Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-134561

Review and tag qtbase/src/gui/kernel/*

    XMLWordPrintable

Details

    Description

      The task is to review all code mentioned in the task title for the presence of code that is considered security-critical, according to https://contribute.qt-project.org/quips/23. In particular, we are looking for parsers that touch untrusted data directly. Such code should have the security header

      // Qt-Security score:critical reason:data-parser

      Definition of done:
      1. All code mentioned in the task header is reviewed
      2. If security critical code is found, the header is added.

      Note: This is a bit fuzzy, but I think it mostly concerns about processing of untrusted data from DnD and clipboard.

      Attachments

        For Gerrit Dashboard: QTBUG-134561
        # Subject Branch Project Status CR V
        630416,2 Mark security-critical implementations in gui/kernel dev qt/qtbase Status: NEW -1 0

        Activity

          People

            srutledg Shawn Rutledge
            smd Jan Arve
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There is 1 open Gerrit change