Check for XSS in select() for Rails 2

previously, this would be a weak confidence warning. Change to be the
same as Rails 3 versions which had a vulnerability that caused select
to not escape arguments:
https://groups.google.com/d/topic/rubyonrails-security/CdoMUVpsRmQ/discussion

lib/brakeman/checks/check_cross_site_scripting.rb

@@ -38,7 +38,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
     @ignore_methods = Set[:button_to, :check_box, :content_tag, :escapeHTML, :escape_once,
                            :field_field, :fields_for, :h, :hidden_field,
                            :hidden_field, :hidden_field_tag, :image_tag, :label,
-                           :link_to, :mail_to, :radio_button,
+                           :link_to, :mail_to, :radio_button, :select,
                            :submit_tag, :text_area, :text_field,
                            :text_field_tag, :url_encode, :url_for,
                            :will_paginate].merge tracker.options[:safe_methods]
@@ -54,10 +54,6 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
       @ignore_methods << :auto_link
     end
 
-    if tracker.options[:rails3]
-      @ignore_methods << :select
-    end
-
     tracker.each_template do |name, template|
       @current_template = template
       template[:outputs].each do |out|

lib/brakeman/checks/check_select_vulnerability.rb

@@ -5,7 +5,7 @@ require 'brakeman/checks/base_check'
 class Brakeman::CheckSelectVulnerability < Brakeman::BaseCheck
   Brakeman::Checks.add self
 
-  @description = "Looks for unsafe uses of select() helper in some versions of Rails 3.x"
+  @description = "Looks for unsafe uses of select() helper"
 
   def run_check
 
@@ -15,6 +15,8 @@ class Brakeman::CheckSelectVulnerability < Brakeman::BaseCheck
       suggested_version = "3.1.4"
     elsif version_between? "3.2.0", "3.2.1"
       suggested_version = "3.2.2"
+    elsif version_between? "2.0.0", "3.0.0"
+      suggested_version = "3 or use options_for_select"
     else
       return
     end