Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sslsniff-0.8/HTTPSBridge.cpp
Examining data/sslsniff-0.8/sslsniff.cpp
Examining data/sslsniff-0.8/HTTPSBridge.hpp
Examining data/sslsniff-0.8/UpdateManager.cpp
Examining data/sslsniff-0.8/FirefoxAddonUpdater.cpp
Examining data/sslsniff-0.8/FirefoxAddonUpdater.hpp
Examining data/sslsniff-0.8/FingerprintManager.cpp
Examining data/sslsniff-0.8/Bridge.hpp
Examining data/sslsniff-0.8/util/Util.hpp
Examining data/sslsniff-0.8/util/Destination.hpp
Examining data/sslsniff-0.8/util/Destination.cpp
Examining data/sslsniff-0.8/FingerprintManager.hpp
Examining data/sslsniff-0.8/sslsniff.hpp
Examining data/sslsniff-0.8/UpdateManager.hpp
Examining data/sslsniff-0.8/FirefoxUpdater.cpp
Examining data/sslsniff-0.8/SSLConnectionManager.hpp
Examining data/sslsniff-0.8/FirefoxUpdater.hpp
Examining data/sslsniff-0.8/Logger.cpp
Examining data/sslsniff-0.8/http/HttpHeaders.cpp
Examining data/sslsniff-0.8/http/HttpConnectionManager.hpp
Examining data/sslsniff-0.8/http/OCSPDenier.hpp
Examining data/sslsniff-0.8/http/OCSPDenier.cpp
Examining data/sslsniff-0.8/http/HttpHeaders.hpp
Examining data/sslsniff-0.8/http/HttpBridge.cpp
Examining data/sslsniff-0.8/http/HttpBridge.hpp
Examining data/sslsniff-0.8/http/HttpConnectionManager.cpp
Examining data/sslsniff-0.8/certificate/AuthorityCertificateManager.cpp
Examining data/sslsniff-0.8/certificate/TargetedCertificateManager.hpp
Examining data/sslsniff-0.8/certificate/CertificateManager.cpp
Examining data/sslsniff-0.8/certificate/CertificateManager.hpp
Examining data/sslsniff-0.8/certificate/AuthorityCertificateManager.hpp
Examining data/sslsniff-0.8/certificate/Certificate.hpp
Examining data/sslsniff-0.8/certificate/TargetedCertificateManager.cpp
Examining data/sslsniff-0.8/SSLBridge.hpp
Examining data/sslsniff-0.8/Logger.hpp
Examining data/sslsniff-0.8/SessionCache.cpp
Examining data/sslsniff-0.8/SessionCache.hpp
Examining data/sslsniff-0.8/SSLBridge.cpp
Examining data/sslsniff-0.8/RawBridge.hpp
Examining data/sslsniff-0.8/SSLConnectionManager.cpp
FINAL RESULTS:
data/sslsniff-0.8/Bridge.hpp:57:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const boost::system::error_code& error, size_t bytesRead)
data/sslsniff-0.8/Bridge.hpp:79:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const boost::system::error_code &error)
data/sslsniff-0.8/RawBridge.hpp:59:55: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void handleConnect(Bridge::ptr bridge, const boost::system::error_code &error) {
data/sslsniff-0.8/SSLConnectionManager.cpp:54:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const boost::system::error_code &error)
data/sslsniff-0.8/SSLConnectionManager.cpp:138:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code error;
data/sslsniff-0.8/SSLConnectionManager.hpp:42:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const boost::system::error_code &error);
data/sslsniff-0.8/http/HttpConnectionManager.cpp:75:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const boost::system::error_code& error)
data/sslsniff-0.8/http/HttpConnectionManager.cpp:100:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const boost::system::error_code& error)
data/sslsniff-0.8/http/HttpConnectionManager.hpp:50:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const boost::system::error_code& error);
data/sslsniff-0.8/http/HttpConnectionManager.hpp:52:68: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void handleServerConnection(HttpBridge::ptr bridge, const boost::system::error_code& error);
data/sslsniff-0.8/http/OCSPDenier.cpp:50:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const boost::system::error_code &error,
data/sslsniff-0.8/http/OCSPDenier.cpp:65:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const boost::system::error_code &error)
data/sslsniff-0.8/http/OCSPDenier.hpp:42:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const boost::system::error_code &error,
data/sslsniff-0.8/http/OCSPDenier.hpp:46:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const boost::system::error_code &error);
data/sslsniff-0.8/sslsniff.cpp:81:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "ats:h:c:w:f:m:u:pdj:e:")) != -1) {
data/sslsniff-0.8/Bridge.hpp:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clientBuffer[BUFFER_SIZE];
data/sslsniff-0.8/Bridge.hpp:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serverBuffer[BUFFER_SIZE];
data/sslsniff-0.8/FirefoxUpdater.cpp:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/sslsniff-0.8/HTTPSBridge.cpp:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/sslsniff-0.8/SSLBridge.cpp:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/sslsniff-0.8/SSLBridge.cpp:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/sslsniff-0.8/SessionCache.cpp:91:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cache.sessions[current].id, id, idLength);
data/sslsniff-0.8/SessionCache.cpp:110:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, cache.sessions[i].encoding, cache.sessions[i].encodingLength);
data/sslsniff-0.8/SessionCache.hpp:38:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[MAX_ID_SIZE];
data/sslsniff-0.8/SessionCache.hpp:40:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char encoding[MAX_ENCODING_SIZE];
data/sslsniff-0.8/certificate/Certificate.hpp:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/sslsniff-0.8/certificate/TargetedCertificateManager.cpp:118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/sslsniff-0.8/sslsniff.cpp:87:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 's': options.sslListenPort = atoi(optarg); break;
data/sslsniff-0.8/sslsniff.cpp:88:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'h': options.httpListenPort = atoi(optarg); break;
data/sslsniff-0.8/util/Destination.cpp:67:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/pf", O_RDONLY);
data/sslsniff-0.8/Bridge.hpp:48:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(ip::tcp::socket *socket, char *buffer) {
data/sslsniff-0.8/Bridge.hpp:81:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!error) read(socket, buffer);
data/sslsniff-0.8/Bridge.hpp:97:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(clientSocket, clientBuffer);
data/sslsniff-0.8/Bridge.hpp:98:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(serverSocket, serverBuffer);
data/sslsniff-0.8/http/OCSPDenier.cpp:59:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
async_write(*socket, boost::asio::buffer(ocspResponse, strlen(ocspResponse)),
ANALYSIS SUMMARY:
Hits = 35
Lines analyzed = 3673 in approximately 0.13 seconds (28570 lines/second)
Physical Source Lines of Code (SLOC) = 2191
Hits@level = [0] 1 [1] 5 [2] 15 [3] 1 [4] 14 [5] 0
Hits@level+ = [0+] 36 [1+] 35 [2+] 30 [3+] 15 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 16.4309 [1+] 15.9744 [2+] 13.6924 [3+] 6.84619 [4+] 6.38978 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.