Mark QRegularExpression* classes as security-critical
These classes, too, are usually in the first line of defense, used to check tainted data for validity before anything else gets to see the result of validation. In fact, in Perl, retrieving regex matches is the main way to untaint data. Amends 8df072fc8006510c9b743e8ffedaaf51a876883a. QUIP: 23 Task-number: QTBUG-135195 Pick-to: 6.8 Change-Id: I1716f3c95ef110d5e20f3cdb303d4e70db16a6f1 Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com> Reviewed-by: Matthias Rauter <matthias.rauter@qt.io> (cherry picked from commit 3651442e6b6641a7d7a167c5397a54ba2f068b34) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
parent
2667f57338
commit
ae61177c50
@ -2,6 +2,7 @@
|
||||
// Copyright (C) 2020 Klarälvdalens Datakonsult AB, a KDAB Group company, info@kdab.com, author Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
|
||||
// Copyright (C) 2021 The Qt Company Ltd.
|
||||
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
|
||||
// Qt-Security score:critical reason:data-parser
|
||||
|
||||
#include "qregularexpression.h"
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user