Qt-Security-QWebengineViewLoad¶

Check QWebEngineView::load

Required inputs: IR

The QWebEngine class allows for web content to be displayed within a Qt application. Pages are loaded using the QWebEngineView::load() method. This rule flags all calls to QWebEngineView::load() that use the insecure HTTP scheme instead of the secure HTTPS scheme. Using the insecure HTTP scheme may allow an attacker to intercept and manipulate the traffic, e.g., inject malicious code into the page.

Possible Messages

Key	Text	Severity	Disabled
insecure_scheme	The url passed to QWebEngineView::load uses the insecure http scheme.	None	False

Options

This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity
The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions
This rule has no individual options.

Axivion Suite 7.12.0

Navigation

Qt-Security-QWebengineViewLoad¶