From 172a7536e7d49d9b861c7765a293c2f4a7092ef0 Mon Sep 17 00:00:00 2001
From: Denis Gukov <fiftin@outlook.com>
Date: Sat, 28 Sep 2024 17:06:16 +0500
Subject: [PATCH] Fix code scanning alert no. 8: Database query built from
 user-controlled sources

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 db/sql/SqlDb.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/db/sql/SqlDb.go b/db/sql/SqlDb.go
index 5fbd41045..55020ed70 100644
--- a/db/sql/SqlDb.go
+++ b/db/sql/SqlDb.go
@@ -498,7 +498,7 @@ func (d *SqlDb) getObjectsByReferrer(referrerID int, referringObjectProps db.Obj
 	}
 
 	if orderColumn != "" {
-		q = q.OrderBy("pe." + orderColumn + " " + orderDirection)
+		q = q.OrderBy(squirrel.Expr("pe." + orderColumn + " " + orderDirection))
 	}
 
 	query, args, err := q.ToSql()