Add security header for src/qmlcompiler

We assume that QML or JS code comes from a trusted source. Therefore, most files are deemed to be significant even if they parse data. This includes the source code itself but also the associated metadata or cache files. However, the QML compiler also generates C++ code. Extra care needs to be taken with the generator as a vulnerability there could propagate and have a disproportionate effect on the program's security. It is marked as critical. QUIP: 23 Fixes: QTBUG-136195 Pick-to: 6.10 6.9 6.8 Change-Id: I70630361ec8e9cb3969f78a3fdf36a41334a33b3 Reviewed-by: Ulf Hermann <[email protected]>
author: Olivier De Cannière <[email protected]> 2025-09-16 15:41:50 +0200
committer: Olivier De Cannière <[email protected]> 2025-09-17 10:30:22 +0200
commit: 2e4c66160f0cfbc76b0154d8b989f8931b1963bf (patch)
tree: dc65c4fe69e9353aa96ee614eba669c8d20963b4 /src/qmlcompiler/qqmljscompilepass_p.h
parent: 60e5d85921369cc6574e67c6d2cd18f2701ba0ce (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/qmlcompiler/qqmljscompilepass_p.h b/src/qmlcompiler/qqmljscompilepass_p.h
index 8435de808f..fd8e316767 100644
--- a/src/qmlcompiler/qqmljscompilepass_p.h
+++ b/src/qmlcompiler/qqmljscompilepass_p.h
@@ -1,5 +1,6 @@
 // Copyright (C) 2021 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0
+// Qt-Security score:significant
 
 #ifndef QQMLJSCOMPILEPASS_P_H
 #define QQMLJSCOMPILEPASS_P_H
author	Olivier De Cannière <[email protected]>	2025-09-16 15:41:50 +0200
committer	Olivier De Cannière <[email protected]>	2025-09-17 10:30:22 +0200
commit	2e4c66160f0cfbc76b0154d8b989f8931b1963bf (patch)
tree	dc65c4fe69e9353aa96ee614eba669c8d20963b4 /src/qmlcompiler/qqmljscompilepass_p.h
parent	60e5d85921369cc6574e67c6d2cd18f2701ba0ce (diff)