From 61d14ea26724d0da49bb75c9f403f6f0f6c3dbd4 Mon Sep 17 00:00:00 2001 From: Lauri Pohjanheimo Date: Fri, 16 May 2025 12:41:03 +0300 Subject: [PATCH] Mark files as security sensitive androidcontentfileengine.cpp qandroidapkfileengine.cpp, qandroidassetsfileenginehandler.cpp and extract.cpp marked Reasons: Data serialization, filename parsing Task-number: QTBUG-136818 Task-number: QTBUG-135178 Task-number: QTBUG-136816 Pick-to: 6.8 Change-Id: Ib277a04cc00dc0762feed17a7f185aa5d19942dc Reviewed-by: Assam Boudjelthia (cherry picked from commit a6caa394ba49cb58cc07613f9a5fc6bfb5975e3b) Reviewed-by: Qt Cherry-pick Bot --- src/plugins/platforms/android/androidcontentfileengine.cpp | 1 + src/plugins/platforms/android/extract.cpp | 3 +-- src/plugins/platforms/android/qandroidapkfileengine.cpp | 1 + .../platforms/android/qandroidassetsfileenginehandler.cpp | 1 + 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/plugins/platforms/android/androidcontentfileengine.cpp b/src/plugins/platforms/android/androidcontentfileengine.cpp index b66bbf1e6eb..6c02a73e7c8 100644 --- a/src/plugins/platforms/android/androidcontentfileengine.cpp +++ b/src/plugins/platforms/android/androidcontentfileengine.cpp @@ -1,6 +1,7 @@ // Copyright (C) 2019 Volker Krause // Copyright (C) 2022 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:file-handling #include "androidcontentfileengine.h" diff --git a/src/plugins/platforms/android/extract.cpp b/src/plugins/platforms/android/extract.cpp index d81d70d18dc..48a2c4ecfaf 100644 --- a/src/plugins/platforms/android/extract.cpp +++ b/src/plugins/platforms/android/extract.cpp @@ -1,8 +1,7 @@ // Copyright (C) 2021 The Qt Company Ltd. // Copyright (C) 2014 BogDan Vatra // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only - - +// Qt-Security score:critical reason:data-serializing #include diff --git a/src/plugins/platforms/android/qandroidapkfileengine.cpp b/src/plugins/platforms/android/qandroidapkfileengine.cpp index fcc24333d92..1cb12b6a54b 100644 --- a/src/plugins/platforms/android/qandroidapkfileengine.cpp +++ b/src/plugins/platforms/android/qandroidapkfileengine.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2024 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:file-handling #include "qandroidapkfileengine.h" diff --git a/src/plugins/platforms/android/qandroidassetsfileenginehandler.cpp b/src/plugins/platforms/android/qandroidassetsfileenginehandler.cpp index 1c7364cd229..935aef7ba1e 100644 --- a/src/plugins/platforms/android/qandroidassetsfileenginehandler.cpp +++ b/src/plugins/platforms/android/qandroidassetsfileenginehandler.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2012 BogDan Vatra // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:file-handling #include "androidjnimain.h" #include "qandroidassetsfileenginehandler.h"