Add security header for src/qmlcompiler

We assume that QML or JS code comes from a trusted source. Therefore, most files are deemed to be significant even if they parse data. This includes the source code itself but also the associated metadata or cache files. However, the QML compiler also generates C++ code. Extra care needs to be taken with the generator as a vulnerability there could propagate and have a disproportionate effect on the program's security. It is marked as critical. QUIP: 23 Fixes: QTBUG-136195 Pick-to: 6.10 6.9 6.8 Change-Id: I70630361ec8e9cb3969f78a3fdf36a41334a33b3 Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
author: Olivier De Cannière <olivier.decanniere@qt.io> 2025-09-16 15:41:50 +0200
committer: Olivier De Cannière <olivier.decanniere@qt.io> 2025-09-17 10:30:22 +0200
commit: 2e4c66160f0cfbc76b0154d8b989f8931b1963bf (patch)
tree: dc65c4fe69e9353aa96ee614eba669c8d20963b4 /src/qmlcompiler/qdeferredpointer_p.h
parent: 60e5d85921369cc6574e67c6d2cd18f2701ba0ce (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/qmlcompiler/qdeferredpointer_p.h b/src/qmlcompiler/qdeferredpointer_p.h
index 88daed8b4e..fedd859f64 100644
--- a/src/qmlcompiler/qdeferredpointer_p.h
+++ b/src/qmlcompiler/qdeferredpointer_p.h
@@ -1,5 +1,6 @@
 // Copyright (C) 2020 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0
+// Qt-Security score:significant
 
 #ifndef QDEFERREDPOINTER_P_H
 #define QDEFERREDPOINTER_P_H
author	Olivier De Cannière <olivier.decanniere@qt.io>	2025-09-16 15:41:50 +0200
committer	Olivier De Cannière <olivier.decanniere@qt.io>	2025-09-17 10:30:22 +0200
commit	2e4c66160f0cfbc76b0154d8b989f8931b1963bf (patch)
tree	dc65c4fe69e9353aa96ee614eba669c8d20963b4 /src/qmlcompiler/qdeferredpointer_p.h
parent	60e5d85921369cc6574e67c6d2cd18f2701ba0ce (diff)