Merge pull request #582 from sipcapture/alert-autofix-1

Fix code scanning alert no. 1: Database query built from user-controlled sources
sipcapture · Jan 7, 2025 · 607fbd1 · 607fbd1
2 parents d7e8fd6 + 55ac37f
commit 607fbd1
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/data/service/agentSub.go b/data/service/agentSub.go
@@ -75,10 +75,8 @@ func (hs *AgentsubService) GetAgentsubAgainstType(typeRequest string) (string, e
 	var AgentsubObject []model.TableAgentLocationSession
 	var count int
 
-	whereSQL := fmt.Sprintf("expire_date > NOW() AND type LIKE '%%%s%%'", typeRequest)
-
 	if err := hs.Session.Debug().Table("agent_location_session").
-		Where(whereSQL).
+		Where("expire_date > NOW() AND type LIKE ?", "%"+typeRequest+"%").
 		Find(&AgentsubObject).Count(&count).Error; err != nil {
 		return "", err
 	}