diff options
| author | Matthias Rauter <[email protected]> | 2025-06-23 10:31:42 +0200 |
|---|---|---|
| committer | Matthias Rauter <[email protected]> | 2025-06-26 19:12:00 +0200 |
| commit | 934a9345f703640f57b6cf65ba00eddd8487ac65 (patch) | |
| tree | a8679538a55c68cb5285a3ad8a3e09789f5f95d3 | |
| parent | 81d58eca8e0f8d181f52be0a4c923246a481ad43 (diff) | |
QSettings can be parsed from *ini files that could potentially be
corrupted. Therefore qsettings.cpp and qsettings_mac.cpp are marked
security critical.
qsettings_[win|wasm].cpp are reading the settings from the registry
or from the browser, data sources that are considered trusted. Therefore
these files are marked security significant. The header are also marked
significant.
QUIP: 23
Pick-to: 6.10 6.9 6.8
Task-number: QTBUG-135187
Change-Id: I5474c9a748b238734b5cdd50fb9e46f8379924ed
Reviewed-by: Morten Johan Sørvig <[email protected]>
Reviewed-by: Ivan Solovev <[email protected]>
| -rw-r--r-- | src/corelib/io/qsettings.cpp | 1 | ||||
| -rw-r--r-- | src/corelib/io/qsettings.h | 1 | ||||
| -rw-r--r-- | src/corelib/io/qsettings_mac.cpp | 1 | ||||
| -rw-r--r-- | src/corelib/io/qsettings_p.h | 1 | ||||
| -rw-r--r-- | src/corelib/io/qsettings_wasm.cpp | 1 | ||||
| -rw-r--r-- | src/corelib/io/qsettings_win.cpp | 1 |
6 files changed, 6 insertions, 0 deletions
diff --git a/src/corelib/io/qsettings.cpp b/src/corelib/io/qsettings.cpp index 018022b6d78..984ee546b81 100644 --- a/src/corelib/io/qsettings.cpp +++ b/src/corelib/io/qsettings.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2022 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include "qsettings.h" #include "qsettings_p.h" diff --git a/src/corelib/io/qsettings.h b/src/corelib/io/qsettings.h index 5d0356e8906..973ce2cee4b 100644 --- a/src/corelib/io/qsettings.h +++ b/src/corelib/io/qsettings.h @@ -1,5 +1,6 @@ // Copyright (C) 2020 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QSETTINGS_H #define QSETTINGS_H diff --git a/src/corelib/io/qsettings_mac.cpp b/src/corelib/io/qsettings_mac.cpp index 144ed59dc21..a2e76325969 100644 --- a/src/corelib/io/qsettings_mac.cpp +++ b/src/corelib/io/qsettings_mac.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include "qsettings.h" diff --git a/src/corelib/io/qsettings_p.h b/src/corelib/io/qsettings_p.h index 4229abd8741..3561b0e2f24 100644 --- a/src/corelib/io/qsettings_p.h +++ b/src/corelib/io/qsettings_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2022 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QSETTINGS_P_H #define QSETTINGS_P_H diff --git a/src/corelib/io/qsettings_wasm.cpp b/src/corelib/io/qsettings_wasm.cpp index 72045a2d519..32cd6b34444 100644 --- a/src/corelib/io/qsettings_wasm.cpp +++ b/src/corelib/io/qsettings_wasm.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2022 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:trusted-data-only #include "qsettings.h" #ifndef QT_NO_SETTINGS diff --git a/src/corelib/io/qsettings_win.cpp b/src/corelib/io/qsettings_win.cpp index 230383ff2cd..5b11c748060 100644 --- a/src/corelib/io/qsettings_win.cpp +++ b/src/corelib/io/qsettings_win.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:trusted-data-only #include "qsettings.h" |