BlackBerry Limited
METHODS AND DEVICES FOR CONTEXT-BASED STRING ANALYSIS FOR VULNERATBILITY DETECTION

Abstract:

Described are methods and computing devices for identifying potential vulnerabilities in a software package. The package includes build files that include an application file and one or more associated files. The method may include scanning the application file to identify and extract a string from the application file and determining that the string is referenced in one of the associated files and obtaining data associated with the string from the associated file. The string may then be classified based, in part, on the data obtained from the associated file, and a full context may be determined for the string based, at least in part, on the classification. A relevance rank for the string is then set based on the full context and the string and its relevance rank are output.