Add test for SQL in self call

test/apps/rails2/app/models/user.rb

 class User < ActiveRecord::Base
-  named_scope :dah, lambda {|*args| { :condition => "dah = '#{args[1]}'"}}
+  named_scope :dah, lambda {|*args| { :conditions => "dah = '#{args[1]}'"}}
   
-  named_scope :phooey, :condition => "phoeey = '#{User.phooey}'"
+  named_scope :phooey, :conditions => "phoeey = '#{User.phooey}'"
 
   named_scope :with_state, lambda {|state| state.present? ? {:conditions => "state_name = '#{state}'"} : {}}
 
-  named_scope :safe_phooey, :condition => ["phoeey = ?", "#{User.phooey}"]
+  named_scope :safe_phooey, :conditions => ["phoeey = ?", "#{User.phooey}"]
 
-  named_scope :safe_dah, lambda {|*args| { :condition => ["dah = ?", "#{args[1]}"]}}
+  named_scope :safe_dah, lambda {|*args| { :conditions => ["dah = ?", "#{args[1]}"]}}
 
   named_scope :with_state, lambda {|state| state.present? ? {:conditions => ["state_name = ?", "#{state}"]} : {}}
+
+  def get_something x
+    self.find(:all, :conditions => "where blah = #{x}")
+  end
 end

test/tests/test_rails2.rb

@@ -12,13 +12,13 @@ class Rails2Tests < Test::Unit::TestCase
         :controller => 1,
         :model => 2,
         :template => 18,
-        :warning => 21 }
+        :warning => 22 }
     else
       @expected ||= {
         :controller => 1,
         :model => 2,
         :template => 18,
-        :warning => 22 }
+        :warning => 23 }
     end
   end
 
@@ -201,6 +201,15 @@ class Rails2Tests < Test::Unit::TestCase
       :file => /user\.rb/
   end
 
+  def test_sql_injection_in_self_call
+    assert_warning :type => :warning,
+      :warning_type => "SQL Injection",
+      :line => 15,
+      :message => /^Possible SQL injection near line 15: self\.find/,
+      :confidence => 1,
+      :file => /user\.rb/
+  end
+
   def test_csrf_protection
     assert_warning :type => :controller,
       :warning_type => "Cross-Site Request Forgery",