From c6b10318fe76bbc9ac743f58616c73e02c70e3f4 Mon Sep 17 00:00:00 2001
From: Alexandr Dubovikov <alexandr.dubovikov@gmail.com>
Date: Tue, 7 Jan 2025 12:43:05 +0100
Subject: [PATCH] Fix code scanning alert no. 10: Database query built from
 user-controlled sources

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 data/service/userSettings.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/service/userSettings.go b/data/service/userSettings.go
index cb750edb..9e038316 100644
--- a/data/service/userSettings.go
+++ b/data/service/userSettings.go
@@ -177,7 +177,7 @@ func (ss *UserSettingsService) Get(userObject *model.TableUserSettings, UserName
 
 	if err := ss.Session.Debug().
 		Table("user_settings").
-		Where(sqlWhere).Find(&data).Error; err != nil {
+		Where("guid = ? AND username = ?", userObject.GUID, UserName).Find(&data).Error; err != nil {
 		return data, err
 	}
 	return data, nil
@@ -197,7 +197,7 @@ func (ss *UserSettingsService) Delete(userObject *model.TableUserSettings, UserN
 
 	if err := ss.Session.Debug().
 		Table("user_settings").
-		Where(sqlWhere).
+		Where("guid = ? AND username = ?", userObject.GUID, UserName).
 		Delete(model.TableUserSettings{}).Error; err != nil {
 		return err
 	}
@@ -220,7 +220,7 @@ func (ss *UserSettingsService) Update(userObject *model.TableUserSettings, UserN
 		Table("user_settings").
 		Debug().
 		Model(&model.TableUserSettings{}).
-		Where(sqlWhere).Update(userObject).Error; err != nil {
+		Where("guid = ? AND username = ?", userObject.GUID, UserName).Update(userObject).Error; err != nil {
 		return err
 	}
 	return nil