Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/sslsniff-0.8/HTTPSBridge.cpp Examining data/sslsniff-0.8/sslsniff.cpp Examining data/sslsniff-0.8/HTTPSBridge.hpp Examining data/sslsniff-0.8/UpdateManager.cpp Examining data/sslsniff-0.8/FirefoxAddonUpdater.cpp Examining data/sslsniff-0.8/FirefoxAddonUpdater.hpp Examining data/sslsniff-0.8/FingerprintManager.cpp Examining data/sslsniff-0.8/Bridge.hpp Examining data/sslsniff-0.8/util/Util.hpp Examining data/sslsniff-0.8/util/Destination.hpp Examining data/sslsniff-0.8/util/Destination.cpp Examining data/sslsniff-0.8/FingerprintManager.hpp Examining data/sslsniff-0.8/sslsniff.hpp Examining data/sslsniff-0.8/UpdateManager.hpp Examining data/sslsniff-0.8/FirefoxUpdater.cpp Examining data/sslsniff-0.8/SSLConnectionManager.hpp Examining data/sslsniff-0.8/FirefoxUpdater.hpp Examining data/sslsniff-0.8/Logger.cpp Examining data/sslsniff-0.8/http/HttpHeaders.cpp Examining data/sslsniff-0.8/http/HttpConnectionManager.hpp Examining data/sslsniff-0.8/http/OCSPDenier.hpp Examining data/sslsniff-0.8/http/OCSPDenier.cpp Examining data/sslsniff-0.8/http/HttpHeaders.hpp Examining data/sslsniff-0.8/http/HttpBridge.cpp Examining data/sslsniff-0.8/http/HttpBridge.hpp Examining data/sslsniff-0.8/http/HttpConnectionManager.cpp Examining data/sslsniff-0.8/certificate/AuthorityCertificateManager.cpp Examining data/sslsniff-0.8/certificate/TargetedCertificateManager.hpp Examining data/sslsniff-0.8/certificate/CertificateManager.cpp Examining data/sslsniff-0.8/certificate/CertificateManager.hpp Examining data/sslsniff-0.8/certificate/AuthorityCertificateManager.hpp Examining data/sslsniff-0.8/certificate/Certificate.hpp Examining data/sslsniff-0.8/certificate/TargetedCertificateManager.cpp Examining data/sslsniff-0.8/SSLBridge.hpp Examining data/sslsniff-0.8/Logger.hpp Examining data/sslsniff-0.8/SessionCache.cpp Examining data/sslsniff-0.8/SessionCache.hpp Examining data/sslsniff-0.8/SSLBridge.cpp Examining data/sslsniff-0.8/RawBridge.hpp Examining data/sslsniff-0.8/SSLConnectionManager.cpp FINAL RESULTS: data/sslsniff-0.8/Bridge.hpp:57:20: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const boost::system::error_code& error, size_t bytesRead) data/sslsniff-0.8/Bridge.hpp:79:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const boost::system::error_code &error) data/sslsniff-0.8/RawBridge.hpp:59:55: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void handleConnect(Bridge::ptr bridge, const boost::system::error_code &error) { data/sslsniff-0.8/SSLConnectionManager.cpp:54:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const boost::system::error_code &error) data/sslsniff-0.8/SSLConnectionManager.cpp:138:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code error; data/sslsniff-0.8/SSLConnectionManager.hpp:42:23: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const boost::system::error_code &error); data/sslsniff-0.8/http/HttpConnectionManager.cpp:75:23: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const boost::system::error_code& error) data/sslsniff-0.8/http/HttpConnectionManager.cpp:100:23: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const boost::system::error_code& error) data/sslsniff-0.8/http/HttpConnectionManager.hpp:50:23: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const boost::system::error_code& error); data/sslsniff-0.8/http/HttpConnectionManager.hpp:52:68: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void handleServerConnection(HttpBridge::ptr bridge, const boost::system::error_code& error); data/sslsniff-0.8/http/OCSPDenier.cpp:50:23: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const boost::system::error_code &error, data/sslsniff-0.8/http/OCSPDenier.cpp:65:24: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const boost::system::error_code &error) data/sslsniff-0.8/http/OCSPDenier.hpp:42:20: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const boost::system::error_code &error, data/sslsniff-0.8/http/OCSPDenier.hpp:46:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const boost::system::error_code &error); data/sslsniff-0.8/sslsniff.cpp:81:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "ats:h:c:w:f:m:u:pdj:e:")) != -1) { data/sslsniff-0.8/Bridge.hpp:86:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clientBuffer[BUFFER_SIZE]; data/sslsniff-0.8/Bridge.hpp:87:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serverBuffer[BUFFER_SIZE]; data/sslsniff-0.8/FirefoxUpdater.cpp:92:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/sslsniff-0.8/HTTPSBridge.cpp:51:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/sslsniff-0.8/SSLBridge.cpp:151:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/sslsniff-0.8/SSLBridge.cpp:170:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/sslsniff-0.8/SessionCache.cpp:91:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cache.sessions[current].id, id, idLength); data/sslsniff-0.8/SessionCache.cpp:110:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b, cache.sessions[i].encoding, cache.sessions[i].encodingLength); data/sslsniff-0.8/SessionCache.hpp:38:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char id[MAX_ID_SIZE]; data/sslsniff-0.8/SessionCache.hpp:40:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char encoding[MAX_ENCODING_SIZE]; data/sslsniff-0.8/certificate/Certificate.hpp:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/sslsniff-0.8/certificate/TargetedCertificateManager.cpp:118:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/sslsniff-0.8/sslsniff.cpp:87:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 's': options.sslListenPort = atoi(optarg); break; data/sslsniff-0.8/sslsniff.cpp:88:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'h': options.httpListenPort = atoi(optarg); break; data/sslsniff-0.8/util/Destination.cpp:67:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/pf", O_RDONLY); data/sslsniff-0.8/Bridge.hpp:48:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(ip::tcp::socket *socket, char *buffer) { data/sslsniff-0.8/Bridge.hpp:81:62: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!error) read(socket, buffer); data/sslsniff-0.8/Bridge.hpp:97:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(clientSocket, clientBuffer); data/sslsniff-0.8/Bridge.hpp:98:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(serverSocket, serverBuffer); data/sslsniff-0.8/http/OCSPDenier.cpp:59:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). async_write(*socket, boost::asio::buffer(ocspResponse, strlen(ocspResponse)), ANALYSIS SUMMARY: Hits = 35 Lines analyzed = 3673 in approximately 0.13 seconds (28570 lines/second) Physical Source Lines of Code (SLOC) = 2191 Hits@level = [0] 1 [1] 5 [2] 15 [3] 1 [4] 14 [5] 0 Hits@level+ = [0+] 36 [1+] 35 [2+] 30 [3+] 15 [4+] 14 [5+] 0 Hits/KSLOC@level+ = [0+] 16.4309 [1+] 15.9744 [2+] 13.6924 [3+] 6.84619 [4+] 6.38978 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.