diff --git a/test/apps/rails2/app/controllers/home_controller.rb b/test/apps/rails2/app/controllers/home_controller.rb
index 2f8c66837fcd89e0ecba29b69531f30e9cc92864..ff17d15e86b05efe85aa14940ee69a34bc6b3a18 100644
--- a/test/apps/rails2/app/controllers/home_controller.rb
+++ b/test/apps/rails2/app/controllers/home_controller.rb
@@ -69,6 +69,10 @@ class HomeController < ApplicationController
     redirect_to url 
   end
 
+  def test_sql_nested
+    User.humans.alive.find(:all, :conditions => "age > #{params[:age]}")
+  end
+
   private
 
   def filter_it
diff --git a/test/tests/test_rails2.rb b/test/tests/test_rails2.rb
index e751ab2e3c42a350da811ab85e467be42151e38f..47f4f8aa12298b8de9199874120f448df9fa54b0 100644
--- a/test/tests/test_rails2.rb
+++ b/test/tests/test_rails2.rb
@@ -12,13 +12,13 @@ class Rails2Tests < Test::Unit::TestCase
         :controller => 1,
         :model => 2,
         :template => 15,
-        :warning => 17 }
+        :warning => 18 }
     else
       @expected ||= {
         :controller => 1,
         :model => 2,
         :template => 15,
-        :warning => 18 }
+        :warning => 19 }
     end
   end
 
@@ -316,6 +316,15 @@ class Rails2Tests < Test::Unit::TestCase
       :file => /test_sql\.html\.erb/
   end
 
+  def test_sql_injection_call_chain
+    assert_warning :type => :warning,
+      :warning_type => "SQL Injection",
+      :line => 73,
+      :message => /^Possible SQL injection near line 73: User.humans.alive.find/,
+      :confidence => 0,
+      :file => /home_controller\.rb/ 
+  end
+
   def test_escape_once
     results = find :type => :template,
       :warning_type => "Cross Site Scripting",