Okay, this is too long for a comment.
From my testing, moving the string building into a method like this does make the warning go away:
def index
@methods = [:name, :manager, :deadline]
assignments = Assignment.order(sort_order).received(current_user).root
end
def sort_order
sort_column(@methods) + " " + sort_direction
end
However, that's just hiding the problem. I would suggest adding something like this to the Assignment
model instead:
class Assignment < ActiveRecord::Base
def self.sorted_by(column, direction)
direction = direction.downcase == 'asc' ? 'asc' : 'desc'
column = sanitize_sql(column)
order("#{column} #{direction}")
end
end
Just keep in mind that sometimes you have to choose between keeping a tool happy and keeping your code reasonable. As for the false positive, I don't see this particular issue being resolved, since it is not simple to inspect sort_column
and know it is safe.