Mark qtemporaryfile.cpp as security-criticalHEAD dev

QTemporaryFileName parses and inspects a template filename, potentially from an untrusted source (althrough I would not recommend doing that). Therefore the file is marked security-critical. It might be a good idea to put QTemporaryFileName in it's own file to just mark that as security-critical. QUIP: 23 Pick-to: 6.10 6.9 6.8 Task-number: QTBUG-135187 Change-Id: I6a6b720279330f450181e768c5d1a4d29be06387 Reviewed-by: Thiago Macieira <[email protected]>
author: Matthias Rauter <[email protected]> 2025-06-18 13:58:33 +0200
committer: Matthias Rauter <[email protected]> 2025-07-04 19:24:00 +0200
commit: 18c57298e2af8fd20791208ab395e946ad3f9289 (patch)
tree: 418e75156bdb55191e118148b07cb9a15af98410
parent: 32756f7213d53a397eadc0773c34767cdc718845 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/corelib/io/qtemporaryfile.cpp b/src/corelib/io/qtemporaryfile.cpp
index c1f01267949..73e25c85ddf 100644
--- a/src/corelib/io/qtemporaryfile.cpp
+++ b/src/corelib/io/qtemporaryfile.cpp
@@ -1,6 +1,7 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // Copyright (C) 2017 Intel Corporation.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qtemporaryfile.h"
author	Matthias Rauter <[email protected]>	2025-06-18 13:58:33 +0200
committer	Matthias Rauter <[email protected]>	2025-07-04 19:24:00 +0200
commit	18c57298e2af8fd20791208ab395e946ad3f9289 (patch)
tree	418e75156bdb55191e118148b07cb9a15af98410
parent	32756f7213d53a397eadc0773c34767cdc718845 (diff)