diff options
| author | Øystein Heskestad <[email protected]> | 2025-06-12 14:57:02 +0200 |
|---|---|---|
| committer | Øystein Heskestad <[email protected]> | 2025-07-04 15:18:33 +0200 |
| commit | a7ca9d59dd4c02a26573f54e0597d94c8e6a475d (patch) | |
| tree | cc250b63b2bb43d56c60c61a2c096bcb2de3f833 /src/remoteobjects/qremoteobjectregistry.h | |
| parent | 9e73e405ad4ea875adb2690a28664dee7e24c4aa (diff) | |
The QtRemoteObjects serialization is built on top of QDataStream, but
QDataStream is not secure. Mark all files parsing data as security
critical.
The security is dependent on the backend used. The local and QNX
backends communicate only locally but are insecure on a compromised
host. The TCP backend is by default insecure, but it supports TLS,
and can be secure if that is used.
The two files in the repparser directory are used for parsing, but
only at build time, and are therefore kept at security significant.
The remaining files are marked as security signifcant.
QUIP: 23
Task-number: QTBUG-135570
Pick-to: 6.10 6.9 6.8
Change-Id: I11176c036d95f8c706bd05e1cab1ba499003f683
Reviewed-by: Edward Welbourne <[email protected]>
Diffstat (limited to 'src/remoteobjects/qremoteobjectregistry.h')
| -rw-r--r-- | src/remoteobjects/qremoteobjectregistry.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/remoteobjects/qremoteobjectregistry.h b/src/remoteobjects/qremoteobjectregistry.h index 12db756..a76c2d7 100644 --- a/src/remoteobjects/qremoteobjectregistry.h +++ b/src/remoteobjects/qremoteobjectregistry.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QREMOTEOBJECTREGISTRY_P_H #define QREMOTEOBJECTREGISTRY_P_H |