Azure Security alert on Datagrip

Completed

Hi,

I'm using Datagrip/pycharm for SQL development on Azure SQL databases, and have started getting security alerts from Azure saying: "Potential exploitation of application code vulnerability to SQL Injection was detected. This may indicate a SQL Injection attack on database ....".  When I dig in and look at the SQL, the query has a typo, i.e. I typed in a query and made a mistake, put Azure security thinks it's a possible SQL injection.   I believe this is because the application "Datagrip" (which is also the name reported when I use pycharm) is not recognized as a developer tool, so Azure thinks it's an application without human-type queries.

Is there any way to get datagrip/pycharm to report to be, e.g. SQL Server Management Studio, similar to how it's possible to get Chrome to report to be Firefox by switching the user-agent?

14 comments
Comment actions Permalink

@8forty
Could you check you set up applicationName advanced property in your data source settings?
E.g.:

0
Comment actions Permalink

Great, that's just what I was hoping to find.  Didn't think to look in the data connection settings.

1
Comment actions Permalink

 @8forty Write if there're some more issues.

 

0
Comment actions Permalink

Hi, in DataGrip in version 2.3 or more isn´t this option. Do you know where is in this versions? Thank you

0
Comment actions Permalink

@Smetanka

If there is no any option you can add it in `Advanced` tab.

1
Comment actions Permalink

@vasily chernov

 

Thank you, but still inst good for me

0
Comment actions Permalink

@Smetanka
What exactly do you need?  Is it wrong version or do you want to remove it?

 

0
Comment actions Permalink

@vasily chernov

I and my colleagues using DataGrip, when somebody use a bad query or is connected to db, so I dont know who is it, because everybody has ApplicationName = DataGrip. I want to write nick of user in DataGrip config file and easy detect user witch connected to db.

But I dont know where and what is need to write in config

0
Comment actions Permalink

@vasily

 

How to  remove it?

0
Comment actions Permalink

One can change or remove `ApplicationName` in data source Advanced tab:


0
Comment actions Permalink

There is no 'ApplicationName' option. But the sql still has 'DataGrid' comment: 

 

0
Comment actions Permalink

@Funcsu,

For Oracle JDBC driver there is another property v$session.program

 




0
Comment actions Permalink

Additionally, anyone who wants to disable application info, needs to disable Send application info option in driver options tab

0
Comment actions Permalink

@vasily chernov

Got it!!!

I uncheck the "Send application info" then it works. Thank you!

1

Please sign in to leave a comment.