RHINENG-12951: fix for CWE-89

RedHatInsights · Oct 4, 2024 · c57681f · c57681f
1 parent 4a1e60b
commit c57681f
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/manager/controllers/utils.go b/manager/controllers/utils.go
@@ -20,6 +20,7 @@ import (
 	"github.com/gocarina/gocsv"
 	"github.com/pkg/errors"
 	"gorm.io/gorm"
+	"gorm.io/gorm/clause"
 )
 
 const InvalidOffsetMsg = "Invalid offset"
@@ -79,7 +80,11 @@ func ApplySort(c *gin.Context, tx *gorm.DB, fieldExprs database.AttrMap,
 		if !allowedFieldSet[enteredField] {
 			return nil, nil, errors.Errorf("Invalid sort field: %v", enteredField)
 		}
-		column := fmt.Sprintf("%s %s NULLS LAST", fieldExprs[enteredField].OrderQuery, ascDesc)
+		column := clause.OrderByColumn{
+			Column: clause.Column{Name: fmt.Sprintf("%s %s NULLS LAST", fieldExprs[enteredField].OrderQuery, ascDesc),
+				Raw: true},
+		}
+
 		tx = tx.Order(column)
 		appliedFields = append(appliedFields, origEnteredField)
 	}