Legacy MySQL Scanner

By gversion - November 1, 2018


When I run the Legacy MySQL Scanner on the latest version of cmsb (v3.15 (Build 2209)) I see the following legacy code:

mysql_encrypt_column -
mysql_decrypt_addSelectExpr -
mysql_decrypt_column -
mysql_encryptExpr_colsToValues -
mysql_encrypt_column -
mysql_encrypt_listColumns -
mysql_isSupportedColumn -
mysql_encrypt_listColumns -
mysql_encryptExpr_colsToValues -
mysql_decrypt_column -
mysql_encrypt_column -
mysql_isSupportedColumn -
mysql_encrypt_listColumns -
mysql_decrypt_addSelectExpr -

I guess you guys will be updating this in a future release of cmsb? Or is it not necessary to?

Thank you,


By Dave - November 6, 2018

Hi Greg, 

Thanks for reporting that.  Those are false-positives you can safely ignore those or update /plugins/legacyMySQLScanner.php as follows: 

Replace the $GLOBALS['LMSCANNER_SKIP_SUFFIXES'] = [ line with:

// these are mysql_* suffixes to skip because they're no related to legacy mysql_ functions

And I'll update that for the next version as well.  Thanks!

Dave Edis - Senior Developer