From cf793190c720043b3caeb70a22f5f56bc12300b4 Mon Sep 17 00:00:00 2001
From: Matthias Rauter <matthias.rauter@qt.io>
Date: Wed, 21 May 2025 14:04:23 +0200
Subject: [PATCH] Mark three files in corelib/mimetype as critical

* qmimeprovider.cpp parses file names to identify the Mimetype,
* qmimemagicrule.cpp parses the file to identify its Mimetype.
* qmimeglobpattern.cpp implements a pattern matching algorithm, i.e.
glob parser.

All involve parsing of data that might come from untrusted sources.

QUIP: 23
Task-number: QTBUG-135191
Pick-to: 6.8
Change-Id: I97d4cd8d635f05613d5a979c61038cef9c759989
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
(cherry picked from commit 7d163200f9d6f47bce941969869c54369fc26056)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 924b8dd5847664313610d4016c49537538cb28ab)
---
 src/corelib/mimetypes/qmimeglobpattern.cpp | 1 +
 src/corelib/mimetypes/qmimemagicrule.cpp   | 2 +-
 src/corelib/mimetypes/qmimeprovider.cpp    | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/corelib/mimetypes/qmimeglobpattern.cpp b/src/corelib/mimetypes/qmimeglobpattern.cpp
index d50787a0be4..4dd71256c2f 100644
--- a/src/corelib/mimetypes/qmimeglobpattern.cpp
+++ b/src/corelib/mimetypes/qmimeglobpattern.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qmimeglobpattern_p.h"
 
diff --git a/src/corelib/mimetypes/qmimemagicrule.cpp b/src/corelib/mimetypes/qmimemagicrule.cpp
index 42271c55e25..8a72db7f67a 100644
--- a/src/corelib/mimetypes/qmimemagicrule.cpp
+++ b/src/corelib/mimetypes/qmimemagicrule.cpp
@@ -1,6 +1,6 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
-
+// Qt-Security score:critical reason:data-parser
 
 #define QT_NO_CAST_FROM_ASCII
 
diff --git a/src/corelib/mimetypes/qmimeprovider.cpp b/src/corelib/mimetypes/qmimeprovider.cpp
index 08828c3e386..46cf6f77759 100644
--- a/src/corelib/mimetypes/qmimeprovider.cpp
+++ b/src/corelib/mimetypes/qmimeprovider.cpp
@@ -2,6 +2,7 @@
 // Copyright (C) 2018 Klaralvdalens Datakonsult AB, a KDAB Group company, info@kdab.com, author David Faure <david.faure@kdab.com>
 // Copyright (C) 2019 Intel Corporation.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qmimeprovider_p.h"