diff options
| author | Øystein Heskestad <[email protected]> | 2025-06-12 14:57:02 +0200 |
|---|---|---|
| committer | Øystein Heskestad <[email protected]> | 2025-07-04 15:18:33 +0200 |
| commit | a7ca9d59dd4c02a26573f54e0597d94c8e6a475d (patch) | |
| tree | cc250b63b2bb43d56c60c61a2c096bcb2de3f833 | |
| parent | 9e73e405ad4ea875adb2690a28664dee7e24c4aa (diff) | |
The QtRemoteObjects serialization is built on top of QDataStream, but
QDataStream is not secure. Mark all files parsing data as security
critical.
The security is dependent on the backend used. The local and QNX
backends communicate only locally but are insecure on a compromised
host. The TCP backend is by default insecure, but it supports TLS,
and can be secure if that is used.
The two files in the repparser directory are used for parsing, but
only at build time, and are therefore kept at security significant.
The remaining files are marked as security signifcant.
QUIP: 23
Task-number: QTBUG-135570
Pick-to: 6.10 6.9 6.8
Change-Id: I11176c036d95f8c706bd05e1cab1ba499003f683
Reviewed-by: Edward Welbourne <[email protected]>
56 files changed, 56 insertions, 0 deletions
diff --git a/src/remoteobjects/qconnection_local_backend.cpp b/src/remoteobjects/qconnection_local_backend.cpp index 887e288..0c18e8e 100644 --- a/src/remoteobjects/qconnection_local_backend.cpp +++ b/src/remoteobjects/qconnection_local_backend.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:insecure-local-connections #include "qconnection_local_backend_p.h" diff --git a/src/remoteobjects/qconnection_local_backend_p.h b/src/remoteobjects/qconnection_local_backend_p.h index cf1a5ba..7568da3 100644 --- a/src/remoteobjects/qconnection_local_backend_p.h +++ b/src/remoteobjects/qconnection_local_backend_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017-2015 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:declarations-only #ifndef QCONNECTIONCLIENTFACTORY_P_H #define QCONNECTIONCLIENTFACTORY_P_H diff --git a/src/remoteobjects/qconnection_qnx_backend.cpp b/src/remoteobjects/qconnection_qnx_backend.cpp index 4249ab0..28bfe4a 100644 --- a/src/remoteobjects/qconnection_qnx_backend.cpp +++ b/src/remoteobjects/qconnection_qnx_backend.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017-2016 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:insecure-local-connections #include "qconnection_qnx_backend_p.h" diff --git a/src/remoteobjects/qconnection_qnx_backend_p.h b/src/remoteobjects/qconnection_qnx_backend_p.h index 024da5c..91901ec 100644 --- a/src/remoteobjects/qconnection_qnx_backend_p.h +++ b/src/remoteobjects/qconnection_qnx_backend_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017-2016 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:declarations-only #ifndef QCONNECTIONQNXBACKEND_P_H #define QCONNECTIONQNXBACKEND_P_H diff --git a/src/remoteobjects/qconnection_qnx_global_p.h b/src/remoteobjects/qconnection_qnx_global_p.h index e2bcb6e..f8adfc3 100644 --- a/src/remoteobjects/qconnection_qnx_global_p.h +++ b/src/remoteobjects/qconnection_qnx_global_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017-2016 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QNXIPCPRIVATE_GLOBAL_H #define QNXIPCPRIVATE_GLOBAL_H diff --git a/src/remoteobjects/qconnection_qnx_qiodevices.cpp b/src/remoteobjects/qconnection_qnx_qiodevices.cpp index a411deb..e953385 100644 --- a/src/remoteobjects/qconnection_qnx_qiodevices.cpp +++ b/src/remoteobjects/qconnection_qnx_qiodevices.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017-2016 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:insecure-local-connections #include "qconnection_qnx_global_p.h" #include "qconnection_qnx_qiodevices.h" diff --git a/src/remoteobjects/qconnection_qnx_qiodevices.h b/src/remoteobjects/qconnection_qnx_qiodevices.h index 96b27fd..f6aece0 100644 --- a/src/remoteobjects/qconnection_qnx_qiodevices.h +++ b/src/remoteobjects/qconnection_qnx_qiodevices.h @@ -1,5 +1,6 @@ // Copyright (C) 2017-2016 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QQNXNATIVEIO_H #define QQNXNATIVEIO_H diff --git a/src/remoteobjects/qconnection_qnx_qiodevices_p.h b/src/remoteobjects/qconnection_qnx_qiodevices_p.h index c281b21..281439c 100644 --- a/src/remoteobjects/qconnection_qnx_qiodevices_p.h +++ b/src/remoteobjects/qconnection_qnx_qiodevices_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017-2016 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:declarations-only #ifndef QQNXNATIVEIO_P_H #define QQNXNATIVEIO_P_H diff --git a/src/remoteobjects/qconnection_qnx_server.cpp b/src/remoteobjects/qconnection_qnx_server.cpp index aa7929f..2a0c3dd 100644 --- a/src/remoteobjects/qconnection_qnx_server.cpp +++ b/src/remoteobjects/qconnection_qnx_server.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017-2016 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:insecure-local-connections #include "qconnection_qnx_global_p.h" #include "qconnection_qnx_qiodevices_p.h" diff --git a/src/remoteobjects/qconnection_qnx_server.h b/src/remoteobjects/qconnection_qnx_server.h index 26c266e..f21b4aa 100644 --- a/src/remoteobjects/qconnection_qnx_server.h +++ b/src/remoteobjects/qconnection_qnx_server.h @@ -1,5 +1,6 @@ // Copyright (C) 2017-2016 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QQNXNATIVESERVER_H #define QQNXNATIVESERVER_H diff --git a/src/remoteobjects/qconnection_qnx_server_p.h b/src/remoteobjects/qconnection_qnx_server_p.h index 3a479e0..02f4104 100644 --- a/src/remoteobjects/qconnection_qnx_server_p.h +++ b/src/remoteobjects/qconnection_qnx_server_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017-2016 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:declarations-only #ifndef QQNXNATIVESERVER_P_H #define QQNXNATIVESERVER_P_H diff --git a/src/remoteobjects/qconnection_tcpip_backend.cpp b/src/remoteobjects/qconnection_tcpip_backend.cpp index a493c03..1d1ba9e 100644 --- a/src/remoteobjects/qconnection_tcpip_backend.cpp +++ b/src/remoteobjects/qconnection_tcpip_backend.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:insecure-without-tls #include "qconnection_tcpip_backend_p.h" diff --git a/src/remoteobjects/qconnection_tcpip_backend_p.h b/src/remoteobjects/qconnection_tcpip_backend_p.h index 3c60bad..d4f18ac 100644 --- a/src/remoteobjects/qconnection_tcpip_backend_p.h +++ b/src/remoteobjects/qconnection_tcpip_backend_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017-2015 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:declarations-only #ifndef QCONNECTIONTCPIPBACKEND_P_H #define QCONNECTIONTCPIPBACKEND_P_H diff --git a/src/remoteobjects/qconnectionfactories.cpp b/src/remoteobjects/qconnectionfactories.cpp index b5885f3..5079851 100644 --- a/src/remoteobjects/qconnectionfactories.cpp +++ b/src/remoteobjects/qconnectionfactories.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017-2015 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser-and-backend-provider #include "qconnectionfactories_p.h" #include "qremoteobjectpacket_p.h" diff --git a/src/remoteobjects/qconnectionfactories.h b/src/remoteobjects/qconnectionfactories.h index 7eabfd6..210f957 100644 --- a/src/remoteobjects/qconnectionfactories.h +++ b/src/remoteobjects/qconnectionfactories.h @@ -1,5 +1,6 @@ // Copyright (C) 2021 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QCONNECTIONFACTORIES_H #define QCONNECTIONFACTORIES_H diff --git a/src/remoteobjects/qconnectionfactories_p.h b/src/remoteobjects/qconnectionfactories_p.h index 78ad10c..fa85878 100644 --- a/src/remoteobjects/qconnectionfactories_p.h +++ b/src/remoteobjects/qconnectionfactories_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017-2015 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:declarations-only #ifndef QCONNECTIONFACTORIES_P_H #define QCONNECTIONFACTORIES_P_H diff --git a/src/remoteobjects/qremoteobjectabstractitemmodeladapter.cpp b/src/remoteobjects/qremoteobjectabstractitemmodeladapter.cpp index ce45fb5..f5ea436 100644 --- a/src/remoteobjects/qremoteobjectabstractitemmodeladapter.cpp +++ b/src/remoteobjects/qremoteobjectabstractitemmodeladapter.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #include "qremoteobjectabstractitemmodeladapter_p.h" diff --git a/src/remoteobjects/qremoteobjectabstractitemmodeladapter_p.h b/src/remoteobjects/qremoteobjectabstractitemmodeladapter_p.h index 8033d94..4b8c8c9 100644 --- a/src/remoteobjects/qremoteobjectabstractitemmodeladapter_p.h +++ b/src/remoteobjects/qremoteobjectabstractitemmodeladapter_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QREMOTEOBJECTS_ABSTRACT_ITEM_ADAPTER_P_H #define QREMOTEOBJECTS_ABSTRACT_ITEM_ADAPTER_P_H diff --git a/src/remoteobjects/qremoteobjectabstractitemmodelreplica.cpp b/src/remoteobjects/qremoteobjectabstractitemmodelreplica.cpp index d654d80..5e0e783 100644 --- a/src/remoteobjects/qremoteobjectabstractitemmodelreplica.cpp +++ b/src/remoteobjects/qremoteobjectabstractitemmodelreplica.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #include "qremoteobjectabstractitemmodelreplica.h" #include "qremoteobjectabstractitemmodelreplica_p.h" diff --git a/src/remoteobjects/qremoteobjectabstractitemmodelreplica.h b/src/remoteobjects/qremoteobjectabstractitemmodelreplica.h index 80e7a14..ffffc3f 100644 --- a/src/remoteobjects/qremoteobjectabstractitemmodelreplica.h +++ b/src/remoteobjects/qremoteobjectabstractitemmodelreplica.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QREMOTEOBJECTS_ABSTRACTITEMMODELREPLICA_H #define QREMOTEOBJECTS_ABSTRACTITEMMODELREPLICA_H diff --git a/src/remoteobjects/qremoteobjectabstractitemmodelreplica_p.h b/src/remoteobjects/qremoteobjectabstractitemmodelreplica_p.h index 34c0753..01ae558 100644 --- a/src/remoteobjects/qremoteobjectabstractitemmodelreplica_p.h +++ b/src/remoteobjects/qremoteobjectabstractitemmodelreplica_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QREMOTEOBJECTS_ABSTRACT_ITEM_REPLICA_P_H #define QREMOTEOBJECTS_ABSTRACT_ITEM_REPLICA_P_H diff --git a/src/remoteobjects/qremoteobjectabstractitemmodeltypes_p.h b/src/remoteobjects/qremoteobjectabstractitemmodeltypes_p.h index 922ab31..d5e78eb 100644 --- a/src/remoteobjects/qremoteobjectabstractitemmodeltypes_p.h +++ b/src/remoteobjects/qremoteobjectabstractitemmodeltypes_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #ifndef QREMOTEOBJECTS_ABSTRACT_ITEM_MODEL_TYPES_P_H #define QREMOTEOBJECTS_ABSTRACT_ITEM_MODEL_TYPES_P_H diff --git a/src/remoteobjects/qremoteobjectcontainers.cpp b/src/remoteobjects/qremoteobjectcontainers.cpp index 9e4cc40..3702dbc 100644 --- a/src/remoteobjects/qremoteobjectcontainers.cpp +++ b/src/remoteobjects/qremoteobjectcontainers.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2021 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include <QtCore/qiodevice.h> diff --git a/src/remoteobjects/qremoteobjectcontainers_p.h b/src/remoteobjects/qremoteobjectcontainers_p.h index 54299e3..d2ca244 100644 --- a/src/remoteobjects/qremoteobjectcontainers_p.h +++ b/src/remoteobjects/qremoteobjectcontainers_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2021 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:declarations-only #ifndef QREMOTEOBJECTCONTAINERS_P_H #define QREMOTEOBJECTCONTAINERS_P_H diff --git a/src/remoteobjects/qremoteobjectdynamicreplica.cpp b/src/remoteobjects/qremoteobjectdynamicreplica.cpp index 7c6bcbc..8ae54ba 100644 --- a/src/remoteobjects/qremoteobjectdynamicreplica.cpp +++ b/src/remoteobjects/qremoteobjectdynamicreplica.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #include "qremoteobjectdynamicreplica.h" #include "qremoteobjectreplica_p.h" diff --git a/src/remoteobjects/qremoteobjectdynamicreplica.h b/src/remoteobjects/qremoteobjectdynamicreplica.h index a159153..22a7c0d 100644 --- a/src/remoteobjects/qremoteobjectdynamicreplica.h +++ b/src/remoteobjects/qremoteobjectdynamicreplica.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QDYNAMICREMOTEOBJECT_H #define QDYNAMICREMOTEOBJECT_H diff --git a/src/remoteobjects/qremoteobjectnode.cpp b/src/remoteobjects/qremoteobjectnode.cpp index 5212e97..f1f917a 100644 --- a/src/remoteobjects/qremoteobjectnode.cpp +++ b/src/remoteobjects/qremoteobjectnode.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:potentially-allows-insecure-connections #include "private/qmetaobjectbuilder_p.h" diff --git a/src/remoteobjects/qremoteobjectnode.h b/src/remoteobjects/qremoteobjectnode.h index 13e2540..3d3dc3d 100644 --- a/src/remoteobjects/qremoteobjectnode.h +++ b/src/remoteobjects/qremoteobjectnode.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QREMOTEOBJECTNODE_H #define QREMOTEOBJECTNODE_H diff --git a/src/remoteobjects/qremoteobjectnode_p.h b/src/remoteobjects/qremoteobjectnode_p.h index 3178d7c..fb89abc 100644 --- a/src/remoteobjects/qremoteobjectnode_p.h +++ b/src/remoteobjects/qremoteobjectnode_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:declarations-only #ifndef QREMOTEOBJECTNODE_P_H #define QREMOTEOBJECTNODE_P_H diff --git a/src/remoteobjects/qremoteobjectpacket.cpp b/src/remoteobjects/qremoteobjectpacket.cpp index 41f28d6..6f81a24 100644 --- a/src/remoteobjects/qremoteobjectpacket.cpp +++ b/src/remoteobjects/qremoteobjectpacket.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include <QtCore/qabstractitemmodel.h> #include <QtCore/qbytearrayview.h> diff --git a/src/remoteobjects/qremoteobjectpacket_p.h b/src/remoteobjects/qremoteobjectpacket_p.h index a0daf14..ff1e4d5 100644 --- a/src/remoteobjects/qremoteobjectpacket_p.h +++ b/src/remoteobjects/qremoteobjectpacket_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2021 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #ifndef QTREMOTEOBJECTPACKET_P_H #define QTREMOTEOBJECTPACKET_P_H diff --git a/src/remoteobjects/qremoteobjectpendingcall.cpp b/src/remoteobjects/qremoteobjectpendingcall.cpp index 1bdd0f2..5d6800e 100644 --- a/src/remoteobjects/qremoteobjectpendingcall.cpp +++ b/src/remoteobjects/qremoteobjectpendingcall.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #include "qremoteobjectpendingcall.h" #include "qremoteobjectpendingcall_p.h" diff --git a/src/remoteobjects/qremoteobjectpendingcall.h b/src/remoteobjects/qremoteobjectpendingcall.h index 72bdfb0..61d8642 100644 --- a/src/remoteobjects/qremoteobjectpendingcall.h +++ b/src/remoteobjects/qremoteobjectpendingcall.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QREMOTEOBJECTPENDINGCALL_H #define QREMOTEOBJECTPENDINGCALL_H diff --git a/src/remoteobjects/qremoteobjectpendingcall_p.h b/src/remoteobjects/qremoteobjectpendingcall_p.h index 3b66ead..b00b93b 100644 --- a/src/remoteobjects/qremoteobjectpendingcall_p.h +++ b/src/remoteobjects/qremoteobjectpendingcall_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QREMOTEOBJECTPENDINGCALL_P_H #define QREMOTEOBJECTPENDINGCALL_P_H diff --git a/src/remoteobjects/qremoteobjectregistry.cpp b/src/remoteobjects/qremoteobjectregistry.cpp index 4e09e27..dcb38eb 100644 --- a/src/remoteobjects/qremoteobjectregistry.cpp +++ b/src/remoteobjects/qremoteobjectregistry.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #include "qremoteobjectregistry.h" #include "qremoteobjectreplica_p.h" diff --git a/src/remoteobjects/qremoteobjectregistry.h b/src/remoteobjects/qremoteobjectregistry.h index 12db756..a76c2d7 100644 --- a/src/remoteobjects/qremoteobjectregistry.h +++ b/src/remoteobjects/qremoteobjectregistry.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QREMOTEOBJECTREGISTRY_P_H #define QREMOTEOBJECTREGISTRY_P_H diff --git a/src/remoteobjects/qremoteobjectregistrysource.cpp b/src/remoteobjects/qremoteobjectregistrysource.cpp index ee441ef..40b2cd7 100644 --- a/src/remoteobjects/qremoteobjectregistrysource.cpp +++ b/src/remoteobjects/qremoteobjectregistrysource.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #include "qremoteobjectregistrysource_p.h" #include <QtCore/qdatastream.h> diff --git a/src/remoteobjects/qremoteobjectregistrysource_p.h b/src/remoteobjects/qremoteobjectregistrysource_p.h index b1375e4..3e66c7f 100644 --- a/src/remoteobjects/qremoteobjectregistrysource_p.h +++ b/src/remoteobjects/qremoteobjectregistrysource_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QREGISTRYSOURCE_P_H #define QREGISTRYSOURCE_P_H diff --git a/src/remoteobjects/qremoteobjectreplica.cpp b/src/remoteobjects/qremoteobjectreplica.cpp index 498d869..484bd48 100644 --- a/src/remoteobjects/qremoteobjectreplica.cpp +++ b/src/remoteobjects/qremoteobjectreplica.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:network-protocol #include "qremoteobjectreplica.h" #include "qremoteobjectreplica_p.h" diff --git a/src/remoteobjects/qremoteobjectreplica.h b/src/remoteobjects/qremoteobjectreplica.h index c2a5275..ce7aa55 100644 --- a/src/remoteobjects/qremoteobjectreplica.h +++ b/src/remoteobjects/qremoteobjectreplica.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QQREMOTEOBJECTREPLICA_H #define QQREMOTEOBJECTREPLICA_H diff --git a/src/remoteobjects/qremoteobjectreplica_p.h b/src/remoteobjects/qremoteobjectreplica_p.h index d677f00..d554084 100644 --- a/src/remoteobjects/qremoteobjectreplica_p.h +++ b/src/remoteobjects/qremoteobjectreplica_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:declarations-only #ifndef QREMOTEOBJECTREPLICA_P_H #define QREMOTEOBJECTREPLICA_P_H diff --git a/src/remoteobjects/qremoteobjectrepparser.cpp b/src/remoteobjects/qremoteobjectrepparser.cpp index e4f5486..a5311c6 100644 --- a/src/remoteobjects/qremoteobjectrepparser.cpp +++ b/src/remoteobjects/qremoteobjectrepparser.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2024 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include "qremoteobjectnode_p.h" #include "qremoteobjectrepparser_p.h" diff --git a/src/remoteobjects/qremoteobjectrepparser_p.h b/src/remoteobjects/qremoteobjectrepparser_p.h index b076190..0f36b38 100644 --- a/src/remoteobjects/qremoteobjectrepparser_p.h +++ b/src/remoteobjects/qremoteobjectrepparser_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2024 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:declarations-only #ifndef QREMOTEOBJECTREPPARSER_P_H #define QREMOTEOBJECTREPPARSER_P_H diff --git a/src/remoteobjects/qremoteobjectsettingsstore.cpp b/src/remoteobjects/qremoteobjectsettingsstore.cpp index 997c0cb..1fb18f5 100644 --- a/src/remoteobjects/qremoteobjectsettingsstore.cpp +++ b/src/remoteobjects/qremoteobjectsettingsstore.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #include "qremoteobjectsettingsstore.h" diff --git a/src/remoteobjects/qremoteobjectsettingsstore.h b/src/remoteobjects/qremoteobjectsettingsstore.h index 764e159..7616ee6 100644 --- a/src/remoteobjects/qremoteobjectsettingsstore.h +++ b/src/remoteobjects/qremoteobjectsettingsstore.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QREMOTEOBJECTSETTINGSSTORE_H #define QREMOTEOBJECTSETTINGSSTORE_H diff --git a/src/remoteobjects/qremoteobjectsource.cpp b/src/remoteobjects/qremoteobjectsource.cpp index d88d5c2..024d1fd 100644 --- a/src/remoteobjects/qremoteobjectsource.cpp +++ b/src/remoteobjects/qremoteobjectsource.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:data-parser #include "qremoteobjectsource.h" #include "qremoteobjectsource_p.h" diff --git a/src/remoteobjects/qremoteobjectsource.h b/src/remoteobjects/qremoteobjectsource.h index 19c5f6e..0944d5c 100644 --- a/src/remoteobjects/qremoteobjectsource.h +++ b/src/remoteobjects/qremoteobjectsource.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QREMOTEOBJECTSOURCE_H #define QREMOTEOBJECTSOURCE_H diff --git a/src/remoteobjects/qremoteobjectsource_p.h b/src/remoteobjects/qremoteobjectsource_p.h index 5a7b6d7..dd73996 100644 --- a/src/remoteobjects/qremoteobjectsource_p.h +++ b/src/remoteobjects/qremoteobjectsource_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:declarations-only #ifndef QREMOTEOBJECTSOURCE_P_H #define QREMOTEOBJECTSOURCE_P_H diff --git a/src/remoteobjects/qremoteobjectsourceio.cpp b/src/remoteobjects/qremoteobjectsourceio.cpp index ebc4654..f7a7fd6 100644 --- a/src/remoteobjects/qremoteobjectsourceio.cpp +++ b/src/remoteobjects/qremoteobjectsourceio.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:network-protocol #include "qremoteobjectsourceio_p.h" diff --git a/src/remoteobjects/qremoteobjectsourceio_p.h b/src/remoteobjects/qremoteobjectsourceio_p.h index 68ab468..0edddbe 100644 --- a/src/remoteobjects/qremoteobjectsourceio_p.h +++ b/src/remoteobjects/qremoteobjectsourceio_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:declarations-only #ifndef QREMOTEOBJECTSOURCEIO_P_H #define QREMOTEOBJECTSOURCEIO_P_H diff --git a/src/remoteobjects/qremoteobjectstructs_p.h b/src/remoteobjects/qremoteobjectstructs_p.h index 0f04479..152a7a3 100644 --- a/src/remoteobjects/qremoteobjectstructs_p.h +++ b/src/remoteobjects/qremoteobjectstructs_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2024 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QREMOTEOBJECTSTRUCTS_P_H #define QREMOTEOBJECTSTRUCTS_P_H diff --git a/src/remoteobjects/qtremoteobjectglobal.cpp b/src/remoteobjects/qtremoteobjectglobal.cpp index e1f08d1..b1ac3e4 100644 --- a/src/remoteobjects/qtremoteobjectglobal.cpp +++ b/src/remoteobjects/qtremoteobjectglobal.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #include "qtremoteobjectglobal.h" #include "qremoteobjectpacket_p.h" diff --git a/src/remoteobjects/qtremoteobjectglobal.h b/src/remoteobjects/qtremoteobjectglobal.h index 615a81c..6acbfed 100644 --- a/src/remoteobjects/qtremoteobjectglobal.h +++ b/src/remoteobjects/qtremoteobjectglobal.h @@ -1,5 +1,6 @@ // Copyright (C) 2017 Ford Motor Company // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QTREMOTEOBJECTGLOBAL_H #define QTREMOTEOBJECTGLOBAL_H diff --git a/src/remoteobjectsqml/qremoteobjectsqml_p.h b/src/remoteobjectsqml/qremoteobjectsqml_p.h index 684673d..8d3fc27 100644 --- a/src/remoteobjectsqml/qremoteobjectsqml_p.h +++ b/src/remoteobjectsqml/qremoteobjectsqml_p.h @@ -1,5 +1,6 @@ // Copyright (C) 2021 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:default #ifndef QREMOTEOBJECTSQML_P_H #define QREMOTEOBJECTSQML_P_H diff --git a/src/repparser/parser.g b/src/repparser/parser.g index fb76790..53bd47d 100644 --- a/src/repparser/parser.g +++ b/src/repparser/parser.g @@ -1,5 +1,6 @@ -- Copyright (C) 2014-2020 Ford Motor Company. -- SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +-- Qt-Security score:significant reason:parsing-build-time-only %parser rep_grammar %decl repparser.h diff --git a/src/repparser/qregexparser.h b/src/repparser/qregexparser.h index 8c8ea47..2213438 100644 --- a/src/repparser/qregexparser.h +++ b/src/repparser/qregexparser.h @@ -1,6 +1,7 @@ // Copyright (C) 2017-2020 Ford Motor Company. // Copyright (C) 2017 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:parsing-build-time-only #ifndef QREGEXPARSER_H #define QREGEXPARSER_H |