diff options
| author | Zoltan Gera <[email protected]> | 2025-04-17 16:04:30 +0300 |
|---|---|---|
| committer | Zoltan Gera <[email protected]> | 2025-05-15 15:59:53 +0300 |
| commit | 1944eac19a6ec6999f303def3526eac8347a031a (patch) | |
| tree | 566303f39d6af5674a38312f352688941d5946b5 | |
| parent | 7db45781009dd97517345af783562788394cbcc7 (diff) | |
Fixes: QTBUG-135747
Pick-to: 6.9 6.8
Change-Id: I3254d2607b6c80d3fec003263a91f0cee4dd69c6
Reviewed-by: Robert Griebl <[email protected]>
29 files changed, 29 insertions, 1 deletions
diff --git a/src/application-lib/installationreport.cpp b/src/application-lib/installationreport.cpp index c9f807fe..1d77766b 100644 --- a/src/application-lib/installationreport.cpp +++ b/src/application-lib/installationreport.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include <QIODevice> #include <QVariant> diff --git a/src/application-lib/packagedatabase.cpp b/src/application-lib/packagedatabase.cpp index 57a16fdf..97cedffb 100644 --- a/src/application-lib/packagedatabase.cpp +++ b/src/application-lib/packagedatabase.cpp @@ -1,6 +1,7 @@ // Copyright (C) 2021 The Qt Company Ltd. // Copyright (C) 2019 Luxoft Sweden AB // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include <QDir> #include <QFile> diff --git a/src/application-lib/packageinfo.cpp b/src/application-lib/packageinfo.cpp index 523a8bf1..53601461 100644 --- a/src/application-lib/packageinfo.cpp +++ b/src/application-lib/packageinfo.cpp @@ -1,6 +1,7 @@ // Copyright (C) 2021 The Qt Company Ltd. // Copyright (C) 2019 Luxoft Sweden AB // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include <QDataStream> #include <QBuffer> diff --git a/src/application-lib/yamlpackagescanner.cpp b/src/application-lib/yamlpackagescanner.cpp index c43f814d..a7547f54 100644 --- a/src/application-lib/yamlpackagescanner.cpp +++ b/src/application-lib/yamlpackagescanner.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include <QJsonDocument> #include <QJsonParseError> diff --git a/src/common-lib/configcache.cpp b/src/common-lib/configcache.cpp index 1fa8bb07..e3c04170 100644 --- a/src/common-lib/configcache.cpp +++ b/src/common-lib/configcache.cpp @@ -1,6 +1,7 @@ // Copyright (C) 2021 The Qt Company Ltd. // Copyright (C) 2019 Luxoft Sweden AB // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include <QDebug> #include <QFile> diff --git a/src/common-lib/qtyaml.cpp b/src/common-lib/qtyaml.cpp index afa22476..0a15f88f 100644 --- a/src/common-lib/qtyaml.cpp +++ b/src/common-lib/qtyaml.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include <charconv> diff --git a/src/crypto-lib/cryptography.cpp b/src/crypto-lib/cryptography.cpp index f876a19d..7750dedf 100644 --- a/src/crypto-lib/cryptography.cpp +++ b/src/crypto-lib/cryptography.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:cryptography #include <QMutex> diff --git a/src/crypto-lib/libcryptofunction.cpp b/src/crypto-lib/libcryptofunction.cpp index 62fe792f..58fbb894 100644 --- a/src/crypto-lib/libcryptofunction.cpp +++ b/src/crypto-lib/libcryptofunction.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:cryptography #include <QLibrary> #include <QString> diff --git a/src/crypto-lib/libcryptofunction.h b/src/crypto-lib/libcryptofunction.h index 2ca99e5b..5f379a5a 100644 --- a/src/crypto-lib/libcryptofunction.h +++ b/src/crypto-lib/libcryptofunction.h @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:cryptography #ifndef LIBCRYPTOFUNCTION_H #define LIBCRYPTOFUNCTION_H diff --git a/src/crypto-lib/signature.cpp b/src/crypto-lib/signature.cpp index 34b455ba..98c5ee80 100644 --- a/src/crypto-lib/signature.cpp +++ b/src/crypto-lib/signature.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:cryptography #include "signature.h" #include "signature_p.h" diff --git a/src/crypto-lib/signature_macos.cpp b/src/crypto-lib/signature_macos.cpp index 61f584f5..e3aa9d30 100644 --- a/src/crypto-lib/signature_macos.cpp +++ b/src/crypto-lib/signature_macos.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:cryptography #include "exception.h" #include "cryptography.h" diff --git a/src/crypto-lib/signature_openssl.cpp b/src/crypto-lib/signature_openssl.cpp index 1fb969aa..334be94b 100644 --- a/src/crypto-lib/signature_openssl.cpp +++ b/src/crypto-lib/signature_openssl.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:cryptography #include <QScopedPointer> diff --git a/src/crypto-lib/signature_win.cpp b/src/crypto-lib/signature_win.cpp index 338e01ab..cd8f0896 100644 --- a/src/crypto-lib/signature_win.cpp +++ b/src/crypto-lib/signature_win.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:cryptography #ifdef _WIN32 // needed for crypto API compatibility - otherwise this will only work on Win8+ diff --git a/src/intent-server-lib/intentserver.cpp b/src/intent-server-lib/intentserver.cpp index ebe56774..b12f29cd 100644 --- a/src/intent-server-lib/intentserver.cpp +++ b/src/intent-server-lib/intentserver.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:communication-protocol #include "intentserver.h" #include "intentserversysteminterface.h" diff --git a/src/main-lib/configuration.cpp b/src/main-lib/configuration.cpp index bf82f2b2..4196bbeb 100644 --- a/src/main-lib/configuration.cpp +++ b/src/main-lib/configuration.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include <QCoreApplication> #include <QFile> diff --git a/src/main-lib/main.cpp b/src/main-lib/main.cpp index 2c78577e..17d3287b 100644 --- a/src/main-lib/main.cpp +++ b/src/main-lib/main.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:execute-external-code #include <memory> #include <cstdlib> diff --git a/src/manager-lib/debugwrapper.cpp b/src/manager-lib/debugwrapper.cpp index a3e6222b..9401f8aa 100644 --- a/src/manager-lib/debugwrapper.cpp +++ b/src/manager-lib/debugwrapper.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include "debugwrapper.h" diff --git a/src/manager-lib/installationtask.cpp b/src/manager-lib/installationtask.cpp index b7af46e4..0da6226d 100644 --- a/src/manager-lib/installationtask.cpp +++ b/src/manager-lib/installationtask.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:cryptography #include <QTemporaryDir> #include <QMessageAuthenticationCode> diff --git a/src/manager-lib/intentaminterface.cpp b/src/manager-lib/intentaminterface.cpp index 43e5bee6..a2ffee3b 100644 --- a/src/manager-lib/intentaminterface.cpp +++ b/src/manager-lib/intentaminterface.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:communication-protocol #include "global.h" #if QT_CONFIG(am_multi_process) diff --git a/src/manager-lib/processcontainer.cpp b/src/manager-lib/processcontainer.cpp index 9da8e5c8..7a80a9a4 100644 --- a/src/manager-lib/processcontainer.cpp +++ b/src/manager-lib/processcontainer.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:execute-external-code #include <QProcess> #include <QProcessEnvironment> diff --git a/src/manager-lib/sudo.cpp b/src/manager-lib/sudo.cpp index b7943fdd..9abc37f5 100644 --- a/src/manager-lib/sudo.cpp +++ b/src/manager-lib/sudo.cpp @@ -2,7 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only - +// Qt-Security score:critical reason:privilege-management #include <QProcess> #include <QDir> diff --git a/src/package-lib/packageextractor.cpp b/src/package-lib/packageextractor.cpp index 6b68b6a4..2cf438ee 100644 --- a/src/package-lib/packageextractor.cpp +++ b/src/package-lib/packageextractor.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include <QStringList> #include <QThread> diff --git a/src/plugins/bubblewrap-container-plugin/bubblewrapcontainer.cpp b/src/plugins/bubblewrap-container-plugin/bubblewrapcontainer.cpp index 523d748c..41162b29 100644 --- a/src/plugins/bubblewrap-container-plugin/bubblewrapcontainer.cpp +++ b/src/plugins/bubblewrap-container-plugin/bubblewrapcontainer.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2023 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only +// Qt-Security score:critical reason:execute-external-code #include <tuple> diff --git a/src/tools/controller/controller.cpp b/src/tools/controller/controller.cpp index acbb0b40..7690cdeb 100644 --- a/src/tools/controller/controller.cpp +++ b/src/tools/controller/controller.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// Qt-Security score:critical reason:data-parser #include <QCoreApplication> #include <QCommandLineParser> diff --git a/src/tools/launcher-qml/launcher-qml.cpp b/src/tools/launcher-qml/launcher-qml.cpp index f75cee5a..f79485a6 100644 --- a/src/tools/launcher-qml/launcher-qml.cpp +++ b/src/tools/launcher-qml/launcher-qml.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// Qt-Security score:critical reason:data-parser #include <memory> diff --git a/src/tools/package-server/psconfiguration.cpp b/src/tools/package-server/psconfiguration.cpp index 04668354..bef2d53a 100644 --- a/src/tools/package-server/psconfiguration.cpp +++ b/src/tools/package-server/psconfiguration.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2023 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// Qt-Security score:critical reason:data-parser #include <QCommandLineParser> #include <QCommandLineOption> diff --git a/src/tools/package-server/pshttpinterface.cpp b/src/tools/package-server/pshttpinterface.cpp index 7f75c140..1779cbcf 100644 --- a/src/tools/package-server/pshttpinterface.cpp +++ b/src/tools/package-server/pshttpinterface.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2023 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// Qt-Security score:critical reason:network-protocol #include <cstdio> diff --git a/src/tools/packager/packager.cpp b/src/tools/packager/packager.cpp index 89fd1305..db48ceb6 100644 --- a/src/tools/packager/packager.cpp +++ b/src/tools/packager/packager.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// Qt-Security score:critical reason:data-parser #include <memory> #include <stdio.h> diff --git a/src/tools/packager/packagingjob.cpp b/src/tools/packager/packagingjob.cpp index 4a0fb030..eb4de6a4 100644 --- a/src/tools/packager/packagingjob.cpp +++ b/src/tools/packager/packagingjob.cpp @@ -2,6 +2,7 @@ // Copyright (C) 2019 Luxoft Sweden AB // Copyright (C) 2018 Pelagicore AG // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// Qt-Security score:critical reason:cryptography #include <memory> #include <stdio.h> |