From 938d5fd6d28b12d3c10fe3650fea17e1ecba70d2 Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@qt.io>
Date: Tue, 11 Mar 2025 11:50:30 +0100
Subject: [PATCH] Mark QUrl* classes as security-critical

These classes, too, are usually in the first line of defense, handling
tainted data before anything else had the chance to verify it.

Amends 8df072fc8006510c9b743e8ffedaaf51a876883a.

QUIP: 23
Task-number: QTBUG-135187
Pick-to: 6.8
Change-Id: I21dbea39078a583f0bbf7737bd7151893fb98d17
Reviewed-by: Matthias Rauter <matthias.rauter@qt.io>
(cherry picked from commit dc45850c1e64565af5bcd8446389fd558131e58b)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/corelib/io/qdataurl.cpp   | 1 +
 src/corelib/io/qurl.cpp       | 1 +
 src/corelib/io/qurlidna.cpp   | 1 +
 src/corelib/io/qurlquery.cpp  | 1 +
 src/corelib/io/qurlrecode.cpp | 1 +
 5 files changed, 5 insertions(+)

diff --git a/src/corelib/io/qdataurl.cpp b/src/corelib/io/qdataurl.cpp
index c5ecca8fb82..cd91853ee73 100644
--- a/src/corelib/io/qdataurl.cpp
+++ b/src/corelib/io/qdataurl.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qplatformdefs.h"
 #include "qurl.h"
diff --git a/src/corelib/io/qurl.cpp b/src/corelib/io/qurl.cpp
index aac2188aefe..99775185632 100644
--- a/src/corelib/io/qurl.cpp
+++ b/src/corelib/io/qurl.cpp
@@ -1,6 +1,7 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // Copyright (C) 2016 Intel Corporation.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 /*!
     \class QUrl
diff --git a/src/corelib/io/qurlidna.cpp b/src/corelib/io/qurlidna.cpp
index 1f16513f93a..d48d01bd525 100644
--- a/src/corelib/io/qurlidna.cpp
+++ b/src/corelib/io/qurlidna.cpp
@@ -1,6 +1,7 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // Copyright (C) 2016 Intel Corporation.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qurl_p.h"
 
diff --git a/src/corelib/io/qurlquery.cpp b/src/corelib/io/qurlquery.cpp
index 70303273045..9023385d1b0 100644
--- a/src/corelib/io/qurlquery.cpp
+++ b/src/corelib/io/qurlquery.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2021 Intel Corporation.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qurlquery.h"
 #include "qurl_p.h"
diff --git a/src/corelib/io/qurlrecode.cpp b/src/corelib/io/qurlrecode.cpp
index bb531e53811..008f6853f00 100644
--- a/src/corelib/io/qurlrecode.cpp
+++ b/src/corelib/io/qurlrecode.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2016 Intel Corporation.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qurl.h"
 #include "private/qstringconverter_p.h"