From d19b54aacb6654814ca7a9a5f5761742fad414cf Mon Sep 17 00:00:00 2001
From: Erica Porter <ericaporter@users.noreply.github.com>
Date: Thu, 9 Nov 2023 16:00:38 +0000
Subject: [PATCH] Sanitize table name

---
 lib/dfe/analytics/entity_table_check_job.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/dfe/analytics/entity_table_check_job.rb b/lib/dfe/analytics/entity_table_check_job.rb
index 6ac1c7f8..49729bb5 100644
--- a/lib/dfe/analytics/entity_table_check_job.rb
+++ b/lib/dfe/analytics/entity_table_check_job.rb
@@ -66,15 +66,16 @@ def fetch_checksum_data(model, adapter_name, checksum_calculated_at)
       end
 
       def fetch_postgresql_checksum_data(model, checksum_calculated_at)
+        sanitized_table_name = ActiveRecord::Base.connection.quote_table_name(model.table_name)
         checksum_calculated_at_sanitized = ActiveRecord::Base.connection.quote(checksum_calculated_at)
         checksum_sql_query = <<-SQL
           SELECT COUNT(*) as row_count,
             MD5(STRING_AGG(CHECKSUM_TABLE.ID, '' ORDER BY CHECKSUM_TABLE.UPDATED_AT )) as checksum
           FROM (
-            SELECT #{model.table_name}.id::TEXT as ID,
-                   #{model.table_name}.updated_at as UPDATED_AT
-            FROM #{model.table_name}
-            WHERE #{model.table_name}.updated_at < #{checksum_calculated_at_sanitized}
+            SELECT #{sanitized_table_name}.id::TEXT as ID,
+                   #{sanitized_table_name}.updated_at as UPDATED_AT
+            FROM #{sanitized_table_name}
+            WHERE #{sanitized_table_name}.updated_at < #{checksum_calculated_at_sanitized}
           ) CHECKSUM_TABLE
         SQL