From c4f2d637999f290d601df4343bc563b35d829e79 Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Tue, 11 Mar 2025 11:50:30 +0100 Subject: [PATCH] Mark QXmlStream{Reader,Writer} as security-critical MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If QXmlStream isn't security-criticial, what is? qxmlstream.h contains the definition of the QXmlString work-horse, so it has to be security-critical, too (until we remove it). Amends 8df072fc8006510c9b743e8ffedaaf51a876883a. QUIP: 23 Task-number: QTBUG-135194 Pick-to: 6.8 Change-Id: Ib366e63fb89aa0b69ad437f6688285b2c390c5c1 Reviewed-by: Ivan Solovev Reviewed-by: Kai Köhne (cherry picked from commit 0a7ee06b27c55f10b65b053cabdc893ae8f23893) Reviewed-by: Qt Cherry-pick Bot --- src/corelib/serialization/qxmlstream.cpp | 1 + src/corelib/serialization/qxmlstream.g | 2 ++ src/corelib/serialization/qxmlstream.h | 1 + src/corelib/serialization/qxmlstream_p.h | 1 + src/corelib/serialization/qxmlstreamgrammar.cpp | 1 + src/corelib/serialization/qxmlstreamgrammar_p.h | 1 + src/corelib/serialization/qxmlstreamparser_p.h | 1 + 7 files changed, 8 insertions(+) diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp index 7e14b098de9..00b51612688 100644 --- a/src/corelib/serialization/qxmlstream.cpp +++ b/src/corelib/serialization/qxmlstream.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include "QtCore/qxmlstream.h" diff --git a/src/corelib/serialization/qxmlstream.g b/src/corelib/serialization/qxmlstream.g index d1e3e182e26..853945439f1 100644 --- a/src/corelib/serialization/qxmlstream.g +++ b/src/corelib/serialization/qxmlstream.g @@ -1,5 +1,6 @@ -- Copyright (C) 2020 The Qt Company Ltd. -- SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +-- Qt-Security score:critical reason:data-parser %parser QXmlStreamGrammar %impl qxmlstreamparser_p.h @@ -111,6 +112,7 @@ /.// Copyright (C) 2020 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser // diff --git a/src/corelib/serialization/qxmlstream.h b/src/corelib/serialization/qxmlstream.h index 71294cb6bc9..2d761935f24 100644 --- a/src/corelib/serialization/qxmlstream.h +++ b/src/corelib/serialization/qxmlstream.h @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #ifndef QXMLSTREAM_H #define QXMLSTREAM_H diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h index f5695dd6670..e4c9dbe4048 100644 --- a/src/corelib/serialization/qxmlstream_p.h +++ b/src/corelib/serialization/qxmlstream_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser // // W A R N I N G diff --git a/src/corelib/serialization/qxmlstreamgrammar.cpp b/src/corelib/serialization/qxmlstreamgrammar.cpp index 074b9023cee..b2e5249d24e 100644 --- a/src/corelib/serialization/qxmlstreamgrammar.cpp +++ b/src/corelib/serialization/qxmlstreamgrammar.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2020 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser // This file was generated by qlalr - DO NOT EDIT! #include "qxmlstreamgrammar_p.h" diff --git a/src/corelib/serialization/qxmlstreamgrammar_p.h b/src/corelib/serialization/qxmlstreamgrammar_p.h index 80ee8e929f5..140e3d52bc5 100644 --- a/src/corelib/serialization/qxmlstreamgrammar_p.h +++ b/src/corelib/serialization/qxmlstreamgrammar_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2020 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser // // W A R N I N G diff --git a/src/corelib/serialization/qxmlstreamparser_p.h b/src/corelib/serialization/qxmlstreamparser_p.h index 4bdcd77f3e1..c62080b0a13 100644 --- a/src/corelib/serialization/qxmlstreamparser_p.h +++ b/src/corelib/serialization/qxmlstreamparser_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2020 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser //