updates to android debug query

java/ql/src/Security/CWE/CWE-489/DebuggableAttributeTrue.ql

@@ -1,15 +1,13 @@
-// TODO: Fix up metadata
 /**
- * @name Debuggable set to true
- * @description The 'debuggable' attribute in the application section of the AndroidManifest.xml file should never be enabled in production builds // TODO: edit to be in-line wth guidelines
+ * @name Debuggable attribute enabled
+ * @description An enabled debugger can allow for entry points in the application or reveal sensitive information.
  * @kind problem
  * @problem.severity warning
- * @id java/android/debuggable-true // TODO: consider editing
- * @tags security                   // TODO: look into CWEs some more
+ * @id java/android/debuggable-attribute-enabled
+ * @tags security
  *       external/cwe/cwe-489
- *       external/cwe/cwe-710
- * @precision high                  // TODO: adjust once review query results and FP ratio
- * @security-severity 0.1           // TODO: auto-calculated: https://github.blog/changelog/2021-07-19-codeql-code-scanning-new-severity-levels-for-security-alerts/
+ * @precision very-high
+ * @security-severity 0.1
  */
 
 import java
@@ -18,5 +16,6 @@ import semmle.code.xml.AndroidManifest
 from AndroidXmlAttribute androidXmlAttr
 where
   androidXmlAttr.getName() = "debuggable" and
-  androidXmlAttr.getValue() = "true"
-select androidXmlAttr, "Warning: 'android:debuggable=true' set"
+  androidXmlAttr.getValue() = "true" and
+  not androidXmlAttr.getLocation().toString().matches("%/build/%")
+select androidXmlAttr, "The 'debuggable' attribute is enabled."