diff options
author | Kai Köhne <kai.koehne@qt.io> | 2023-03-02 13:26:59 +0100 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2023-03-11 09:00:28 +0000 |
commit | b2950ef81749ee156668d1ac6b466b1580dd97e5 (patch) | |
tree | 03befcb54586e2fb0de350a8e4eb4dd7481c12e8 | |
parent | e7efd30f68bc26356031d2686f69a437b53ae1bc (diff) | |
download | qttools-b2950ef81749ee156668d1ac6b466b1580dd97e5.tar.gz |
qtattributionsscanner: Add SecurityCritical attribute
Serves as an indicator in the release process that these components need
to be carefully monitored and updated (even more often than the other
third-party modules).
So far this is not reflected in the generated documentation. This might
change in the future though.
For reasoning, see also
https://lists.qt-project.org/pipermail/development/2023-February/043667.html
Change-Id: I82c59e0198fc2fdc855aed89aa49f929391aa0ef
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit 162573d4274e703cea7d95e4ea16158b3bbf710f)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
8 files changed, 28 insertions, 3 deletions
diff --git a/src/qtattributionsscanner/jsongenerator.cpp b/src/qtattributionsscanner/jsongenerator.cpp index 3959390e5..2a194264e 100644 --- a/src/qtattributionsscanner/jsongenerator.cpp +++ b/src/qtattributionsscanner/jsongenerator.cpp @@ -23,6 +23,7 @@ static QJsonObject generate(Package package) obj.insert(u"QDocModule"_s, package.qdocModule); obj.insert(u"Name"_s, package.name); obj.insert(u"QtUsage"_s, package.qtUsage); + obj.insert(u"SecurityCritical"_s, package.securityCritical); obj.insert(u"QtParts"_s, QJsonArray::fromStringList(package.qtParts)); obj.insert(u"Description"_s, package.description); diff --git a/src/qtattributionsscanner/package.h b/src/qtattributionsscanner/package.h index d226930eb..082d60f1e 100644 --- a/src/qtattributionsscanner/package.h +++ b/src/qtattributionsscanner/package.h @@ -15,6 +15,7 @@ struct Package { QString name; // Descriptive name of the package. Will be used as the title. Mandatory. QString qdocModule; // QDoc module where the documentation should be included. Mandatory. QString qtUsage; // How the package is used in Qt. Any way to disable? Mandatory. + bool securityCritical = false; // Whether code is security critical in the Qt module. Optional. QStringList qtParts; // Possible values are "examples", "tests", "tools", or "libs". // "libs" is the default. diff --git a/src/qtattributionsscanner/scanner.cpp b/src/qtattributionsscanner/scanner.cpp index eaca5ca8c..5c0d542e1 100644 --- a/src/qtattributionsscanner/scanner.cpp +++ b/src/qtattributionsscanner/scanner.cpp @@ -61,6 +61,12 @@ static bool validatePackage(Package &p, const QString &filePath, LogLevel logLev validPackage = false; } + if (p.securityCritical && p.downloadLocation.isEmpty()) { + if (logLevel != SilentLog) + missingPropertyWarning(filePath, u"DownloadLocation"_s); + validPackage = false; + } + for (const QString &part : std::as_const(p.qtParts)) { if (part != "examples"_L1 && part != "tests"_L1 && part != "tools"_L1 && part != "libs"_L1) { @@ -201,9 +207,8 @@ static std::optional<Package> readPackage(const QJsonObject &object, const QStri for (auto iter = object.constBegin(); iter != object.constEnd(); ++iter) { const QString key = iter.key(); - if (!iter.value().isString() && key != "QtParts"_L1 - && key != "Files"_L1 - && key != "LicenseFiles"_L1) { + if (!iter.value().isString() && key != "QtParts"_L1 && key != "SecurityCritical"_L1 + && key != "Files"_L1 && key != "LicenseFiles"_L1) { if (logLevel != SilentLog) std::cerr << qPrintable(tr("File %1: Expected JSON string as value of %2.").arg( QDir::toNativeSeparators(filePath), key)) << std::endl; @@ -271,6 +276,15 @@ static std::optional<Package> readPackage(const QJsonObject &object, const QStri p.description = value; } else if (key == "QtUsage"_L1) { p.qtUsage = value; + } else if (key == "SecurityCritical"_L1) { + if (!iter.value().isBool()) { + std::cerr << qPrintable(tr("File %1: Expected JSON boolean in %2.") + .arg(QDir::toNativeSeparators(filePath), key)) + << std::endl; + validPackage = false; + continue; + } + p.securityCritical = iter.value().toBool(); } else if (key == "QtParts"_L1) { auto parts = toStringList(iter.value()); if (!parts) { diff --git a/tests/auto/qtattributionsscanner/testdata/good/complete/qt_attribution_test.json b/tests/auto/qtattributionsscanner/testdata/good/complete/qt_attribution_test.json index dbdcefab8..22eadd8cd 100644 --- a/tests/auto/qtattributionsscanner/testdata/good/complete/qt_attribution_test.json +++ b/tests/auto/qtattributionsscanner/testdata/good/complete/qt_attribution_test.json @@ -18,6 +18,7 @@ Usage", "Homepage": "www.qt.io", "Version": "1.0", "DownloadLocation": "www.qt.io/1.0", + "SecurityCritical": true, "LicenseId": "xxx", "LicenseFile": "../../../../../../LICENSES/BSD-3-Clause.txt", "PackageComment": "just a test package" diff --git a/tests/auto/qtattributionsscanner/testdata/good/expected.json b/tests/auto/qtattributionsscanner/testdata/good/expected.json index f5d5fa5d2..adde0d86b 100644 --- a/tests/auto/qtattributionsscanner/testdata/good/expected.json +++ b/tests/auto/qtattributionsscanner/testdata/good/expected.json @@ -18,6 +18,7 @@ "libs" ], "QtUsage": "Used in Qt WebEngine", + "SecurityCritical": false, "Version": "" }, { @@ -39,6 +40,7 @@ "examples" ], "QtUsage": "Multi\nLine\nUsage", + "SecurityCritical": true, "Version": "1.0" }, { @@ -60,6 +62,7 @@ "libs" ], "QtUsage": "Usage", + "SecurityCritical": false, "Version": "" }, { @@ -81,6 +84,7 @@ "libs" ], "QtUsage": "Usage", + "SecurityCritical": false, "Version": "" }, { @@ -105,6 +109,7 @@ "libs" ], "QtUsage": "Usage", + "SecurityCritical": false, "Version": "" } ] diff --git a/tests/auto/qtattributionsscanner/testdata/good/licenses-dir/expected.json b/tests/auto/qtattributionsscanner/testdata/good/licenses-dir/expected.json index 1e808b008..ab5c31309 100644 --- a/tests/auto/qtattributionsscanner/testdata/good/licenses-dir/expected.json +++ b/tests/auto/qtattributionsscanner/testdata/good/licenses-dir/expected.json @@ -18,6 +18,7 @@ "libs" ], "QtUsage": "Usage", + "SecurityCritical": false, "Version": "" } ] diff --git a/tests/auto/qtattributionsscanner/testdata/good/minimal/expected.json b/tests/auto/qtattributionsscanner/testdata/good/minimal/expected.json index fcde8f084..546830d3f 100644 --- a/tests/auto/qtattributionsscanner/testdata/good/minimal/expected.json +++ b/tests/auto/qtattributionsscanner/testdata/good/minimal/expected.json @@ -18,6 +18,7 @@ "libs" ], "QtUsage": "Usage", + "SecurityCritical": false, "Version": "" } ] diff --git a/tests/auto/qtattributionsscanner/testdata/good/variants/expected.json b/tests/auto/qtattributionsscanner/testdata/good/variants/expected.json index 10a339175..f69f55726 100644 --- a/tests/auto/qtattributionsscanner/testdata/good/variants/expected.json +++ b/tests/auto/qtattributionsscanner/testdata/good/variants/expected.json @@ -21,6 +21,7 @@ "libs" ], "QtUsage": "Usage", + "SecurityCritical": false, "Version": "" } ] |