From c57681f6e3f5e697439e0f6d4311bf7bbc316e2d Mon Sep 17 00:00:00 2001
From: Michael Mraka <michael.mraka@redhat.com>
Date: Fri, 4 Oct 2024 10:53:01 +0200
Subject: [PATCH] RHINENG-12951: fix for CWE-89

---
 manager/controllers/utils.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/manager/controllers/utils.go b/manager/controllers/utils.go
index 56510734c..9c694d241 100644
--- a/manager/controllers/utils.go
+++ b/manager/controllers/utils.go
@@ -20,6 +20,7 @@ import (
 	"github.com/gocarina/gocsv"
 	"github.com/pkg/errors"
 	"gorm.io/gorm"
+	"gorm.io/gorm/clause"
 )
 
 const InvalidOffsetMsg = "Invalid offset"
@@ -79,7 +80,11 @@ func ApplySort(c *gin.Context, tx *gorm.DB, fieldExprs database.AttrMap,
 		if !allowedFieldSet[enteredField] {
 			return nil, nil, errors.Errorf("Invalid sort field: %v", enteredField)
 		}
-		column := fmt.Sprintf("%s %s NULLS LAST", fieldExprs[enteredField].OrderQuery, ascDesc)
+		column := clause.OrderByColumn{
+			Column: clause.Column{Name: fmt.Sprintf("%s %s NULLS LAST", fieldExprs[enteredField].OrderQuery, ascDesc),
+				Raw: true},
+		}
+
 		tx = tx.Order(column)
 		appliedFields = append(appliedFields, origEnteredField)
 	}