From 9327665f4bab7ef4145291e2532aa05ca3fddf0b Mon Sep 17 00:00:00 2001
From: StlMaris123 <stellamarisnjage@gmail.com>
Date: Mon, 3 Feb 2020 23:53:13 +0200
Subject: [PATCH 1/2] fix sql injectiion vulenarability

---
 Gemfile                             | 1 +
 Gemfile.lock                        | 2 ++
 app/controllers/users_controller.rb | 2 +-
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/Gemfile b/Gemfile
index 5d4cd57a1..cc06639c0 100644
--- a/Gemfile
+++ b/Gemfile
@@ -77,6 +77,7 @@ group :development, :test do
 end
 
 group :development do
+  gem 'brakeman'
   gem 'jshintrb', '~> 0.3.0'
   gem 'mini_racer', platforms: :ruby
   gem 'listen', '~> 3.2.1'
diff --git a/Gemfile.lock b/Gemfile.lock
index e80b9ef7d..9da4c710f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -76,6 +76,7 @@ GEM
     bootstrap-sass (3.4.1)
       autoprefixer-rails (>= 5.2.1)
       sassc (>= 2.0.0)
+    brakeman (4.7.2)
     builder (3.2.4)
     byebug (11.0.1)
     capybara (3.29.0)
@@ -349,6 +350,7 @@ DEPENDENCIES
   aws-sdk-s3 (~> 1)
   bootsnap (~> 1.4.5)
   bootstrap-sass
+  brakeman
   byebug (~> 11.0.1)
   capybara
   codecov
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 5dc4f187f..2d1dc6e3b 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -13,7 +13,7 @@ def index
     @users = User.joins(:maps)
                  .select('users.*, count(users.id) as maps_count')
                  .group('maps.user_id')
-                 .order(sort_column + ' ' + sort_direction)
+                 .order(sort_column: sort_direction)
                  .paginate(page: params[:page], per_page: 24)
     render 'users/index'
   end

From 57f9cdbb5a0cf29ff09cc6ace7289983e8f7dd68 Mon Sep 17 00:00:00 2001
From: StellaMaris Njage <stellamarisnjage@gmail.com>
Date: Tue, 4 Feb 2020 00:11:12 +0200
Subject: [PATCH 2/2] Update users_controller.rb

use arrow function instead of symbol
---
 app/controllers/users_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 2d1dc6e3b..88498eb35 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -13,7 +13,7 @@ def index
     @users = User.joins(:maps)
                  .select('users.*, count(users.id) as maps_count')
                  .group('maps.user_id')
-                 .order(sort_column: sort_direction)
+                 .order(sort_column => sort_direction)
                  .paginate(page: params[:page], per_page: 24)
     render 'users/index'
   end