Serena Dimensions
- StarTeam
- Synergy CM
- Visual Source Safe
In addition, we've removed support for Microsoft Team Foundation Server 2010.
Java 6
Support for Java 6 and lower is deprecated. In consequence, support environments that require Java 6 or lower will be removed for future releases.
Resolved Bugs and FRs
| Bug/FR ID | Description |
|---|---|
| DT-12089 | Feature request to add a parameter for BRM.MLL-3 |
| DT-13663 | Request to document how a scope of instrumentation for Application Coverage can be limited |
| DT-14665 | User should be able to use dotTEST on FIPS compliant environments |
| DT-14670 | OWASP2017.A1.VPPD: Handling of wrapper classes and method calls |
| DT-14706 | Incorrect list of .NET Core Supported Rules in the manual |
| DT-14707 | Setup problem for PB.EMPTYMETHODS is reported on .NETCore project, though rule is supported |
| FA-7615 | BD.EXCEPT.NR potential false positive |
| XT-37470 | New NLS implementation provides English version of (some) resources in Japan environment. |
