This release includes the following enhancements:

Release date: December 4, 2023

OpenAI Integration

  • Parasoft dotTEST introduces seamless integration with OpenAI and Azure OpenAI, enhancing its testing capabilities. You can now utilize your OpenAI or Azure OpenAI account to generate recommended fixes for static analysis violations. This feature enables you to efficiently resolve static analysis violations.
  • The Fix [rule] with Generative AI action in the IDE uses generative AI to provide analysis of a reported static analysis violation in the context of the associated code as well as an AI-generated suggested fix to resolve the violation. For details, see Generating a Suggested Fix.
  • To use this functionality, OpenAI must first be configured in the Parasoft Preferences. See Configuring LLM Provider Settings.

Support for .NET 8

Support for .NET 8 has been added. See Supported Frameworks.

Support for C# 12

dotTEST can now analyze code written in C# 12.

Code Coverage Enhancements

  • Test impact analysis workflows in dottestcov now support using a baseline report containing metadata about lines of code that can be covered generated via dottestcli. Previously, test impact analysis workflows only supported using a baseline report where this metadata was collected by scanning application binaries.
  • The dottestcov application can now be run on .NET Framework 4.7.2 (in addition to .NET 6 runtime).

Enhanced Static Analysis

  • The RuleWizard engine has been modernized to run on Roslyn infrastructure enabling support for .NET.
  • The accuracy of the following rules has been improved as they are now executed via Roslyn infrastructure:
    • APSC_DV.001460.IIDC
    • APSC_DV.001460.UIS
    • CS.IFD.DNPTHIS
    • CS.OOM.CAST2CONCRETE
    • CS.SERIAL.IIDC
    • CS.SERIAL.UIS
    • CS.SMC
    • CS.TRS.LOCKSETGET
    • CWE.502.IIDC
    • CWE.502.UIS
    • OWASP_ASVS_403.V1_5_2.IIDC
    • OWASP_ASVS_403.V1_5_2.UIS
    • OWASP_ASVS_403.V5_5_1.IIDC
    • OWASP_ASVS_403.V5_5_1.UIS
    • OWASP2017.A8.IIDC
    • OWASP2017.A8.UIS
    • OWASP2021.A8.IIDC
    • OWASP2021.A8.UIS
    • SEC.AUSD

New and Updated Test Configurations

The Security Compliance Pack has been extended by adding support for the following test configurations:

  • CWE 4.13
  • CWE Top 25 2023
  • CWE Top 25 + On the Cusp 2023
  • OWASP API Security Top 10-2023

The following test configurations have been updated:

  • CWE Top 25 + On the Cusp 2022
  • DISA-ASD-STIG
  • HIPAA
  • OWASP ASVS 4.0.3
  • UL 2900

The following test configurations have been removed:

  • CWE 4.10
  • CWE Top 25 + On the Cusp 2021
  • CWE Top 25 2021

Updated Static Analysis Rules

The following rules have been updated:

Rule ID

Updates

CS.SERIAL.IIDCAdded support for .NET and CQA.
CS.SERIAL.UISThe performance of the rule has been improved. Added support for many serialization methods. Added support for .NET and CQA. The placement of existing violations may change to become more accurate.
SEC.WEB.UAAAdded support to allow reporting violations on derived attributes.

Updated Flow Analysis Rules

The following rules have been updated:

Rule ID

Updates

BD.PB.ARRAYFixed false negatives.
BD.PB.VOVR

Added a parameter to allow reporting on unused values assigned to function parameters.

Added a parameter to allow reporting on unused and overwritten initial values of function parameters.

Additional Updates

  • You can now configure dotTEST so that it runs in a FIPS-compliant mode. See Configuring FIPS Mode.
  • The support for analyzing Razor/Blazor projects in Parasoft Plugin has been improved.
  • The shipped JRE has been upgraded to version 11.0.20.1+1.
  • Visual Studio Code users can now configure the mapping of dotTEST severity levels (1-5) to VS Code severity levels (Error/Warning/Information/Hint) and filter the violations inside VS Code based on dotTEST severities using a text pattern.
  • It is now possible to suppress a finding in the next line. See Next Line Suppression.

Resolved Bugs and FRs

Bug/FR ID

Description

DT-12932User should see warnings for dependencies missing from project scope
DT-17632CS.NG.VAR.PNCFV - reports violation on local function
DT-18774No violation on razor file: rules CS.PB.DEFSWITCH, BD.EXCEPT.NR
DT-20571An error occurs when performing static analysis in Visual Studio 2022(17.2.4)
DT-20732Report.xml is not generated and Source Control service is unavailable
DT-20911The issue with rule CS.SEC.WEB.UAA and authorization attribute
DT-21320SymbolsParser exception on specific syntax
FA-9478BD.PB.CC false positive on comparing nullable value type object with primitive value
FA-9552BD.PB.ARRAY - potential false negative
XT-41333Empty file in report is marked as not checked but was tested
XT-41729Incorrectly generated PDF reports from CLI in Japanese env

Deprecated Rules

Deprecated Rule

Suggested Rule

BD.PB.POVRBD.PB.VOVR
CLS.ACNMN/A
CLS.ARRDN/A
CLS.ENFIN/A
CLS.EVOLN/A
CLS.EVTYN/A
CLS.FIOLN/A
CLS.GLBLN/A
CLS.IDUNN/A
CLS.MTVN/A
CLS.PROLN/A
CLS.UPNN/A
CLS.UTNN/A
PB.BOXINGN/A
SEC.MSCPVN/A

  • No labels