Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| GlamArLogger.d("Glam_myApp", "onCreate: ") | ||
|
|
||
| if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) { | ||
| WebView.setWebContentsDebuggingEnabled(true) |
Check failure
Code scanning / CodeQL
Android Webview debugging enabled High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 6 months ago
To fix the problem, the call to WebView.setWebContentsDebuggingEnabled(true) should be guarded so debugging is only enabled in debug builds. The safest and most canonical way is to check the ApplicationInfo.FLAG_DEBUGGABLE flag at runtime; this indicates whether the app was built as debuggable (as is typical during development) or not (as is typical for production releases). In Kotlin, you can check it as follows:
if (0 != (applicationInfo.flags and ApplicationInfo.FLAG_DEBUGGABLE)) {
WebView.setWebContentsDebuggingEnabled(true)
}This fix should be applied in app/src/main/java/io/pixelbin/glamar/sample/MyApp.kt, replacing the unconditional call at line 20. You will also need to add an import for android.content.pm.ApplicationInfo if it is not already present.
| @@ -4,6 +4,7 @@ | ||
| import android.os.Build | ||
| import android.webkit.WebView | ||
| import android.widget.FrameLayout.LayoutParams | ||
| import android.content.pm.ApplicationInfo | ||
| import io.pixelbin.glamar.GlamAr | ||
| import io.pixelbin.glamar.GlamArLogger | ||
| import io.pixelbin.glamar.model.Configuration | ||
| @@ -17,7 +18,9 @@ | ||
| GlamArLogger.d("Glam_myApp", "onCreate: ") | ||
|
|
||
| if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) { | ||
| WebView.setWebContentsDebuggingEnabled(true) | ||
| if (0 != (applicationInfo.flags and ApplicationInfo.FLAG_DEBUGGABLE)) { | ||
| WebView.setWebContentsDebuggingEnabled(true) | ||
| } | ||
| } | ||
|
|
||
| val webView = WebView( |
3 participants
release v2.0.0