In this release, we've focused on extending support for environments, increasing performance, and enhancing our security compliance solution.

Support for Environments

We've added support for:

  • Visual Studio 2019
  • .NET Framework 4.8

Extended Security Compliance Pack

We've added support for the latest version of Common Weaknesses Enumeration (CWE). We've added new static analysis rules and extended some existing rules to enable support for CWE 3.4, including CWE Top 25 2019 and On the Cusp guidelines; see the New and Updated Test Configurations section below.

Enhanced Static Analysis

  • We've optimized static analysis to effectively reduce analysis times.
  • We've enhanced static analysis in the IDE to make it faster and more efficient. We've dramatically increased performance in the CQA mode and extended the set of CQA-supported rules; see Rules Supported by Live Static Analysis.
  • We've extended flow analysis with an option to separately analyze individual project in a solution to reduce memory usage; see Analyzing Solutions with Multiple Projects.
  • We've added a NOMCIM metric to calculate the number of method calls in methods.
  • We've added new and improved existing static analysis rules to extend dotTEST's testing capabilities; see the New and Updated Static Analysis Rules section below for details.

New and Updated Test Configurations

We've added the following test configurations:

  • Check Code Compatibility against .NET 4.7.1
  • Check Code Compatibility against .NET 4.7.2
  • Check Code Compatibility against .NET 4.8
  • CWE 3.4
  • CWE Top 25 2019
  • CWE Top 25 + On the Cusp 2019

The following test configurations have been updated to improve analysis results or enhance support for security standards:

  • OWASP Top 10-2017
  • PCI DSS 3.2
  • UL 2900

Removed Test Configurations

  • CWE 3.2
  • CWE-SANS Top 25 2011
  • CWE SANS Top 25 2011 + On the Cusp

Other Improvements

  • We've extended the set of exit codes to help you diagnose and handle errors when using dotTEST in the command line; see Command Line Exit Codes.
  • The license.network.enabled option has been renamed as license.network.use.specified.server; see Setting the License.

New and Updated Static Analysis Rules

The following rules have been added:

Rule IDHeader
CS.BRM.SCHR Avoid using the Strings.Chr() and Strings.ChrW() methods in C# code
PB.ACDE Avoid calling the Application.DoEvents() method
SEC.WEB.DNICV

Do not disable SSL certificate validation

The following static analysis rules have been updated to improve analysis results:

  • BD.PB.EVIPT​
  • BD.SECURITY.TDSQLC
  • CS.PB.ANIL
  • NG.PRN.APNCTN
  • OPU.CPTEQ
  • PB.CFF

The output messages of the following rules have been updated, and as a result, suppressions associated with these rules on DTP may no longer be available:

  • PB.CFF

Resolved Bugs and FRs

Bug/FR IDDescription
DT-10960Possible false positive of CS.PB.ANIL
DT-10963CS.PB.ANIL potential false positive
DT-11644Missing uninstaller application after dotTEST is reinstalled
DT-13754Empty user rule map path after plugin installation
FA-7470No resource for translation of BD.SECURITY.TDRFL violation message
FA-7474Flow Analysis does not report violation on WebSite project
XT-36609£ character in password prevents Parasoft tool from connecting to DTP
XT-36611Publishing sim-link source code using 'min' option failed
XT-36843Concurrent builds which use cpptestcli do not wait for timeout when trying to pull license
XT-36950Update vulnerable libraries from XML Graphics Project
XT-37358100% not being displayed in reports when achieving 100% test success

  • No labels