refactor: simplify filter_enum

2024-11-12 17:01:38 +01:00 · 2024-11-12 17:01:38 +01:00 · 343ad1a81c
commit 343ad1a81c
parent 0617f4c3e8
3 changed files with 5 additions and 35 deletions
--- a/app/models/columns/champ_column.rb
+++ b/app/models/columns/champ_column.rb
@ -32,15 +32,14 @@ class Columns::ChampColumn < Column
  end

  def filtered_ids(dossiers, search_terms)
+    relation = dossiers.with_type_de_champ(stable_id)
+
    if type == :enum
-      dossiers.with_type_de_champ(stable_id)
-        .filter_enum(:champs, column, search_terms).ids
+      relation.where(champs: { column => search_terms }).ids
    elsif type == :enums
-      dossiers.with_type_de_champ(stable_id)
-        .filter_array_enum(:champs, column, search_terms).ids
+      relation.filter_array_enum(:champs, column, search_terms).ids
    else
-      dossiers.with_type_de_champ(stable_id)
-        .filter_ilike(:champs, column, search_terms).ids
+      relation.filter_ilike(:champs, column, search_terms).ids
    end
  end

--- a/app/models/concerns/dossier_filtering_concern.rb
+++ b/app/models/concerns/dossier_filtering_concern.rb
@ -34,12 +34,6 @@ module DossierFilteringConcern
      where(q, *(values.map { |value| "%#{value}%" }))
    }

-    scope :filter_enum, lambda { |table, column, values|
-      table_column = DossierFilterService.sanitized_column(table, column)
-      q = Array.new(values.count, "(#{table_column} = ?)").join(' OR ')
-      where(q, *(values))
-    }
-
    scope :filter_array_enum, lambda { |table, column, values|
      table_column = DossierFilterService.sanitized_column(table, column)
      q = Array.new(values.count, "(#{table_column} = ?)").join(' OR ')
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@ -216,29 +216,6 @@
      ],
      "note": ""
    },
-    {
-      "warning_type": "SQL Injection",
-      "warning_code": 0,
-      "fingerprint": "aaff41afa7bd5a551cd2e3a385071090cb53c95caa40fad3785cd3d68c9b939c",
-      "check_name": "SQL",
-      "message": "Possible SQL injection",
-      "file": "app/models/concerns/dossier_filtering_concern.rb",
-      "line": 40,
-      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
-      "code": "where(\"#{values.count} OR #{\"(#{DossierFilterService.sanitized_column(table, column)} = ?)\"}\", *values)",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "DossierFilteringConcern",
-        "method": null
-      },
-      "user_input": "values.count",
-      "confidence": "Medium",
-      "cwe_id": [
-        89
-      ],
-      "note": "The table and column are escaped, which should make this safe"
-    },
    {
      "warning_type": "Cross-Site Scripting",
      "warning_code": 2,