Mark QStringBuilder as security-critical

As an algorithm on QString / QByteArray, it's a priori security-critical. The situation may be different if QStringBuilder was implemented only using (public) QString / QByteArray API. Then one could argue that QString should firewall the component from security risks, but it's not, so QString doesn't. The implementation is mostly in the header, and while the implementation in the .cpp file is _currently_ trivial, looking a bit ahead, the goal should, as always, be to move more stuff from the header out-of-line, so proactively keep the .cpp file at critical, too. Task-number: QTBUG-135195 Pick-to: 6.10 6.8 Change-Id: I5c28f677e74632130d4b79159e8eafd9686c7821 Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
author: Marc Mutz <marc.mutz@qt.io> 2025-09-26 10:12:28 +0200
committer: Marc Mutz <marc.mutz@qt.io> 2025-09-26 18:23:44 +0200
commit: 79cefaba8bb124d74795c943edc817b04c4815eb (patch)
tree: 8490c4e9578c7e6e92b1494bcaf4925877bcfe3d /src/corelib/text/qstringbuilder.cpp
parent: 067883abcf39b806fd0d1f79190c6d45cd6dd34f (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/corelib/text/qstringbuilder.cpp b/src/corelib/text/qstringbuilder.cpp
index 738ce833ef2..b1505259b69 100644
--- a/src/corelib/text/qstringbuilder.cpp
+++ b/src/corelib/text/qstringbuilder.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2016 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "qstringbuilder.h"
 #include <private/qstringconverter_p.h>
author	Marc Mutz <marc.mutz@qt.io>	2025-09-26 10:12:28 +0200
committer	Marc Mutz <marc.mutz@qt.io>	2025-09-26 18:23:44 +0200
commit	79cefaba8bb124d74795c943edc817b04c4815eb (patch)
tree	8490c4e9578c7e6e92b1494bcaf4925877bcfe3d /src/corelib/text/qstringbuilder.cpp
parent	067883abcf39b806fd0d1f79190c6d45cd6dd34f (diff)