Loading...

XML

Word

Printable

Details

Type: User Story
Resolution: Unresolved
Priority: P2: Important
Fix Version/s: None
Affects Version/s: None
Component/s: Documentation
Labels:
- EUCRA
- framework-content

Epic Link:
Qt 6 Cyber Security Documentation
Commits:
7f6a7a740 (dev), 222b9647d (6.9)

Description

Document Qt modules, classes, and methods that are meant to process untrusted data.

Background

A fundamental concept in cybersecurity analysis is identifying the processing of untrusted/unaudited data, and analyzing the data flow for it. Applications can use Qt functionality to audit and process such untrusted data. The documentation could make it explicit which Qt modules, classes, and methods are considered to be safe to process untrusted data.

Examples

Qt functionality that can process untrusted data:

File functionality (QFile and friends)
TCP Sockets
Image format handling (for image formats in qt gui)
Regular expressions
...

Qt functionality that is not meant to process untrusted data:

QML / JS engine
Plugin loading (QLibrary etc)
...

Text

This [module|class|function] is designed to process also data from untrusted sources. For more information, see the Qt Cyber Security Overview.

Attachments

Issue Links

relates to

QTBUG-110774 Qt Cyber Security Overview

Closed

mentioned in: Page Loading...

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Jerome Pasion

Reporter:: Kai Köhne

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 23 Jan '23 10:51

Updated:: 03 Mar '25 08:42

Gerrit Reviews

There are no open Gerrit changes

Show There are 2 closed Gerrit changes

Hide There are 2 closed Gerrit changes

Doc: Add Security and Untrusted Data overviews to table of contents: Gerrit Review:

Doc: Add Security and Untrusted Data overviews to table of contents: Gerrit Review: