Mark QStandardPath implementation security critical

The QStandardPaths class provides access to OS-specific standard locations on the filesystem, and also allows to search for files within the defined directories. Other parts of the application should be able to rely on the results returned by this class. Bugs in this code can lead to severe issues like overwriting of user files, reading configs from an incorrect place, or loading an incorrect external code for execution. Therefore, the respective files are marked security-critical. QUIP: 23 Pick-to: 6.10 6.9 6.8 Task-number: QTBUG-135187 Change-Id: Id1a8189f2a7cde4a760446428551f2fe682d4073 Reviewed-by: Marc Mutz <marc.mutz@qt.io>
author: Matthias Rauter <matthias.rauter@qt.io> 2025-06-23 12:12:09 +0200
committer: Matthias Rauter <matthias.rauter@qt.io> 2025-06-30 14:23:57 +0000
commit: f10e599e3f6e5c77890281b44fad996542d60fca (patch)
tree: ce5611df0f116e16c82f1511e85ea09e7cc9a068 /src/corelib/io/qstandardpaths.cpp
parent: 6679efd2a4cc23de4ed947ef567a799d474e2079 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/corelib/io/qstandardpaths.cpp b/src/corelib/io/qstandardpaths.cpp
index be9ac52899a..6950ccfcbef 100644
--- a/src/corelib/io/qstandardpaths.cpp
+++ b/src/corelib/io/qstandardpaths.cpp
@@ -1,6 +1,7 @@
 // Copyright (C) 2020 The Qt Company Ltd.
 // Copyright (C) 2016 Intel Corporation.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:provides-trusted-directory-paths
 
 #include "qstandardpaths.h"
author	Matthias Rauter <matthias.rauter@qt.io>	2025-06-23 12:12:09 +0200
committer	Matthias Rauter <matthias.rauter@qt.io>	2025-06-30 14:23:57 +0000
commit	f10e599e3f6e5c77890281b44fad996542d60fca (patch)
tree	ce5611df0f116e16c82f1511e85ea09e7cc9a068 /src/corelib/io/qstandardpaths.cpp
parent	6679efd2a4cc23de4ed947ef567a799d474e2079 (diff)