From ae61177c501baa0764565dc88200d2da98d476b3 Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@qt.io>
Date: Tue, 11 Mar 2025 11:50:30 +0100
Subject: [PATCH] Mark QRegularExpression* classes as security-critical

These classes, too, are usually in the first line of defense, used to
check tainted data for validity before anything else gets to see the
result of validation. In fact, in Perl, retrieving regex matches is
the main way to untaint data.

Amends 8df072fc8006510c9b743e8ffedaaf51a876883a.

QUIP: 23
Task-number: QTBUG-135195
Pick-to: 6.8
Change-Id: I1716f3c95ef110d5e20f3cdb303d4e70db16a6f1
Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
Reviewed-by: Matthias Rauter <matthias.rauter@qt.io>
(cherry picked from commit 3651442e6b6641a7d7a167c5397a54ba2f068b34)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/corelib/text/qregularexpression.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/corelib/text/qregularexpression.cpp b/src/corelib/text/qregularexpression.cpp
index 906fabd2dea..a8ff90b5072 100644
--- a/src/corelib/text/qregularexpression.cpp
+++ b/src/corelib/text/qregularexpression.cpp
@@ -2,6 +2,7 @@
 // Copyright (C) 2020 Klarälvdalens Datakonsult AB, a KDAB Group company, info@kdab.com, author Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
 // Copyright (C) 2021 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qregularexpression.h"