Skip to content

Commit cf39cc0

Browse files
Jami CogswellJami Cogswell
authored andcommitted
updates to android debug query
1 parent 6720dba commit cf39cc0

File tree

5 files changed

+13
-14
lines changed

5 files changed

+13
-14
lines changed
Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,13 @@
1-
// TODO: Fix up metadata
21
/**
3-
* @name Debuggable set to true
4-
* @description The 'debuggable' attribute in the application section of the AndroidManifest.xml file should never be enabled in production builds // TODO: edit to be in-line wth guidelines
2+
* @name Debuggable attribute enabled
3+
* @description An enabled debugger can allow for entry points in the application or reveal sensitive information.
54
* @kind problem
65
* @problem.severity warning
7-
* @id java/android/debuggable-true // TODO: consider editing
8-
* @tags security // TODO: look into CWEs some more
6+
* @id java/android/debuggable-attribute-enabled
7+
* @tags security
98
* external/cwe/cwe-489
10-
* external/cwe/cwe-710
11-
* @precision high // TODO: adjust once review query results and FP ratio
12-
* @security-severity 0.1 // TODO: auto-calculated: https://github.blog/changelog/2021-07-19-codeql-code-scanning-new-severity-levels-for-security-alerts/
9+
* @precision very-high
10+
* @security-severity 0.1
1311
*/
1412

1513
import java
@@ -18,5 +16,6 @@ import semmle.code.xml.AndroidManifest
1816
from AndroidXmlAttribute androidXmlAttr
1917
where
2018
androidXmlAttr.getName() = "debuggable" and
21-
androidXmlAttr.getValue() = "true"
22-
select androidXmlAttr, "Warning: 'android:debuggable=true' set"
19+
androidXmlAttr.getValue() = "true" and
20+
not androidXmlAttr.getLocation().toString().matches("%/build/%")
21+
select androidXmlAttr, "The 'debuggable' attribute is enabled."
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
| TestTrue.xml:7:5:17:30 | debuggable=true | Warning: 'android:debuggable=true' set |
1+
| TestTrue.xml:7:5:17:30 | debuggable=true | Warning: debuggable attribute enabled |

java/ql/test/query-tests/security/CWE-489/TestFalse.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,6 @@
2424
<category android:name="android.intent.category.LAUNCHER" />
2525
</intent-filter>
2626
</activity>
27-
</application> <!-- test -->
27+
</application>
2828

2929
</manifest>

java/ql/test/query-tests/security/CWE-489/TestNotSet.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,6 @@
2323
<category android:name="android.intent.category.LAUNCHER" />
2424
</intent-filter>
2525
</activity>
26-
</application> <!-- test -->
26+
</application>
2727

2828
</manifest>

java/ql/test/query-tests/security/CWE-489/TestTrue.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,6 @@
2424
<category android:name="android.intent.category.LAUNCHER" />
2525
</intent-filter>
2626
</activity>
27-
</application> <!-- test -->
27+
</application>
2828

2929
</manifest>

0 commit comments

Comments
 (0)