QFileSystemModel parses and processes file paths, which includes complex logic for e.g. following symlinks. Mistakes here could easily introduce vulnerabilities. In addition, corrupted file paths might result in undefined behavior in the parsing code. Mark the implementation of that class (including the private header) as security critical. The public header only contains the declaration of a more or less typical QAbstractItemModel subclass, and can stick to the default. The remaining code in this folder can also stay with the default classification of 'significant'. QUIP: 23 Fixes: QTBUG-135218 Pick-to: 6.10 6.9 6.8 Change-Id: Iaefb5ddb02a061d67236759efc23c7ced533f361 Reviewed-by: Mate Barany <mate.barany@qt.io>