From a5e40a03ce7c6229a6b11c1c20591dbc56db90a0 Mon Sep 17 00:00:00 2001
From: Alexandr Dubovikov <alexandr.dubovikov@gmail.com>
Date: Tue, 7 Jan 2025 12:22:27 +0100
Subject: [PATCH] Fix code scanning alert no. 4: Database query built from
 user-controlled sources

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 data/service/user.go | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/data/service/user.go b/data/service/user.go
index df9f2f38..bce8d46d 100644
--- a/data/service/user.go
+++ b/data/service/user.go
@@ -69,11 +69,8 @@ func (us *UserService) IsAdmin(email string) (bool, error) {
 func (us *UserService) GetUserByUUID(GUID, UserName string) ([]*model.TableUser, int, error) {
 
 	var user []*model.TableUser
-	var sqlWhere = make(map[string]interface{})
-
-	sqlWhere = map[string]interface{}{"username": UserName, "guid": GUID}
 
-	if err := us.Session.Debug().Table("users").Where(sqlWhere).Find(&user).Error; err != nil {
+	if err := us.Session.Debug().Table("users").Where("username = ? AND guid = ?", UserName, GUID).Find(&user).Error; err != nil {
 		return user, 0, err
 	}