Common use of CWE Clause in Contracts

CWE. SANS Top 25 Most Dangerous Program- ming Errors Includes rules that find issues classified as Top 25 Most Dangerous Programming Errors of the CWE-SANS standard. NIST SAMATE Includes rules that find issues identified in the NIST SAMATE standard OWASP Top 10 Security Vulnerabilities Includes rules that find issues identified in OWASP’s Top 10 standard PCI Data Security Standard Includes rules that find issues identified in PCI Data Security Standard Security Assessment General test configuration that finds security issues IEC 62304 (Template) A template test configuration for applying the IEC 62304 Medical standard. Run NUnit Tests Runs NUnit Tests that are found in the scope of analysis Run NUnit Tests with coverage Runs NUnit Tests that are found in the scope of analysis and monitors coverage Calculate Application Coverage Processes the application coverage data to generate a coverage.xml file. See “Application Coverage for Web Applications”, page 47 for additional information. Execute MSTests with Coverage Executes MSTests and collects coverage. See “Running MSTest Tests”, page 39, for more information. Execute MSTests Executes MSTests. See “Running MSTest Tests”, page 39, for more information. Collect Static Coverage Generates the static coverage data necessary for application coverage. See “Application Cov- erage for Web Applications”, page 47, for details. Creating Custom Rules‌ Use RuleWizard to create custom rules. To use the rule in the Static Analysis Engine, it needs to be enabled in a test configuration and the custom rule file must be located in one of the following directo- ▇▇▇▇: • [INSTALL_DIR]\rules\user\ • [DOCUMENTS DIR]\Parasoft\[engine]\rules where [DOCUMENTS DIR] refers to the "My Documents" directory in Windows Defining Test Scope‌‌ The test scope refers to the file or set of files for testing. Use the -resource switch followed by a path in the solution to define the scope. Do not use file system paths to define the scope. Use the Visual Studio Solution Explorer path instead. If you are running analysis from your IDE, a source file that is open in the active editor has higher prior- ity than resources defined with Solution Explorer and only this file will be analyzed. Testing a Single Project in a Solution‌ dottestcli.exe -solution "C:\Devel\FooSolution\FooSolution.sln" -resource "FooSolution/QuxProject" -config "builtin://Demo" -report "C:\Report" Testing a Single Directory of Files in a Project‌ dottestcli.exe -solution "C:\Devel\FooSolution\FooSolution.sln" -resource "FooSolution/BarProject/QuxDirectory" -config "builtin://Demo" Testing a Single Source File‌ dottestcli.exe -solution "C:\Devel\FooSolution\FooSolution.sln" -resource "FooSolution/BarProject/QuxDirectory/BazFile.cs" -config "builtin://Demo" Testing a Single Project Under a Solution Folder‌ dottestcli.exe -solution "C:\Devel\FooSolution\FooSolution.sln" -resource "FooSolution/BarSolutionFolder/QuxProject" -config "builtin://Demo" -report "C:\Report" Testing a Single Source File When No Solution is Provided‌ Because the name of the solution is unknown, the solution path should start from /.

CWE. SANS Top 25 Most Dangerous Program- ming Errors Includes rules that find issues classified as Top 25 Most Dangerous Programming Errors of the CWE-SANS standard. NIST SAMATE Includes rules that find issues identified in the NIST SAMATE standard OWASP Top 10 Security Vulnerabilities Includes rules that find issues identified in OWASP’s Top 10 standard PCI Data Security Standard Includes rules that find issues identified in PCI Data Security Standard Security Assessment General test configuration that finds security issues IEC 62304 (Template) A template test configuration for applying the IEC 62304 Medical standard. Run NUnit Tests Runs NUnit Tests that are found in the scope of analysis Run NUnit Tests with coverage Runs NUnit Tests that are found in the scope of analysis and monitors coverage Calculate Application Coverage Processes the application coverage data to generate a coverage.xml file. See “Application Coverage for Web Applications”, page 47 43 for additional information. Execute MSTests with Coverage Executes MSTests and collects coverage. See “Running MSTest Tests”, page 3936, for more information. Execute MSTests Executes MSTests. See “Running MSTest Tests”, page 3936, for more information. Collect Static Coverage Generates the static coverage data necessary for application coverage. See “Application Cov- erage for Web Applications”, page 4743, for details. Creating Custom Rules‌ Use RuleWizard to create custom rules. To use the rule in the Static Analysis Engine, it needs to be enabled in a test configuration and the custom rule file must be located in one of the following directo- ▇▇▇▇: • [INSTALL_DIR]\rules\user\ • [DOCUMENTS DIR]\Parasoft\[engine]\rules where [DOCUMENTS DIR] refers to the "My Documents" directory in Windows Defining Test Scope‌‌ The test scope refers to the file or set of files for testing. Use the -resource switch followed by a path in the solution to define the scope. Do not use file system paths to define the scope. Use the Visual Studio Solution Explorer path instead. If you are running analysis from your IDE, a source file that is open in the active editor has higher prior- ity than resources defined with Solution Explorer and only this file will be analyzed. Testing a Single Project in a Solution‌ dottestcli.exe -solution "C:\Devel\FooSolution\FooSolution.sln" -resource "FooSolution/QuxProject" -config "builtin://Demo" -report "C:\Report" Testing a Single Directory of Files in a Project‌ dottestcli.exe -solution "C:\Devel\FooSolution\FooSolution.sln" -resource "FooSolution/BarProject/QuxDirectory" -config "builtin://Demo" Testing a Single Source File‌ dottestcli.exe -solution "C:\Devel\FooSolution\FooSolution.sln" -resource "FooSolution/BarProject/QuxDirectory/BazFile.cs" -config "builtin://Demo" Testing a Single Project Under a Solution Folder‌ dottestcli.exe -solution "C:\Devel\FooSolution\FooSolution.sln" -resource "FooSolution/BarSolutionFolder/QuxProject" -config "builtin://Demo" -report "C:\Report" Testing a Single Source File When No Solution is Provided‌ Because the name of the solution is unknown, the solution path should start from /.