From 229324fde044668cef6cec6b905162c100819de2 Mon Sep 17 00:00:00 2001
From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local>
Date: Tue, 2 Aug 2022 15:48:38 -0400
Subject: [PATCH] updated overview section of help file; also added 'App
 Manifest Overview' to references

---
 .../CWE/CWE-489/DebuggableAttributeEnabled.qhelp    | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.qhelp b/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.qhelp
index f07a20a4e06..48cc442e4bf 100644
--- a/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.qhelp
+++ b/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.qhelp
@@ -4,7 +4,14 @@
 <qhelp>
 
 <overview>
-<p>When a debugger is enabled it could allow for entry points in the application or reveal sensitive information.</p>
+<p>The Android manifest file defines configuration settings for Android applications.
+In this file, the <code>android:debuggable</code> attribute of the <code>application</code> element can be used to
+define whether or not the application can be debugged. When set to <code>true</code>, this attribute will allow the
+application to be debugged even when running on a device in user mode.</p>
+
+<p>When a debugger is enabled it could allow for entry points in the application or reveal sensitive information.
+As a result, <code>android:debuggable</code> should only be enabled during development and should be disabled in
+production builds.</p>
 
 </overview>
 <recommendation>
@@ -26,6 +33,10 @@ or do not include it in the manifest. The default value when not included is <co
 </example>
 <references>
 
+<li>
+  Android Developers:
+  <a href="https://developer.android.com/guide/topics/manifest/manifest-intro">App Manifest Overview</a>.
+</li>
 <li>
   Android Developers:
   <a href="https://developer.android.com/guide/topics/manifest/application-element#debug">The android:debuggable attribute</a>.