Add test for select vulnerability in Rails 3

test/apps/rails3.1/app/views/users/edit.html.erb

 <h1>Editing user</h1>
 
+<%= select('post', 'author_id', "<option value='#{@user.id}'>#{@user.name}</option>") %>
+
 <%= render 'form' %>
 
 <%= link_to 'Show', @user %> |

test/tests/test_rails31.rb

@@ -13,7 +13,7 @@ class Rails31Tests < Test::Unit::TestCase
   def expected
     @expected ||= {
       :model => 0,
-      :template => 0,
+      :template => 1,
       :controller => 1,
       :warning => 7 }
   end
@@ -97,4 +97,13 @@ class Rails31Tests < Test::Unit::TestCase
       :confidence => 1,
       :file => /user\.rb/
   end
+
+  def test_select_vulnerability
+    assert_warning :type => :template,
+      :warning_type => "Cross Site Scripting",
+      :line => 2,
+      :message => /^Upgrade to Rails 3.1.4, 3.1.0 select\(\) helper is vulnerable/,
+      :confidence => 0,
+      :file => /edit\.html\.erb/
+  end
 end