Add security header for src/qmlcompiler

We assume that QML or JS code comes from a trusted source. Therefore, most files are deemed to be significant even if they parse data. This includes the source code itself but also the associated metadata or cache files. However, the QML compiler also generates C++ code. Extra care needs to be taken with the generator as a vulnerability there could propagate and have a disproportionate effect on the program's security. It is marked as critical. QUIP: 23 Fixes: QTBUG-136195 Pick-to: 6.10 6.9 6.8 Change-Id: I70630361ec8e9cb3969f78a3fdf36a41334a33b3 Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
author: Olivier De Cannière <olivier.decanniere@qt.io> 2025-09-16 15:41:50 +0200
committer: Olivier De Cannière <olivier.decanniere@qt.io> 2025-09-17 10:30:22 +0200
commit: 2e4c66160f0cfbc76b0154d8b989f8931b1963bf (patch)
tree: dc65c4fe69e9353aa96ee614eba669c8d20963b4 /src/qmlcompiler/qqmljsbasicblocks.cpp
parent: 60e5d85921369cc6574e67c6d2cd18f2701ba0ce (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/qmlcompiler/qqmljsbasicblocks.cpp b/src/qmlcompiler/qqmljsbasicblocks.cpp
index 4e60dea6e3..2145f95d9d 100644
--- a/src/qmlcompiler/qqmljsbasicblocks.cpp
+++ b/src/qmlcompiler/qqmljsbasicblocks.cpp
@@ -1,5 +1,6 @@
 // Copyright (C) 2022 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0
+// Qt-Security score:significant
 
 #include "qqmljsbasicblocks_p.h"
author	Olivier De Cannière <olivier.decanniere@qt.io>	2025-09-16 15:41:50 +0200
committer	Olivier De Cannière <olivier.decanniere@qt.io>	2025-09-17 10:30:22 +0200
commit	2e4c66160f0cfbc76b0154d8b989f8931b1963bf (patch)
tree	dc65c4fe69e9353aa96ee614eba669c8d20963b4 /src/qmlcompiler/qqmljsbasicblocks.cpp
parent	60e5d85921369cc6574e67c6d2cd18f2701ba0ce (diff)