| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Change-Id: I255e7dd673be773778b99aa634278dd1995c2305
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We assume that QML or JS code comes from a trusted source. Therefore,
most files are deemed to be significant even if they parse data. This
includes the source code itself but also the associated metadata or
cache files.
However, the QML compiler also generates C++ code. Extra care needs to
be taken with the generator as a vulnerability there could propagate and
have a disproportionate effect on the program's security. It is marked
as critical.
QUIP: 23
Fixes: QTBUG-136195
Pick-to: 6.10 6.9 6.8
Change-Id: I70630361ec8e9cb3969f78a3fdf36a41334a33b3
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
|
|
|
Allow the user to specify context property names in .contextProperties.ini
files so that they can disable all warnings or only the unqualified warning
on their defined context properties by name.
I remember some use cases where checking the .qmllint.ini into a users
project repository is unwanted, so use a new setting file for the
context properties that does not mess with global/system-wide
.qmllint.ini files when checked into the repository.
Create a new class called UserContextPropertiesSettings that is in charge of
loading user context properties setting files, and use it inside of
QQmlJSLinter.
Introduce a ContextPropertyInfo class that contains both the heuristic
information and the user-provided information. ContextPropertyInfo is
used to pass the ContextProperty information down the type propagator.
Also add some documentation for the new settings file.
Task-number: QTBUG-138061
Task-number: QTBUG-128232
Change-Id: Icd700154dc89219f115fa3187c037d65451d0059
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
|
