fix: sanitize sql

cskartikey · cskartikey · commit 9ada5a93b02c · 2025-07-25T11:44:54.000+05:30
diff --git a/app/models/concerns/heartbeatable.rb b/app/models/concerns/heartbeatable.rb
@@ -285,9 +285,12 @@ def duration_seconds_boundary_aware(scope, start_time, end_time)
         .order(time: :asc)
 
       connection.select_value(
-        "SELECT COALESCE(SUM(diff), 0)::integer
-         FROM (#{capped_diffs.to_sql}) AS diffs
-         WHERE time >= #{start_time}"
+        ActiveRecord::Base.sanitize_sql([
+          "SELECT COALESCE(SUM(diff), 0)::integer
+           FROM (#{capped_diffs.to_sql}) AS diffs
+           WHERE time >= ?",
+          start_time
+        ])
       ).to_i
     end
   end
