Handle mix of string concatenation and interpolation

in SQL queries

lib/brakeman/checks/check_sql.rb

@@ -491,15 +491,20 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
 
     target = exp.target
     method = exp.method
-
+    arg = exp.first_arg
 
     if STRING_METHODS.include? method
       if string? target
-        check_string_arg exp.first_arg
-      elsif string? exp.first_arg
+        check_string_arg arg
+      elsif string? arg
         check_string_arg target
       elsif call? target
         check_for_string_building target
+      elsif node_type? target, :string_interp, :dstr or
+            node_type? arg, :string_interp, :dstr
+
+        check_string_arg target and
+        check_string_arg arg
       end
     else
       nil
@@ -523,8 +528,8 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
   def string_building? exp
     return false unless call? exp and STRING_METHODS.include? exp.method
 
-    string? exp.target or
-    string? exp.first_arg or
+    node_type? exp.target, :str, :dstr, :string_interp or
+    node_type? exp.first_arg, :str, :dstr, :string_interp or
     string_building? exp.target or
     string_building? exp.first_arg
   end

test/apps/rails3.1/app/models/user.rb

@@ -31,5 +31,14 @@ class User < ActiveRecord::Base
   def self.sql_stuff
     condition = parent_id.blank? ? " IS NULL" : " = #{parent_id}"
     self.connection.select_values("SELECT max(id) FROM content_pages WHERE parent_content_page_id #{condition}")[0].to_i
+
+    # Should not warn
+    User.where("#{table_name}.visibility = ?" +
+               " OR (#{table_name}.visibility = ? AND #{table_name}.id IN (" +
+               "SELECT DISTINCT a.id FROM #{table_name} a" +
+               " INNER JOIN #{User.table_name} m ON m.id = mr.member_id AND m.user_id = ?" +
+               " WHERE a.project_id IS NULL OR a.project_id = m.project_id))" +
+               " OR #{table_name}.user_id = ?",
+                 stuff, stuff, user.id, user.id)
   end
 end