diff options
| author | Matthias Rauter <matthias.rauter@qt.io> | 2025-06-23 12:12:09 +0200 |
|---|---|---|
| committer | Matthias Rauter <matthias.rauter@qt.io> | 2025-06-30 14:23:57 +0000 |
| commit | f10e599e3f6e5c77890281b44fad996542d60fca (patch) | |
| tree | ce5611df0f116e16c82f1511e85ea09e7cc9a068 /src | |
| parent | 6679efd2a4cc23de4ed947ef567a799d474e2079 (diff) | |
Mark QStandardPath implementation security critical
The QStandardPaths class provides access to OS-specific standard
locations on the filesystem, and also allows to search for files
within the defined directories. Other parts of the application
should be able to rely on the results returned by this class. Bugs
in this code can lead to severe issues like overwriting of user files,
reading configs from an incorrect place, or loading an incorrect
external code for execution. Therefore, the respective files are
marked security-critical.
QUIP: 23
Pick-to: 6.10 6.9 6.8
Task-number: QTBUG-135187
Change-Id: Id1a8189f2a7cde4a760446428551f2fe682d4073
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
Diffstat (limited to 'src')
| -rw-r--r-- | src/corelib/io/qstandardpaths.cpp | 1 | ||||
| -rw-r--r-- | src/corelib/io/qstandardpaths.h | 1 | ||||
| -rw-r--r-- | src/corelib/io/qstandardpaths_android.cpp | 1 | ||||
| -rw-r--r-- | src/corelib/io/qstandardpaths_haiku.cpp | 1 | ||||
| -rw-r--r-- | src/corelib/io/qstandardpaths_mac.mm | 1 | ||||
| -rw-r--r-- | src/corelib/io/qstandardpaths_unix.cpp | 1 | ||||
| -rw-r--r-- | src/corelib/io/qstandardpaths_win.cpp | 1 |
7 files changed, 7 insertions, 0 deletions
diff --git a/src/corelib/io/qstandardpaths.cpp b/src/corelib/io/qstandardpaths.cpp index be9ac52899a..6950ccfcbef 100644 --- a/src/corelib/io/qstandardpaths.cpp +++ b/src/corelib/io/qstandardpaths.cpp @@ -1,6 +1,7 @@ // Copyright (C) 2020 The Qt Company Ltd. // Copyright (C) 2016 Intel Corporation. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:provides-trusted-directory-paths #include "qstandardpaths.h" diff --git a/src/corelib/io/qstandardpaths.h b/src/corelib/io/qstandardpaths.h index 56aa2b100c2..e32e4b3f0f1 100644 --- a/src/corelib/io/qstandardpaths.h +++ b/src/corelib/io/qstandardpaths.h @@ -1,5 +1,6 @@ // Copyright (C) 2020 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:significant reason:header-decls-only #ifndef QSTANDARDPATHS_H #define QSTANDARDPATHS_H diff --git a/src/corelib/io/qstandardpaths_android.cpp b/src/corelib/io/qstandardpaths_android.cpp index 3dbbfc1e1cf..c505ebefa75 100644 --- a/src/corelib/io/qstandardpaths_android.cpp +++ b/src/corelib/io/qstandardpaths_android.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2023 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:provides-trusted-directory-paths #include "qstandardpaths.h" diff --git a/src/corelib/io/qstandardpaths_haiku.cpp b/src/corelib/io/qstandardpaths_haiku.cpp index 93eba134f35..f473ebe633a 100644 --- a/src/corelib/io/qstandardpaths_haiku.cpp +++ b/src/corelib/io/qstandardpaths_haiku.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2015 Klarälvdalens Datakonsult AB, a KDAB Group company, info@kdab.com, author Tobias Koenig <tobias.koenig@kdab.com> // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:provides-trusted-directory-paths #include "qstandardpaths.h" diff --git a/src/corelib/io/qstandardpaths_mac.mm b/src/corelib/io/qstandardpaths_mac.mm index 2acbe927361..8958afc30ef 100644 --- a/src/corelib/io/qstandardpaths_mac.mm +++ b/src/corelib/io/qstandardpaths_mac.mm @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:provides-trusted-directory-paths #include "qstandardpaths.h" diff --git a/src/corelib/io/qstandardpaths_unix.cpp b/src/corelib/io/qstandardpaths_unix.cpp index 4fe8739bcc0..744505a9136 100644 --- a/src/corelib/io/qstandardpaths_unix.cpp +++ b/src/corelib/io/qstandardpaths_unix.cpp @@ -1,6 +1,7 @@ // Copyright (C) 2020 The Qt Company Ltd. // Copyright (C) 2020 Intel Corporation. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:provides-trusted-directory-paths #include "qstandardpaths.h" #include <qdir.h> diff --git a/src/corelib/io/qstandardpaths_win.cpp b/src/corelib/io/qstandardpaths_win.cpp index 805ce65a5ac..c6471bf7917 100644 --- a/src/corelib/io/qstandardpaths_win.cpp +++ b/src/corelib/io/qstandardpaths_win.cpp @@ -1,5 +1,6 @@ // Copyright (C) 2016 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only +// Qt-Security score:critical reason:provides-trusted-directory-paths #include "qstandardpaths.h" |