From c0b4648523326402f26e885a9957d85f277f2c64 Mon Sep 17 00:00:00 2001
From: Guewen Baconnier <guewen@gmail.com>
Date: Mon, 21 Oct 2024 14:48:53 +0200
Subject: [PATCH] Fix SQL injection lint in 18.0.1.0.0 pre-migrate.py

---
 queue_job/migrations/18.0.1.0.0/pre-migrate.py | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/queue_job/migrations/18.0.1.0.0/pre-migrate.py b/queue_job/migrations/18.0.1.0.0/pre-migrate.py
index 3f02e7bc75..ce624e14dd 100644
--- a/queue_job/migrations/18.0.1.0.0/pre-migrate.py
+++ b/queue_job/migrations/18.0.1.0.0/pre-migrate.py
@@ -1,5 +1,7 @@
 from openupgradelib import openupgrade
 
+from odoo.tools import SQL
+
 
 def migrate(cr, version):
     if not version:
@@ -14,8 +16,14 @@ def migrate(cr, version):
     for table, columns in table_column_map.items():
         for column in columns:
             if openupgrade.column_exists(cr, table, column):
-                cr.execute(f"""
-                    UPDATE {table}
-                    SET {column} = {column}::jsonb
-                    WHERE {column} IS NOT NULL
-                """)
+                cr.execute(
+                    SQL(
+                        """
+                    UPDATE %(table)s
+                    SET %(column)s = %(column)s::jsonb
+                    WHERE %(column)s IS NOT NULL
+                """,
+                        table=SQL.identifier(table),
+                        column=SQL.identifier(column),
+                    )
+                )