Brakeman Internally
These are the main classes which direct the flow of Brakeman.
lib/brakeman.rb
This is the top-level module for all Brakeman libraries. It does very little itself, but does deal with setting up options properly for Brakeman::Scanner and provides a couple utility methods.
lib/brakeman/scanner.rb
Brakeman::Scanner directs the transformation of the text files comprising a Rails application into information which can be consumed by Brakeman's checks. All this information is stored in a Brakeman::Tracker.
Brakeman::Scanner handles reading in the right files and parsing them (with the right template library and/or ruby_parser). Then it hands them to the Brakeman::Processor, which determines which processor the parsed file should go to.
lib/brakeman/processor.rb
This class knows which processor should be used for different file types. It manages the processing of the parsed files.
All the processors themselves live in lib/brakeman/processors. These generally pull out information from the parsed sources into data structures that are stored in Brakeman::Tracker.
lib/brakeman/tracker.rb
All information about a scan ends up inside the Brakeman::Tracker. It is a mess of hash tables containing both raw data and specific information that Brakeman is interested in. Most of Brakeman depends on access to an instance of this class.
lib/brakeman/checks.rb
Brakeman::Checks manages loading and executing checks, then storing the resulting warnings.
lib/brakeman/warning.rb
A Brakeman::Warning is generated for each reported warning. It contains information about the warning, such as its location, related code, and the warning message.
lib/brakeman/report.rb
Brakeman::Report takes a bunch of Brakeman::Warnings and turns them into formatted reports.
lib/brakeman/util.rb
This is literally utility mixin used by many of the classes in Brakeman. It provides all of the methods for checking type of a Sexp (like string? and hash?), among other things.
lib/brakeman/call_index.rb
The call index contains an index of all method calls in controllers, models, and views. This allows very fast look up of method calls, which is the majority of what the checks look for.
lib/brakeman/options.rb
This module provides command line option parsing for Brakeman (or other utilities that want to offer the same options).
lib/brakeman/version.rb
The version number.
lib/checks/base_check.rb
All checks should inherit from this class. It includes methods for managing duplicate warnings, finding user input, checking version numbers, and more. It is also a subclass of SexpProcessor, so it can handle searching over Sexps.
lib/processors/base_processor.rb
Most processors inherit from this class, which also subclasses SexpProcessor. It manages many of the common node types and sets up Sexp handling.