1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mark QRegularExpression* classes as security-critical

Browse Source 
These classes, too, are usually in the first line of defense, used to
check tainted data for validity before anything else gets to see the
result of validation. In fact, in Perl, retrieving regex matches is
the main way to untaint data.

Amends 8df072fc8006510c9b743e8ffedaaf51a876883a.

QUIP: 23
Task-number: QTBUG-135195
Pick-to: 6.8
Change-Id: I1716f3c95ef110d5e20f3cdb303d4e70db16a6f1
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
Reviewed-by: Matthias Rauter <matthias.rauter@qt.io>
(cherry picked from commit 3651442e6b6641a7d7a167c5397a54ba2f068b34)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
Marc Mutz 2025-03-11 11:50:30 +01:00 committed by Qt Cherry-pick Bot
parent 2667f57338
commit ae61177c50
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/corelib/text/qregularexpression.cpp
View File

@ -2,6 +2,7 @@
// Copyright (C) 2020 Klarälvdalens Datakonsult AB, a KDAB Group company, info@kdab.com, author Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
// Copyright (C) 2021 The Qt Company Ltd.
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
// Qt-Security score:critical reason:data-parser
#include "qregularexpression.h"