Do not ignore targets of #to_s in SQL

Should fix #638

lib/brakeman/checks/check_sql.rb

@@ -431,6 +431,8 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
       unless IGNORE_METHODS_IN_SQL.include? exp.method
         if has_immediate_user_input? exp or has_immediate_model? exp
           exp
+        elsif exp.method == :to_s
+          find_dangerous_value exp.target, ignore_hash
         else
           check_call exp
         end

test/apps/rails4/app/models/user.rb

@@ -12,4 +12,9 @@ class User < ActiveRecord::Base
   def symbol_stuff
     self.where(User.table_name.to_sym)
   end
+
+  def self.get_all_countries(locale)
+    q = "country_#{locale} ASC".to_s
+    c = User.order(q)
+  end
 end