From b6eed3bde63928537f3c17b36dc52f2313b493e1 Mon Sep 17 00:00:00 2001
From: Michael Mraka <michael.mraka@redhat.com>
Date: Fri, 4 Oct 2024 11:11:00 +0200
Subject: [PATCH] fixup! RHINENG-12951: fix for CWE-89

---
 manager/controllers/utils.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/manager/controllers/utils.go b/manager/controllers/utils.go
index 66f9c336a..ffecc2f43 100644
--- a/manager/controllers/utils.go
+++ b/manager/controllers/utils.go
@@ -81,8 +81,15 @@ func ApplySort(c *gin.Context, tx *gorm.DB, fieldExprs database.AttrMap,
 			return nil, nil, errors.Errorf("Invalid sort field: %v", enteredField)
 		}
 		// column := fmt.Sprintf("%s %s NULLS LAST", fieldExprs[enteredField].OrderQuery, ascDesc)
-		column := clause.OrderBy{Expression: clause.Expr{
-			SQL: "? ? NULLS LAST", Vars: []any{fieldExprs[enteredField].OrderQuery, ascDesc}}}
+		//  column := clause.OrderByColumn{Column: clause.Column{Name: fieldExprs[enteredField].OrderQuery},
+		//     Desc: false, Reorder: false}
+		//  column.Column.Name = fmt.Sprintf("%s %s NULLS LAST", column.Column.Name, ascDesc)
+		column := clause.OrderByColumn{
+			Column: clause.Column{Name: fmt.Sprintf("%s %s NULLS LAST", fieldExprs[enteredField].OrderQuery, ascDesc),
+				Raw: true},
+			Desc:    false,
+			Reorder: false,
+		}
 
 		tx = tx.Order(column)
 		appliedFields = append(appliedFields, origEnteredField)