ronin-code-sql 2.0.0.beta1 → 2.1.0

data/lib/ronin/code/sql/field.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -29,22 +29,33 @@ module Ronin
       #
       # @api semipublic
       #
-      class Field < Struct.new(:name,:parent)
+      class Field
 
         include Operators
         include Emittable
 
+        # The name of the field.
+        #
+        # @return [String]
+        attr_reader :name
+
+        # The parent of the field name.
+        #
+        # @return [Field, nil]
+        attr_reader :parent
+
         #
         # Initializes the new field.
         #
         # @param [String] name
         #   The name of the field.
         #
-        # @param [Field] parent
+        # @param [Field, nil] parent
         #   The parent of the field.
         #
         def initialize(name,parent=nil)
-          super(name.to_s,parent)
+          @name   = name.to_s
+          @parent = parent
         end
 
         #
@@ -59,13 +70,27 @@ module Ronin
           names = name.to_s.split('.',3)
           field = nil
 
-          names.each { |name| field = new(name,field) }
+          names.each { |keyword| field = new(keyword,field) }
 
           return field
         end
 
         alias to_str to_s
 
+        #
+        # Determines if the field responds to the given method.
+        #
+        # @param [Symbol] name
+        #   The method name.
+        #
+        # @return [Boolean]
+        #   Will return false if the field already has two parents, otherwise
+        #   will return true.
+        #
+        def respond_to_missing?(name)
+          self.parent.nil? || self.parent.parent.nil?
+        end
+
         protected
 
         #
@@ -75,7 +100,7 @@ module Ronin
         #   The sub-field name.
         #
         # @param [Array] arguments
-        #   Additional mehtod arguments.
+        #   Additional method arguments.
         #
         # @return [Field]
         #   The sub-field for the given name.

data/lib/ronin/code/sql/fields.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/code/sql/function.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -29,11 +29,21 @@ module Ronin
       #
       # @api semipublic
       #
-      class Function < Struct.new(:name,:arguments)
+      class Function
 
         include Operators
         include Emittable
 
+        # The function's name.
+        #
+        # @return [Symbol]
+        attr_reader :name
+
+        # The function's arguments.
+        #
+        # @return [Array]
+        attr_reader :arguments
+
         #
         # Creates a new Function object.
         #
@@ -41,10 +51,11 @@ module Ronin
         #   The name of the function.
         #
         # @param [Array] arguments
-        #   The arguments of the function.
+        #   The arguments being passed to the function.
         #
         def initialize(name,*arguments)
-          super(name,arguments)
+          @name      = name
+          @arguments = arguments
         end
 
       end

data/lib/ronin/code/sql/functions.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -101,7 +101,7 @@ module Ronin
         #
         # The `SQRT` function.
         #
-        # @param [Field, Symbol] field
+        # @param [Field, Function, Symbol, Numeric] field
         #   The field to aggregate.
         #
         # @return [Function]
@@ -502,18 +502,6 @@ module Ronin
           Function.new(:SIN,x)
         end
 
-        #
-        # The `SQRT` function.
-        #
-        # @param [Field, Function, Symbol, Numeric] x
-        #
-        # @return [Function]
-        #   The new function.
-        #
-        def sqrt(x)
-          Function.new(:SQRT,x)
-        end
-
         #
         # The `STD` function.
         #
@@ -1045,7 +1033,7 @@ module Ronin
         def replace(string,from_string,to_string)
           Function.new(:REPLACE,string,from_string,to_string)
         end
-        
+
         #
         # The `REVERSE` function.
         #

data/lib/ronin/code/sql/injection.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -145,17 +145,17 @@ module Ronin
           when :string, :list
             if (terminate || (sql[0,1] != sql[-1,1]))
               # terminate the expression
-              sql << ';--'
+              sql << ';' << emitter.emit_comment
             else
               sql = sql[0..-2]
             end
 
             # balance the quotes
-            sql = sql[1..-1]
+            sql = sql[1..]
           else
             if terminate
               # terminate the expression
-              sql << ';--'
+              sql << ';' << emitter.emit_comment
             end
           end
 

data/lib/ronin/code/sql/injection_expr.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/code/sql/literal.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -29,11 +29,26 @@ module Ronin
       #
       # @api semipublic
       #
-      class Literal < Struct.new(:value)
+      class Literal
 
         include Operators
         include Emittable
 
+        # The literal value.
+        #
+        # @return [String, Integer, Float, :NULL]
+        attr_reader :value
+
+        #
+        # Initializes the literal value.
+        #
+        # @param [String, Integer, Float, :NULL] value
+        #   The value for the literal.
+        #
+        def initialize(value)
+          @value = value
+        end
+
       end
     end
   end

data/lib/ronin/code/sql/literals.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/code/sql/mixin.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+#
+# ronin-code-sql - A Ruby DSL for crafting SQL Injections.
+#
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-code-sql is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-code-sql is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/code/sql/statement_list'
+require 'ronin/code/sql/injection'
+
+module Ronin
+  module Code
+    module SQL
+      #
+      # Adds helper methods for building SQL or SQL injections.
+      #
+      # @since 2.1.0
+      #
+      module Mixin
+        #
+        # Creates a new SQL statement list.
+        #
+        # @yield [(statements)]
+        #   If a block is given, it will be evaluated within the statement list.
+        #   If the block accepts an argument, the block will be called with the
+        #   new statement list.
+        #
+        # @yieldparam [StatementList] statements
+        #   The new statement list.
+        #
+        # @return [StatementList]
+        #   The new SQL statement list.
+        #
+        # @example
+        #   sql { select(1,2,3,4,id).from(users) }
+        #   # => #<Ronin::Code::SQL::StatementList: SELECT (1,2,3,4,id) FROM users>
+        #
+        # @api public
+        #
+        def sql(&block)
+          StatementList.new(&block)
+        end
+
+        #
+        # Creates a new SQL injection (SQLi)
+        #
+        # @param [Hash{Symbol => Object}] kwargs
+        #   Additional keyword arguments for {Injection#initialize}.
+        #
+        # @option kwargs [:integer, :decimal, :string, :column] :escape
+        #   The type of element to escape out of.
+        #
+        # @option kwargs [Boolean] :terminate
+        #   Specifies whether to terminate the SQLi with a comment.
+        #
+        # @option kwargs [String, Symbol, Integer] :place_holder
+        #   Place-holder data.
+        #
+        # @yield [(injection)]
+        #   If a block is given, it will be evaluated within the injection.
+        #   If the block accepts an argument, the block will be called with the
+        #   new injection.
+        #
+        # @yieldparam [Injection] injection
+        #   The new injection.
+        #
+        # @return [Injection]
+        #   The new SQL injection.
+        #
+        # @example
+        #   sqli { self.and { 1 == 1 }.select(1,2,3,4,id).from(users) }
+        #   # => #<Ronin::Code::SQL::Injection: 1 AND 1=1; SELECT (1,2,3,4,id) FROM users; SELECT (1,2,3,4,id) FROM users>
+        #
+        # @api public
+        #
+        def sqli(**kwargs,&block)
+          Injection.new(**kwargs,&block)
+        end
+      end
+    end
+  end
+end

data/lib/ronin/code/sql/operators.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/code/sql/statement.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -32,13 +32,23 @@ module Ronin
       #
       # @api semipublic
       #
-      class Statement < Struct.new(:keyword,:argument)
+      class Statement
 
         include Literals
         include Operators
         include Clauses
         include Emittable
 
+        # The statement name.
+        #
+        # @return [Symbol, Array<Symbol>]
+        attr_reader :keyword
+
+        # The statement's argument.
+        #
+        # @return [Object, nil]
+        attr_reader :argument
+
         #
         # Initializes a new SQL statement.
         #
@@ -56,7 +66,8 @@ module Ronin
         #   Otherwise the block will be evaluated within the statement.
         #
         def initialize(keyword,argument=nil,&block)
-          super(keyword,argument)
+          @keyword  = keyword
+          @argument = argument
 
           if block
             case block.arity

data/lib/ronin/code/sql/statement_list.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/code/sql/statements.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/code/sql/unary_expr.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -28,10 +28,32 @@ module Ronin
       #
       # @api semipublic
       #
-      class UnaryExpr < Struct.new(:operator,:operand)
+      class UnaryExpr
 
         include Emittable
 
+        # The unary operator symbol.
+        #
+        # @return [Symbol]
+        attr_reader :operator
+
+        # The unary operand.
+        #
+        # @return [Statement, BinaryExpr, Function, Field, Literal]
+        attr_reader :operand
+
+        #
+        # Initializes the unary expression.
+        #
+        # @param [Symbol] operator
+        #
+        # @param [Statement, BinaryExpr, Function, Field, Literal] operand
+        #
+        def initialize(operator,operand)
+          @operator = operator
+          @operand  = operand
+        end
+
       end
     end
   end

data/lib/ronin/code/sql/version.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -21,8 +21,8 @@
 module Ronin
   module Code
     module SQL
-      # Ronin SQL version
-      VERSION = '2.0.0.beta1'
+      # ronin-code-sql version
+      VERSION = '2.1.0'
     end
   end
 end

data/lib/ronin/code/sql.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -18,8 +18,8 @@
 # along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/code/sql/statement_list'
-require 'ronin/code/sql/injection'
+require 'ronin/code/sql/mixin'
+require 'ronin/code/sqli'
 
 module Ronin
   module Code
@@ -30,67 +30,8 @@ module Ronin
     # @see http://en.wikipedia.org/wiki/SQL_injection
     #
     module SQL
-
-      #
-      # Creates a new SQL statement list.
-      #
-      # @yield [(statements)]
-      #   If a block is given, it will be evaluated within the statement list.
-      #   If the block accepts an argument, the block will be called with the
-      #   new statement list.
-      #
-      # @yieldparam [StatementList] statements
-      #   The new statement list.
-      #
-      # @return [StatementList]
-      #   The new SQL statement list.
-      #
-      # @example
-      #   sql { select(1,2,3,4,id).from(users) }
-      #   # => #<Ronin::Code::SQL::StatementList: SELECT (1,2,3,4,id) FROM users>
-      #
-      # @api public
-      #
-      def sql(&block)
-        StatementList.new(&block)
-      end
-
-      #
-      # Creates a new SQL injection (SQLi)
-      #
-      # @param [Hash{Symbol => Object}] kwargs
-      #   Additional keyword arguments for {Injection#initialize}.
-      #
-      # @option kwargs [:integer, :decimal, :string, :column] :escape
-      #   The type of element to escape out of.
-      #
-      # @option kwargs [Boolean] :terminate
-      #   Specifies whether to terminate the SQLi with a comment.
-      #
-      # @option kwargs [String, Symbol, Integer] :place_holder
-      #   Place-holder data.
-      #
-      # @yield [(injection)]
-      #   If a block is given, it will be evaluated within the injection.
-      #   If the block accepts an argument, the block will be called with the
-      #   new injection.
-      #
-      # @yieldparam [Injection] injection
-      #   The new injection.
-      #
-      # @return [Injection]
-      #   The new SQL injection.
-      #
-      # @example
-      #   sqli { self.and { 1 == 1 }.select(1,2,3,4,id).from(users) }
-      #   # => #<Ronin::Code::SQL::Injection: 1 AND 1=1; SELECT (1,2,3,4,id) FROM users; SELECT (1,2,3,4,id) FROM users>
-      #
-      # @api public
-      #
-      def sqli(**kwargs,&block)
-        Injection.new(**kwargs,&block)
-      end
-
+      include Mixin
+      extend Mixin
     end
   end
 end

data/lib/ronin/code/sqli.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+#
+# ronin-code-sql - A Ruby DSL for crafting SQL Injections.
+#
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-code-sql is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-code-sql is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/code/sql/injection'
+
+module Ronin
+  module Code
+    # Alias for {SQL::Injection}.
+    #
+    # @since 2.1.0
+    SQLI = SQL::Injection
+  end
+end

data/ronin-code-sql.gemspec

@@ -1,4 +1,4 @@
-# encoding: utf-8
+# frozen_string_literal: true
 
 require 'yaml'
 
@@ -22,19 +22,19 @@ Gem::Specification.new do |gem|
   gem.homepage    = gemspec['homepage']
   gem.metadata    = gemspec['metadata'] if gemspec['metadata']
 
-  glob = lambda { |patterns| gem.files & Dir[*patterns] }
+  glob = ->(patterns) { gem.files & Dir[*patterns] }
 
   gem.files  = `git ls-files`.split($/)
   gem.files  = glob[gemspec['files']] if gemspec['files']
   gem.files += Array(gemspec['generated_files'])
+  # exclude test files from the packages gem
+  gem.files -= glob[gemspec['test_files'] || 'spec/{**/}*']
 
   gem.executables = gemspec.fetch('executables') do
     glob['bin/*'].map { |path| File.basename(path) }
   end
-  gem.default_executable = gem.executables.first if Gem::VERSION < '1.7.'
 
   gem.extensions       = glob[gemspec['extensions'] || 'ext/**/extconf.rb']
-  gem.test_files       = glob[gemspec['test_files'] || 'spec/{**/}*_spec.rb']
   gem.extra_rdoc_files = glob[gemspec['extra_doc_files'] || '*.{txt,md}']
 
   gem.require_paths = Array(gemspec.fetch('require_paths') {
@@ -46,7 +46,7 @@ Gem::Specification.new do |gem|
   gem.required_rubygems_version = gemspec['required_rubygems_version']
   gem.post_install_message      = gemspec['post_install_message']
 
-  split = lambda { |string| string.split(/,\s*/) }
+  split = ->(string) { string.split(/,\s*/) }
 
   if gemspec['dependencies']
     gemspec['dependencies'].each do |name,versions|