diff --git a/test/apps/rails5.2/lib/shell.rb b/test/apps/rails5.2/lib/shell.rb
index eb542bbd53..918ba64440 100644
--- a/test/apps/rails5.2/lib/shell.rb
+++ b/test/apps/rails5.2/lib/shell.rb
@@ -22,4 +22,9 @@ def nested_system_interp
     filename = Shellwords.escape("#{file_prefix}.txt")
     system "echo #{filename}"
   end
+
+  def system_array_join
+    command = ["ruby", method_that_returns_user_input, "--some-flag"].join(" ")
+    system(command)
+  end
 end
diff --git a/test/tests/rails52.rb b/test/tests/rails52.rb
index 54a602202e..0f763df2aa 100644
--- a/test/tests/rails52.rb
+++ b/test/tests/rails52.rb
@@ -13,7 +13,7 @@ def expected
       :controller => 0,
       :model => 0,
       :template => 0,
-      :generic => 5
+      :generic => 6
     }
   end
 
@@ -118,6 +118,19 @@ def test_command_injection_as_target
       :user_input => s(:lvar, :path)
   end
 
+  def test_command_injection_array_join
+    assert_warning :type => :warning,
+      :warning_code => 14,
+      :fingerprint => "478a39b6379df61bf0b016f435d054f279353e4fcd048304105152f6203fbdaa",
+      :warning_type => "Command Injection",
+      :line => 28,
+      :message => /^Possible\ command\ injection/,
+      :confidence => 1,
+      :relative_path => "lib/shell.rb",
+      :code => s(:call, nil, :system, s(:dstr, "ruby ", s(:evstr, s(:call, nil, :method_that_returns_user_input)), s(:str, " --some-flag"))),
+      :user_input => s(:call, nil, :method_that_returns_user_input)
+  end
+
   def test_cross_site_scripting_loofah_CVE_2018_8048
     assert_warning :type => :warning,
       :warning_code => 106,