Mark qtbase/src/corelib/plugin files as security-critical

- quuid.cpp parses the string representation of a UUID - qfactoryloader.cpp parses metadata from loaded plugin - qcoffpeparser.cpp, qelfparser_p.cpp and qmachparser.cpp as they are binary object files parsers - qlibrary.cpp, qlibrary_unix.cpp, qlibrary_win.cpp, qpluginloader.cpp are responsible for finding and loading plugins from untrusted locations. Fixes: QTBUG-135193 Change-Id: Ibbcefeab80e7455225ade620bdba45dbc592c581 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Matthias Rauter <matthias.rauter@qt.io>
author: Magdalena Stojek <magdalena.stojek@qt.io> 2025-06-03 15:22:23 +0200
committer: Magdalena Stojek <magdalena.stojek@qt.io> 2025-06-04 19:08:13 +0200
commit: e94a951862b7860c15e219dce48e60c9dc1dc3d2 (patch)
tree: e1436c2f58cc8482509a6e7c76a2ee72acebd572 /src/corelib/plugin/quuid.cpp
parent: a34195508aeebf0f0982538cdf3852f149f051ab (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/corelib/plugin/quuid.cpp b/src/corelib/plugin/quuid.cpp
index e0e395ab1a0..b1265f7a809 100644
--- a/src/corelib/plugin/quuid.cpp
+++ b/src/corelib/plugin/quuid.cpp
@@ -1,6 +1,7 @@
 // Copyright (C) 2020 The Qt Company Ltd.
 // Copyright (C) 2017 Klarälvdalens Datakonsult AB, a KDAB Group company, info@kdab.com, author Marc Mutz <marc.mutz@kdab.com>
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+// Qt-Security score:critical reason:data-parser
 
 #include "quuid.h"
 #include "quuid_p.h"
author	Magdalena Stojek <magdalena.stojek@qt.io>	2025-06-03 15:22:23 +0200
committer	Magdalena Stojek <magdalena.stojek@qt.io>	2025-06-04 19:08:13 +0200
commit	e94a951862b7860c15e219dce48e60c9dc1dc3d2 (patch)
tree	e1436c2f58cc8482509a6e7c76a2ee72acebd572 /src/corelib/plugin/quuid.cpp
parent	a34195508aeebf0f0982538cdf3852f149f051ab (diff)