updated location part of query to use abs path and /build

Jami Cogswell · Jami Cogswell · commit 54470c794d3b · 2022-08-15T15:49:59.000-04:00
diff --git a/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeTrue.ql b/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeTrue.ql
@@ -3,11 +3,11 @@
  * @description An enabled debugger can allow for entry points in the application or reveal sensitive information.
  * @kind problem
  * @problem.severity warning
+ * @security-severity 7.2
  * @id java/android/debuggable-attribute-enabled
  * @tags security
  *       external/cwe/cwe-489
  * @precision very-high
- * @security-severity 0.1
  */
 
 import java
@@ -17,5 +17,8 @@ from AndroidXmlAttribute androidXmlAttr
 where
   androidXmlAttr.getName() = "debuggable" and
   androidXmlAttr.getValue() = "true" and
-  not androidXmlAttr.getLocation().toString().matches("%/build/%")
+  not androidXmlAttr.getLocation().getFile().getAbsolutePath().matches("%/build%") // USE THIS (from speaking with Tony) - 11 MRVA results
+//not androidXmlAttr.getLocation().toString().matches("%build%") // my original query - 2 MRVA results
+//not androidXmlAttr.getLocation().toString().matches("%/build%") // 11 MRVA results
+//not androidXmlAttr.getLocation().getFile().getAbsolutePath().matches("%build%") // 2 MRVA results...
 select androidXmlAttr, "The 'debuggable' attribute is enabled."
