presidentbeef · presidentbeef · Feb 7, 2017 · Feb 3, 2017
diff --git a/lib/brakeman/checks/check_sql.rb b/lib/brakeman/checks/check_sql.rb
@@ -157,8 +157,6 @@ def process_scope_with_block model_name, args
   #
   def process_result result
     return if duplicate?(result) or result[:call].original_line
-    return if result[:target].nil? && !active_record_models.include?(result[:location][:class])
-
 
     call = result[:call]
     method = call.method

diff --git a/test/apps/rails5/lib/a_lib.rb b/test/apps/rails5/lib/a_lib.rb
@@ -0,0 +1,6 @@
+class JustAClass
+  def do_sql_stuff
+    joins("INNER JOIN things ON id = #{params[:id]}").
+    joins("INNER JOIN things ON stuff = 1")
+  end
+end
diff --git a/test/tests/rails5.rb b/test/tests/rails5.rb
@@ -13,7 +13,7 @@ def expected
       :controller => 0,
       :model => 0,
       :template => 9,
-      :generic => 10
+      :generic => 11
     }
   end
 
@@ -299,6 +299,19 @@ def test_sql_injection_from_model_call_fp
       :user_input => s(:call, s(:const, :User), :access_condition, s(:lvar, :user))
   end
 
+  def test_targetless_sql_injection_outside_of_AR_model
+    assert_warning :type => :warning,
+      :warning_code => 0,
+      :fingerprint => "fe0098fc5ab1051854573b487855f348bd9320c8eb5ae55302b4649d0147d7dd",
+      :warning_type => "SQL Injection",
+      :line => 3,
+      :message => /^Possible\ SQL\ injection/,
+      :confidence => 0,
+      :relative_path => "lib/a_lib.rb",
+      :code => s(:call, nil, :joins, s(:dstr, "INNER JOIN things ON id = ", s(:evstr, s(:call, s(:params), :[], s(:lit, :id))))),
+      :user_input => s(:call, s(:params), :[], s(:lit, :id))
+  end
+
   def test_cross_site_scripting_CVE_2015_7578
     assert_warning :type => :warning,
       :warning_code => 96,