System-End/hackatime
1
0
Fork 0
mirror of https://github.com/System-End/hackatime.git synced 2026-04-20 00:35:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Handle brakeman warning about sql inj

Browse source
This commit is contained in:
Max Wofford 2025-02-23 22:42:19 -05:00
parent f071af3c07
commit b915b8f0c7
1 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
app/models/heartbeat.rb
View file

@ -20,21 +20,23 @@ class Heartbeat < WakatimeRecord
# when grouped, return hash of group key => duration
group_column = scope.group_values.first
quoted_group_column = connection.quote_column_name(group_column)
capped_diffs = scope
.select("#{group_column}, CASE
WHEN LAG(time) OVER (PARTITION BY #{group_column} ORDER BY time) IS NULL THEN 0
ELSE LEAST(EXTRACT(EPOCH FROM (time - LAG(time) OVER (PARTITION BY #{group_column} ORDER BY time))), #{TIMEOUT_DURATION.to_i})
.select("#{quoted_group_column}, CASE
WHEN LAG(time) OVER (PARTITION BY #{quoted_group_column} ORDER BY time) IS NULL THEN 0
ELSE LEAST(EXTRACT(EPOCH FROM (time - LAG(time) OVER (PARTITION BY #{quoted_group_column} ORDER BY time))), #{TIMEOUT_DURATION.to_i})
END as diff")
.where.not(time: nil)
.order(time: :asc)
.unscope(:group)
connection.select_all(
"SELECT #{group_column}, COALESCE(SUM(diff), 0)::integer as duration
"SELECT #{quoted_group_column}, COALESCE(SUM(diff), 0)::integer as duration
FROM (#{capped_diffs.to_sql}) AS diffs
GROUP BY #{group_column}"
GROUP BY #{quoted_group_column}"
).each_with_object({}) do |row, hash|
hash[row[group_column.to_s]] = row["duration"].to_i
hash[row[quoted_group_column]] = row["duration"].to_i
end
else
# when not grouped, return a single value