Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-134551

Review and tag src/quick/items/*, src/quick/handlers/*, src/quick/util/*

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • Not Evaluated
    • None
    • None
    • Quick: Other
    • None
    • 50ba77085 (dev), bade23a54 (6.9), 1d31d6844 (6.8), 5a6edaea3 (dev), ef2e631c6 (6.9), 9c123a030 (6.8)

    Description

      The task is to review all code mentioned in the task title for the presence of code that is considered security-critical, according to https://contribute.qt-project.org/quips/23. In particular, we are looking for parsers that touch untrusted data directly. Such code should have the security header

      // Qt-Security score:critical reason:data-parser

      Definition of done:
      1. All code mentioned in the task header is reviewed
      2. If security critical code is found, the header is added.

      Attachments

        For Gerrit Dashboard: QTBUG-134551
        # Subject Branch Project Status CR V
        630595,3 Mark QQuickTextDocument as security-critical dev qt/qtdeclarative Status: ABANDONED -2 0
        630600,4 Mark QQuickPixmapCache and QQuickFontLoader as security-critical dev qt/qtdeclarative Status: ABANDONED -2 0
        630658,3 Mark QQuickSvgParser as security-critical dev qt/qtdeclarative Status: MERGED +2 0
        630662,1 Mark QQuickGridScaledImage as security-sensitive dev qt/qtdeclarative Status: ABANDONED 0 0
        631179,2 Mark QQuickSvgParser as security-critical 6.9 qt/qtdeclarative Status: MERGED +2 0
        631227,2 Mark QQuickSvgParser as security-critical 6.8 qt/qtdeclarative Status: MERGED +2 0
        631441,2 Mark qqmlstringconverters_p.h security-critical dev qt/qtdeclarative Status: MERGED +2 0
        631442,1 Mark qquickvaluetypes.cpp security-critical dev qt/qtdeclarative Status: ABANDONED -2 0
        631577,1 Mark QQuickFontLoader as security-critical dev qt/qtdeclarative Status: ABANDONED 0 0
        631712,1 Mark QQuickImageProvider as security critical dev qt/qtdeclarative Status: ABANDONED -2 0
        635257,2 Mark qqmlstringconverters_p.h security-critical 6.9 qt/qtdeclarative Status: MERGED +2 0
        635327,2 Mark qqmlstringconverters_p.h security-critical 6.8 qt/qtdeclarative Status: MERGED +2 0

        Activity

          People

            qt.team.quick.subscriptions Qt Quick and Widgets Team
            smd Jan Arve
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: