diff --git a/test/apps/rails2/app/models/user.rb b/test/apps/rails2/app/models/user.rb
index 05a1985cd09dc931674e441470766504d32bd308..595a8b59e6f90980079efa5ffcfe7f2fb968aee9 100644
--- a/test/apps/rails2/app/models/user.rb
+++ b/test/apps/rails2/app/models/user.rb
@@ -1,13 +1,17 @@
 class User < ActiveRecord::Base
-  named_scope :dah, lambda {|*args| { :condition => "dah = '#{args[1]}'"}}
+  named_scope :dah, lambda {|*args| { :conditions => "dah = '#{args[1]}'"}}
   
-  named_scope :phooey, :condition => "phoeey = '#{User.phooey}'"
+  named_scope :phooey, :conditions => "phoeey = '#{User.phooey}'"
 
   named_scope :with_state, lambda {|state| state.present? ? {:conditions => "state_name = '#{state}'"} : {}}
 
-  named_scope :safe_phooey, :condition => ["phoeey = ?", "#{User.phooey}"]
+  named_scope :safe_phooey, :conditions => ["phoeey = ?", "#{User.phooey}"]
 
-  named_scope :safe_dah, lambda {|*args| { :condition => ["dah = ?", "#{args[1]}"]}}
+  named_scope :safe_dah, lambda {|*args| { :conditions => ["dah = ?", "#{args[1]}"]}}
 
   named_scope :with_state, lambda {|state| state.present? ? {:conditions => ["state_name = ?", "#{state}"]} : {}}
+
+  def get_something x
+    self.find(:all, :conditions => "where blah = #{x}")
+  end
 end
diff --git a/test/tests/test_rails2.rb b/test/tests/test_rails2.rb
index 6fed8c11d54e93e50e92e2d21ad9afc41df60adc..2bee37638e1794d2e0ee319c3318bff32cb39cc5 100644
--- a/test/tests/test_rails2.rb
+++ b/test/tests/test_rails2.rb
@@ -12,13 +12,13 @@ class Rails2Tests < Test::Unit::TestCase
         :controller => 1,
         :model => 2,
         :template => 18,
-        :warning => 21 }
+        :warning => 22 }
     else
       @expected ||= {
         :controller => 1,
         :model => 2,
         :template => 18,
-        :warning => 22 }
+        :warning => 23 }
     end
   end
 
@@ -201,6 +201,15 @@ class Rails2Tests < Test::Unit::TestCase
       :file => /user\.rb/
   end
 
+  def test_sql_injection_in_self_call
+    assert_warning :type => :warning,
+      :warning_type => "SQL Injection",
+      :line => 15,
+      :message => /^Possible SQL injection near line 15: self\.find/,
+      :confidence => 1,
+      :file => /user\.rb/
+  end
+
   def test_csrf_protection
     assert_warning :type => :controller,
       :warning_type => "Cross-Site Request Forgery",