Why does Microsoft Defender for Cloud raise a warning when an SQLExecutor is run on an Azure SQL-database?

Question

I'm running a workbench which contains several SQLExecutors that queries an Azure SQL database. When running the workbench we get an alert from Microsoft Defender for Cloud saying that "An application generated a faulty SQL statement on database XXX. This may indicate that the application is vulnerable to SQL injection".

When looking into the case, I can see that the query raising this warning is from FME:

SELECT * INTO #fme_tempAdoDataTypeTable_spatialReader FROM ( select CustomerID, Name, PostAddress_Address1 from Customer where UPPER(RName]) = 'Hans Hansen' and UPPER(PostAddress_Address1) = 'Gates' vei 69' ) AS customQuery WHERE 1=0

Does anyone now why this warning occurs? Is it normal that FME triggers these?

Page 1 / 1

'Gates' vei 69' looks to be faulty.

Aside from this: both UPPER((Name]) = 'some string with lowercase characters' and UPPER(PostAddress_Address1) = 'some string with lowercase characters' will never return any results, but those are not a syntax errors.

Reply

geomancer · Answer

'Gates' vei 69' looks to be faulty.Aside from this: both UPPER([Name]) = 'some string with lowercase characters' and UPPER(PostAddress_Address1) = 'some string with lowercase characters'will never return any results, but those are not a syntax errors.

Reply

Community Stats

Sign up

An FME Account is required to contribute

Login to the community

An FME Account is required to contribute

Scanning file for viruses.

This file cannot be downloaded