qtattributionsscanner: Add SecurityCritical attribute

Serves as an indicator in the release process that these components need to be carefully monitored and updated (even more often than the other third-party modules). So far this is not reflected in the generated documentation. This might change in the future though. For reasoning, see also https://lists.qt-project.org/pipermail/development/2023-February/043667.html Pick-to: 6.5 Change-Id: I82c59e0198fc2fdc855aed89aa49f929391aa0ef Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io> Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
author: Kai Köhne <kai.koehne@qt.io> 2023-03-02 13:26:59 +0100
committer: Kai Köhne <kai.koehne@qt.io> 2023-03-06 09:27:17 +0100
commit: 162573d4274e703cea7d95e4ea16158b3bbf710f (patch)
tree: f2944db4afaaef142f42d487629dee4e5eed9ccf /src/qtattributionsscanner
parent: f1f4cad99a7097c8612ec1c5b05b1b5647e05251 (diff)
download: qttools-162573d4274e703cea7d95e4ea16158b3bbf710f.tar.gz
3 files changed, 19 insertions, 3 deletions
diff --git a/src/qtattributionsscanner/jsongenerator.cpp b/src/qtattributionsscanner/jsongenerator.cpp
index 3959390e5..2a194264e 100644
--- a/src/qtattributionsscanner/jsongenerator.cpp
+++ b/src/qtattributionsscanner/jsongenerator.cpp
@@ -23,6 +23,7 @@ static QJsonObject generate(Package package)
     obj.insert(u"QDocModule"_s, package.qdocModule);
     obj.insert(u"Name"_s, package.name);
     obj.insert(u"QtUsage"_s, package.qtUsage);
+    obj.insert(u"SecurityCritical"_s, package.securityCritical);
     obj.insert(u"QtParts"_s, QJsonArray::fromStringList(package.qtParts));
 
     obj.insert(u"Description"_s, package.description);
diff --git a/src/qtattributionsscanner/package.h b/src/qtattributionsscanner/package.h
index d226930eb..082d60f1e 100644
--- a/src/qtattributionsscanner/package.h
+++ b/src/qtattributionsscanner/package.h
@@ -15,6 +15,7 @@ struct Package {
     QString name; // Descriptive name of the package. Will be used as the title. Mandatory.
     QString qdocModule; // QDoc module where the documentation should be included. Mandatory.
     QString qtUsage; // How the package is used in Qt. Any way to disable? Mandatory.
+    bool securityCritical = false; // Whether code is security critical in the Qt module. Optional.
     QStringList qtParts; // Possible values are "examples", "tests", "tools", or "libs".
                          // "libs" is the default.
 
diff --git a/src/qtattributionsscanner/scanner.cpp b/src/qtattributionsscanner/scanner.cpp
index eaca5ca8c..5c0d542e1 100644
--- a/src/qtattributionsscanner/scanner.cpp
+++ b/src/qtattributionsscanner/scanner.cpp
@@ -61,6 +61,12 @@ static bool validatePackage(Package &p, const QString &filePath, LogLevel logLev
         validPackage = false;
     }
 
+    if (p.securityCritical && p.downloadLocation.isEmpty()) {
+        if (logLevel != SilentLog)
+            missingPropertyWarning(filePath, u"DownloadLocation"_s);
+        validPackage = false;
+    }
+
     for (const QString &part : std::as_const(p.qtParts)) {
         if (part != "examples"_L1 && part != "tests"_L1
             && part != "tools"_L1 && part != "libs"_L1) {
@@ -201,9 +207,8 @@ static std::optional<Package> readPackage(const QJsonObject &object, const QStri
     for (auto iter = object.constBegin(); iter != object.constEnd(); ++iter) {
         const QString key = iter.key();
 
-        if (!iter.value().isString() && key != "QtParts"_L1
-            && key != "Files"_L1
-            && key != "LicenseFiles"_L1) {
+        if (!iter.value().isString() && key != "QtParts"_L1 && key != "SecurityCritical"_L1
+            && key != "Files"_L1 && key != "LicenseFiles"_L1) {
             if (logLevel != SilentLog)
                 std::cerr << qPrintable(tr("File %1: Expected JSON string as value of %2.").arg(
                                             QDir::toNativeSeparators(filePath), key)) << std::endl;
@@ -271,6 +276,15 @@ static std::optional<Package> readPackage(const QJsonObject &object, const QStri
             p.description = value;
         } else if (key == "QtUsage"_L1) {
             p.qtUsage = value;
+        } else if (key == "SecurityCritical"_L1) {
+            if (!iter.value().isBool()) {
+                std::cerr << qPrintable(tr("File %1: Expected JSON boolean in %2.")
+                                                .arg(QDir::toNativeSeparators(filePath), key))
+                          << std::endl;
+                validPackage = false;
+                continue;
+            }
+            p.securityCritical = iter.value().toBool();
         } else if (key == "QtParts"_L1) {
             auto parts = toStringList(iter.value());
             if (!parts) {
author	Kai Köhne <kai.koehne@qt.io>	2023-03-02 13:26:59 +0100
committer	Kai Köhne <kai.koehne@qt.io>	2023-03-06 09:27:17 +0100
commit	162573d4274e703cea7d95e4ea16158b3bbf710f (patch)
tree	f2944db4afaaef142f42d487629dee4e5eed9ccf /src/qtattributionsscanner
parent	f1f4cad99a7097c8612ec1c5b05b1b5647e05251 (diff)
download	qttools-162573d4274e703cea7d95e4ea16158b3bbf710f.tar.gz