Add processing algorithm flag for SecurityRisk

And add to "Advanced Python field calculator" algorithm, as that
algorithm uses the Python exec() function and is a security
risk if run with untrusted/unchecked inputs

python/PyQt6/core/auto_additions/qgis.py

@@ -6228,6 +6228,9 @@ QgsProcessingAlgorithm.FlagRequiresProject = Qgis.ProcessingAlgorithmFlag.Requir
 QgsProcessingAlgorithm.Flag.FlagRequiresProject = Qgis.ProcessingAlgorithmFlag.RequiresProject
 QgsProcessingAlgorithm.FlagRequiresProject.is_monkey_patched = True
 QgsProcessingAlgorithm.FlagRequiresProject.__doc__ = "The algorithm requires that a valid QgsProject is available from the processing context in order to execute"
+QgsProcessingAlgorithm.SecurityRisk = Qgis.ProcessingAlgorithmFlag.SecurityRisk
+QgsProcessingAlgorithm.SecurityRisk.is_monkey_patched = True
+QgsProcessingAlgorithm.SecurityRisk.__doc__ = "The algorithm represents a potential security risk if executed with untrusted inputs. \n.. versionadded:: 3.40"
 QgsProcessingAlgorithm.FlagDeprecated = Qgis.ProcessingAlgorithmFlag.Deprecated
 QgsProcessingAlgorithm.Flag.FlagDeprecated = Qgis.ProcessingAlgorithmFlag.Deprecated
 QgsProcessingAlgorithm.FlagDeprecated.is_monkey_patched = True
@@ -6296,6 +6299,10 @@ Qgis.ProcessingAlgorithmFlag.__doc__ = """Flags indicating how and when an algor
 
   Available as ``QgsProcessingAlgorithm.FlagRequiresProject`` in older QGIS releases.
 
+* ``SecurityRisk``: The algorithm represents a potential security risk if executed with untrusted inputs.
+
+  .. versionadded:: 3.40
+
 * ``Deprecated``: Algorithm is deprecated
 
   Available as ``QgsProcessingAlgorithm.FlagDeprecated`` in older QGIS releases.

python/PyQt6/core/auto_generated/qgis.sip.in

@@ -1922,6 +1922,7 @@ The development version
       SkipGenericModelLogging,
       NotAvailableInStandaloneTool,
       RequiresProject,
+      SecurityRisk,
       Deprecated,
     };
 

python/core/auto_additions/qgis.py

@@ -6171,6 +6171,9 @@ QgsProcessingAlgorithm.FlagRequiresProject = Qgis.ProcessingAlgorithmFlag.Requir
 QgsProcessingAlgorithm.Flag.FlagRequiresProject = Qgis.ProcessingAlgorithmFlag.RequiresProject
 QgsProcessingAlgorithm.FlagRequiresProject.is_monkey_patched = True
 QgsProcessingAlgorithm.FlagRequiresProject.__doc__ = "The algorithm requires that a valid QgsProject is available from the processing context in order to execute"
+QgsProcessingAlgorithm.SecurityRisk = Qgis.ProcessingAlgorithmFlag.SecurityRisk
+QgsProcessingAlgorithm.SecurityRisk.is_monkey_patched = True
+QgsProcessingAlgorithm.SecurityRisk.__doc__ = "The algorithm represents a potential security risk if executed with untrusted inputs. \n.. versionadded:: 3.40"
 QgsProcessingAlgorithm.FlagDeprecated = Qgis.ProcessingAlgorithmFlag.Deprecated
 QgsProcessingAlgorithm.Flag.FlagDeprecated = Qgis.ProcessingAlgorithmFlag.Deprecated
 QgsProcessingAlgorithm.FlagDeprecated.is_monkey_patched = True
@@ -6239,6 +6242,10 @@ Qgis.ProcessingAlgorithmFlag.__doc__ = """Flags indicating how and when an algor
 
   Available as ``QgsProcessingAlgorithm.FlagRequiresProject`` in older QGIS releases.
 
+* ``SecurityRisk``: The algorithm represents a potential security risk if executed with untrusted inputs.
+
+  .. versionadded:: 3.40
+
 * ``Deprecated``: Algorithm is deprecated
 
   Available as ``QgsProcessingAlgorithm.FlagDeprecated`` in older QGIS releases.

python/core/auto_generated/qgis.sip.in

@@ -1922,6 +1922,7 @@ The development version
       SkipGenericModelLogging,
       NotAvailableInStandaloneTool,
       RequiresProject,
+      SecurityRisk,
       Deprecated,
     };
 

python/plugins/processing/algs/qgis/FieldPyculator.py

@@ -22,7 +22,8 @@ __copyright__ = '(C) 2012, Victor Olaya & NextGIS'
 import sys
 
 from qgis.PyQt.QtCore import QMetaType
-from qgis.core import (QgsProcessingException,
+from qgis.core import (Qgis,
+                       QgsProcessingException,
                        QgsField,
                        QgsFields,
                        QgsFeatureSink,
@@ -47,6 +48,11 @@ class FieldsPyculator(QgisAlgorithm):
     OUTPUT = 'OUTPUT'
     RESULT_VAR_NAME = 'value'
 
+    def flags(self):
+        # This algorithm represents a security risk, due to the use
+        # of the Python "exec" function
+        return super().flags() | Qgis.ProcessingAlgorithmFlag.SecurityRisk
+
     def group(self):
         return self.tr('Vector table')
 

src/core/qgis.h

@@ -3303,6 +3303,7 @@ class CORE_EXPORT Qgis
       SkipGenericModelLogging SIP_MONKEYPATCH_COMPAT_NAME( FlagSkipGenericModelLogging ) = 1 << 12, //!< When running as part of a model, the generic algorithm setup and results logging should be skipped
       NotAvailableInStandaloneTool SIP_MONKEYPATCH_COMPAT_NAME( FlagNotAvailableInStandaloneTool ) = 1 << 13, //!< Algorithm should not be available from the standalone "qgis_process" tool. Used to flag algorithms which make no sense outside of the QGIS application, such as "select by..." style algorithms.
       RequiresProject SIP_MONKEYPATCH_COMPAT_NAME( FlagRequiresProject ) = 1 << 14, //!< The algorithm requires that a valid QgsProject is available from the processing context in order to execute
+      SecurityRisk = 1 << 15, //!< The algorithm represents a potential security risk if executed with untrusted inputs. \since QGIS 3.40
       Deprecated SIP_MONKEYPATCH_COMPAT_NAME( FlagDeprecated ) = HideFromToolbox | HideFromModeler, //!< Algorithm is deprecated
     };
     Q_ENUM( ProcessingAlgorithmFlag );