Mark files as security sensitive

androidcontentfileengine.cpp qandroidapkfileengine.cpp, qandroidassetsfileenginehandler.cpp and extract.cpp marked Reasons: Data serialization, filename parsing Task-number: QTBUG-136818 Task-number: QTBUG-135178 Task-number: QTBUG-136816 Pick-to: 6.8 Change-Id: Ib277a04cc00dc0762feed17a7f185aa5d19942dc Reviewed-by: Assam Boudjelthia <assam.boudjelthia@qt.io> (cherry picked from commit a6caa394ba49cb58cc07613f9a5fc6bfb5975e3b) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
2025-05-16 12:41:03 +03:00 · 2025-05-16 12:41:03 +03:00 · 61d14ea267
commit 61d14ea267
parent 5fc602c0f5
4 changed files with 4 additions and 2 deletions
--- a/src/plugins/platforms/android/androidcontentfileengine.cpp
+++ b/src/plugins/platforms/android/androidcontentfileengine.cpp
@ -1,6 +1,7 @@
 // Copyright (C) 2019 Volker Krause <vkrause@kde.org>
 // Copyright (C) 2022 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:file-handling

 #include "androidcontentfileengine.h"

--- a/src/plugins/platforms/android/extract.cpp
+++ b/src/plugins/platforms/android/extract.cpp
@ -1,8 +1,7 @@
 // Copyright (C) 2021 The Qt Company Ltd.
 // Copyright (C) 2014 BogDan Vatra <bogdan@kde.org>
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
-
-
+// Qt-Security score:critical reason:data-serializing

 #include <QtCore/QJniEnvironment>

--- a/src/plugins/platforms/android/qandroidapkfileengine.cpp
+++ b/src/plugins/platforms/android/qandroidapkfileengine.cpp
@ -1,5 +1,6 @@
 // Copyright (C) 2024 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:file-handling

 #include "qandroidapkfileengine.h"

--- a/src/plugins/platforms/android/qandroidassetsfileenginehandler.cpp
+++ b/src/plugins/platforms/android/qandroidassetsfileenginehandler.cpp
@ -1,5 +1,6 @@
 // Copyright (C) 2012 BogDan Vatra <bogdan@kde.org>
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:file-handling

 #include "androidjnimain.h"
 #include "qandroidassetsfileenginehandler.h"