Add security header for src/qmlcompiler

We assume that QML or JS code comes from a trusted source. Therefore, most files are deemed to be significant even if they parse data. This includes the source code itself but also the associated metadata or cache files. However, the QML compiler also generates C++ code. Extra care needs to be taken with the generator as a vulnerability there could propagate and have a disproportionate effect on the program's security. It is marked as critical. QUIP: 23 Fixes: QTBUG-136195 Pick-to: 6.10 6.9 6.8 Change-Id: I70630361ec8e9cb3969f78a3fdf36a41334a33b3 Reviewed-by: Ulf Hermann <[email protected]>
author: Olivier De Cannière <[email protected]> 2025-09-16 15:41:50 +0200
committer: Olivier De Cannière <[email protected]> 2025-09-17 10:30:22 +0200
commit: 2e4c66160f0cfbc76b0154d8b989f8931b1963bf (patch)
tree: dc65c4fe69e9353aa96ee614eba669c8d20963b4 /src/qmlcompiler/qqmljsbasicblocks_p.h
parent: 60e5d85921369cc6574e67c6d2cd18f2701ba0ce (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/qmlcompiler/qqmljsbasicblocks_p.h b/src/qmlcompiler/qqmljsbasicblocks_p.h
index a443d422ea..cb36c8a6cf 100644
--- a/src/qmlcompiler/qqmljsbasicblocks_p.h
+++ b/src/qmlcompiler/qqmljsbasicblocks_p.h
@@ -1,5 +1,6 @@
 // Copyright (C) 2022 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0
+// Qt-Security score:significant
 
 #ifndef QQMLJSBASICBLOCKS_P_H
 #define QQMLJSBASICBLOCKS_P_H
author	Olivier De Cannière <[email protected]>	2025-09-16 15:41:50 +0200
committer	Olivier De Cannière <[email protected]>	2025-09-17 10:30:22 +0200
commit	2e4c66160f0cfbc76b0154d8b989f8931b1963bf (patch)
tree	dc65c4fe69e9353aa96ee614eba669c8d20963b4 /src/qmlcompiler/qqmljsbasicblocks_p.h
parent	60e5d85921369cc6574e67c6d2cd18f2701ba0ce (diff)