hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Reword suggestion on using debug flags

Browse Source
This commit is contained in:
Joe Farebrother
2022-09-20 12:50:23 +01:00
parent 44bd038339
commit ed8ec89497
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.qhelp
View File

@@ -6,11 +6,10 @@
<overview>
<p>The <code>WebView.setWebContentsDebuggingEnabled</code> method enables or disables the contents of any <code>WebView</code> in the application to be debugged.</p>
<p>You should only enable debugging features during development. When you create a production build, you should disable it. If you enable debugging features, this can make your code vulnerable by adding entry points, or leaking sensitive information.
<p>You should only enable debugging features during development. When you create a production build, you should disable it. If you enable debugging features, this can make your code vulnerable by adding entry points, or leaking sensitive information.</p>
</overview>
<recommendation>
<p>Ensure that debugging features are not enabled in production builds.
If <code>WebView.setWebContentsDebuggingEnabled(true)</code> is used, ensure that it is guarded by a flag indicating that this is a debug build.</p>
<p>Ensure that debugging features are not enabled in production builds, such as by guarding calls to <code>WebView.setWebContentsDebuggingEnabled(true)</code> by a flag that is only enabled in debug builds.
</recommendation>
<example>