Fix code scanning alert no. 4: Database query built from user-control…

…led sources Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
sipcapture · Jan 7, 2025 · a5e40a0 · a5e40a0
1 parent 63f628d
commit a5e40a0
Showing 1 changed file with 1 addition and 4 deletions.
diff --git a/data/service/user.go b/data/service/user.go
@@ -69,11 +69,8 @@ func (us *UserService) IsAdmin(email string) (bool, error) {
 func (us *UserService) GetUserByUUID(GUID, UserName string) ([]*model.TableUser, int, error) {
 
 	var user []*model.TableUser
-	var sqlWhere = make(map[string]interface{})
-
-	sqlWhere = map[string]interface{}{"username": UserName, "guid": GUID}
 
-	if err := us.Session.Debug().Table("users").Where(sqlWhere).Find(&user).Error; err != nil {
+	if err := us.Session.Debug().Table("users").Where("username = ? AND guid = ?", UserName, GUID).Find(&user).Error; err != nil {
 		return user, 0, err
 	}