1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mark QRegularExpression* classes as security-critical

Browse Source 
These classes, too, are usually in the first line of defense, used to
check tainted data for validity before anything else gets to see the
result of validation. In fact, in Perl, retrieving regex matches is
the main way to untaint data.

Amends 8df072fc8006510c9b743e8ffedaaf51a876883a.

QUIP: 23
Task-number: QTBUG-135195
Pick-to: 6.9 6.8
Change-Id: I1716f3c95ef110d5e20f3cdb303d4e70db16a6f1
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
Reviewed-by: Matthias Rauter <matthias.rauter@qt.io>
This commit is contained in:
Marc Mutz 2025-03-11 11:50:30 +01:00
parent 25cc585a13
commit 3651442e6b
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/corelib/text/qregularexpression.cpp
View File

@ -2,6 +2,7 @@
// Copyright (C) 2020 Klarälvdalens Datakonsult AB, a KDAB Group company, info@kdab.com, author Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
// Copyright (C) 2021 The Qt Company Ltd.
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
// Qt-Security score:critical reason:data-parser
#include "qregularexpression.h"