sanitize for checks

Author: 3kh0

app/models/concerns/heartbeatable.rb

@@ -279,15 +279,18 @@ def duration_seconds_boundary_aware(scope, start_time, end_time)
       capped_diffs = combined_scope
         .select("time, CASE
           WHEN LAG(time) OVER (ORDER BY time) IS NULL THEN 0
-          ELSE LEAST(EXTRACT(EPOCH FROM (to_timestamp(time) - to_timestamp(LAG(time) OVER (ORDER BY time)))), #{heartbeat_timeout_duration.to_i})
-        END as diff")
+          ELSE LEAST(EXTRACT(EPOCH FROM (to_timestamp(time) - to_timestamp(LAG(time) OVER (ORDER BY time)))), ?)
+        END as diff", heartbeat_timeout_duration.to_i)
         .where.not(time: nil)
         .order(time: :asc)
 
       connection.select_value(
-        "SELECT COALESCE(SUM(diff), 0)::integer
-         FROM (#{capped_diffs.to_sql}) AS diffs
-         WHERE time >= #{start_time}"
+        connection.sanitize_sql_array([
+          "SELECT COALESCE(SUM(diff), 0)::integer
+           FROM (#{capped_diffs.to_sql}) AS diffs
+           WHERE time >= ?",
+          start_time
+        ])
       ).to_i
     end
   end