limit SqlExecutingMethodCall to those that are called with a StringlikeLiteral argument

ql/test/library-tests/frameworks/ActiveRecordInjection.rb

@@ -11,6 +11,8 @@ end
 
 class FooController < ApplicationController
 
+  MAX_USER_ID = 100_000
+
   # A string tainted by user input is inserted into an SQL query
   def some_request_handler
     # SELECT AVG(#{params[:column]}) FROM "users"
@@ -21,5 +23,10 @@ class FooController < ApplicationController
 
     # SELECT "users".* FROM "users" WHERE (id = #{params[:id]})
     User.destroy_all(["id = #{params[:id]}"])
+
+    # SELECT "users".* FROM "users" WHERE id BETWEEN #{params[:min_id]} AND 100000
+    User.where(<<-SQL, MAX_USER_ID)
+      id BETWEEN #{params[:min_id]} AND ?
+    SQL
   end
 end