On 11/07/2024 15:21, Volker Hilsheimer wrote:
For many APIs, application code provides the data (perhaps indirectly), e.g. to QDateTime::fromString. In that case we can assume that the application had at least some chance to scrub the input, or at the very least control where that string comes from (perhaps a file on disk). For other APIs, Qt processes the data without the application seeing it (eg. network protocol, loading an image etc from file).
I'm not too sure I appreciate the difference here. Either the input is trusted (= the onus of validating it, if any, is on the application / system side), or it is not (= Qt can't assume anything about it and must validate it).
To document the respective expectations and responsibilities on a higher level, we need start with understanding and documenting what the code does. The header helps us with that, and at the same time enables some degree of automation.
Fair enough, but then I'd kindly ask to reframe this discussion with this in mind; that is, this isn't about "security" in general, it's about untrusted inputs. I'm not sure what buzzword to use here, though.
So what is the plan of action? * Define what "external inputs" are? * Identifying code in Qt that processes such external inputs?* Figure out whether such code deals with trusted or untrusted inputs, and add relevant notes in the documentation (where?)? * If it's untrusted, figure out whether Qt is directly responsible for parsing the input, or if Qt is just offloading it to a 3rd party (e.g. image formats), or possibly both?
* Tag all the files that contain such code according to some schema?* (Possibly, refactor the code in separate .cpp files to isolate it, so that the tagging can be "accurate"?) * Check that we have fuzzing, ubsan, etc. enabled on Qt code that parses untrusted inputs?
Thanks, -- Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Senior Software Engineer KDAB (France) S.A.S., a KDAB Group company Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com KDAB - Trusted Software Excellence
smime.p7s
Description: S/MIME Cryptographic Signature
-- Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development
