refactor: simplify filter_enum

app/models/columns/champ_column.rb

@@ -32,15 +32,14 @@ class Columns::ChampColumn < Column
   end
 
   def filtered_ids(dossiers, search_terms)
+    relation = dossiers.with_type_de_champ(stable_id)
+
     if type == :enum
-      dossiers.with_type_de_champ(stable_id)
+      relation.where(champs: { column => search_terms }).ids
-        .filter_enum(:champs, column, search_terms).ids
     elsif type == :enums
-      dossiers.with_type_de_champ(stable_id)
+      relation.filter_array_enum(:champs, column, search_terms).ids
-        .filter_array_enum(:champs, column, search_terms).ids
     else
-      dossiers.with_type_de_champ(stable_id)
+      relation.filter_ilike(:champs, column, search_terms).ids
-        .filter_ilike(:champs, column, search_terms).ids
     end
   end
 

app/models/concerns/dossier_filtering_concern.rb

@@ -34,12 +34,6 @@ module DossierFilteringConcern
       where(q, *(values.map { |value| "%#{value}%" }))
     }
 
-    scope :filter_enum, lambda { |table, column, values|
-      table_column = DossierFilterService.sanitized_column(table, column)
-      q = Array.new(values.count, "(#{table_column} = ?)").join(' OR ')
-      where(q, *(values))
-    }
-
     scope :filter_array_enum, lambda { |table, column, values|
       table_column = DossierFilterService.sanitized_column(table, column)
       q = Array.new(values.count, "(#{table_column} = ?)").join(' OR ')

config/brakeman.ignore

@@ -216,29 +216,6 @@
       ],
       "note": ""
     },
-    {
-      "warning_type": "SQL Injection",
-      "warning_code": 0,
-      "fingerprint": "aaff41afa7bd5a551cd2e3a385071090cb53c95caa40fad3785cd3d68c9b939c",
-      "check_name": "SQL",
-      "message": "Possible SQL injection",
-      "file": "app/models/concerns/dossier_filtering_concern.rb",
-      "line": 40,
-      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
-      "code": "where(\"#{values.count} OR #{\"(#{DossierFilterService.sanitized_column(table, column)} = ?)\"}\", *values)",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "DossierFilteringConcern",
-        "method": null
-      },
-      "user_input": "values.count",
-      "confidence": "Medium",
-      "cwe_id": [
-        89
-      ],
-      "note": "The table and column are escaped, which should make this safe"
-    },
     {
       "warning_type": "Cross-Site Scripting",
       "warning_code": 2,