Skip to content
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
github
/
codeql
Public
Notifications
You must be signed in to change notification settings
Fork
1.5k
Star
7.6k
Code
Issues
794
Pull requests
356
Discussions
Actions
Projects
0
Security
Insights
Additional navigation options
Code
Issues
Pull requests
Discussions
Actions
Projects
Security
Insights
Files
main
Breadcrumbs
codeql
/
java
/
ql
/
src
/
Security
/
CWE
/
CWE-489
/
DebuggableAttributeEnabled.ql
Blame
Blame
Latest commit
History
History
20 lines (18 loc) · 682 Bytes
main
Breadcrumbs
codeql
/
java
/
ql
/
src
/
Security
/
CWE
/
CWE-489
/
DebuggableAttributeEnabled.ql
Top
File metadata and controls
Code
Blame
20 lines (18 loc) · 682 Bytes
Raw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
/**
* @name Android debuggable attribute enabled
* @description An enabled debugger can allow for entry points in the application or reveal sensitive information.
* @kind problem
* @problem.severity warning
* @security-severity 7.2
* @id java/android/debuggable-attribute-enabled
* @tags security
* external/cwe/cwe-489
* @precision very-high
*/
import
java
import
semmle.code.xml.AndroidManifest
from
AndroidApplicationXmlElement
androidAppElem
where
androidAppElem
.
isDebuggable
(
)
and
not
androidAppElem
.
getFile
(
)
.
(
AndroidManifestXmlFile
)
.
isInBuildDirectory
(
)
select
androidAppElem
.
getAttribute
(
"debuggable"
)
,
"The 'android:debuggable' attribute is enabled."
You can’t perform that action at this time.