From a7ca9d59dd4c02a26573f54e0597d94c8e6a475d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=98ystein=20Heskestad?= Date: Thu, 12 Jun 2025 14:57:02 +0200 Subject: Mark QtRemoteObjects as security critical The QtRemoteObjects serialization is built on top of QDataStream, but QDataStream is not secure. Mark all files parsing data as security critical. The security is dependent on the backend used. The local and QNX backends communicate only locally but are insecure on a compromised host. The TCP backend is by default insecure, but it supports TLS, and can be secure if that is used. The two files in the repparser directory are used for parsing, but only at build time, and are therefore kept at security significant. The remaining files are marked as security signifcant. QUIP: 23 Task-number: QTBUG-135570 Pick-to: 6.10 6.9 6.8 Change-Id: I11176c036d95f8c706bd05e1cab1ba499003f683 Reviewed-by: Edward Welbourne --- src/remoteobjects/qremoteobjectregistrysource.cpp | 1 + 1 file changed, 1 insertion(+) (limited to 'src/remoteobjects/qremoteobjectregistrysource.cpp') diff --git a/src/remoteobjects/qremoteobjectregistrysource.cpp b/src/remoteobjects/qremoteobjectregistrysource.cpp index ee441ef..40b2cd7 100644 --- a/src/remoteobjects/qremoteobjectregistrysource.cpp +++ b/src/remoteobjects/qremoteobjectregistrysource.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #include "qremoteobjectregistrysource_p.h" #include -- cgit v1.2.3