ronin-code-sql 2.0.0 → 2.1.1

data/lib/ronin/code/sql/field.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -18,8 +18,8 @@
 # along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/code/sql/operators'
-require 'ronin/code/sql/emittable'
+require_relative 'operators'
+require_relative 'emittable'
 
 module Ronin
   module Code
@@ -29,22 +29,33 @@ module Ronin
       #
       # @api semipublic
       #
-      class Field < Struct.new(:name,:parent)
+      class Field
 
         include Operators
         include Emittable
 
+        # The name of the field.
+        #
+        # @return [String]
+        attr_reader :name
+
+        # The parent of the field name.
+        #
+        # @return [Field, nil]
+        attr_reader :parent
+
         #
         # Initializes the new field.
         #
         # @param [String] name
         #   The name of the field.
         #
-        # @param [Field] parent
+        # @param [Field, nil] parent
         #   The parent of the field.
         #
         def initialize(name,parent=nil)
-          super(name.to_s,parent)
+          @name   = name.to_s
+          @parent = parent
         end
 
         #
@@ -59,13 +70,27 @@ module Ronin
           names = name.to_s.split('.',3)
           field = nil
 
-          names.each { |name| field = new(name,field) }
+          names.each { |keyword| field = new(keyword,field) }
 
           return field
         end
 
         alias to_str to_s
 
+        #
+        # Determines if the field responds to the given method.
+        #
+        # @param [Symbol] name
+        #   The method name.
+        #
+        # @return [Boolean]
+        #   Will return false if the field already has two parents, otherwise
+        #   will return true.
+        #
+        def respond_to_missing?(name)
+          self.parent.nil? || self.parent.parent.nil?
+        end
+
         protected
 
         #

data/lib/ronin/code/sql/fields.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -18,7 +18,7 @@
 # along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/code/sql/field'
+require_relative 'field'
 
 module Ronin
   module Code

data/lib/ronin/code/sql/function.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -18,8 +18,8 @@
 # along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/code/sql/operators'
-require 'ronin/code/sql/emittable'
+require_relative 'operators'
+require_relative 'emittable'
 
 module Ronin
   module Code
@@ -29,11 +29,21 @@ module Ronin
       #
       # @api semipublic
       #
-      class Function < Struct.new(:name,:arguments)
+      class Function
 
         include Operators
         include Emittable
 
+        # The function's name.
+        #
+        # @return [Symbol]
+        attr_reader :name
+
+        # The function's arguments.
+        #
+        # @return [Array]
+        attr_reader :arguments
+
         #
         # Creates a new Function object.
         #
@@ -41,10 +51,11 @@ module Ronin
         #   The name of the function.
         #
         # @param [Array] arguments
-        #   The arguments of the function.
+        #   The arguments being passed to the function.
         #
         def initialize(name,*arguments)
-          super(name,arguments)
+          @name      = name
+          @arguments = arguments
         end
 
       end

data/lib/ronin/code/sql/functions.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -18,7 +18,7 @@
 # along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/code/sql/function'
+require_relative 'function'
 
 module Ronin
   module Code
@@ -101,7 +101,7 @@ module Ronin
         #
         # The `SQRT` function.
         #
-        # @param [Field, Symbol] field
+        # @param [Field, Function, Symbol, Numeric] field
         #   The field to aggregate.
         #
         # @return [Function]
@@ -502,18 +502,6 @@ module Ronin
           Function.new(:SIN,x)
         end
 
-        #
-        # The `SQRT` function.
-        #
-        # @param [Field, Function, Symbol, Numeric] x
-        #
-        # @return [Function]
-        #   The new function.
-        #
-        def sqrt(x)
-          Function.new(:SQRT,x)
-        end
-
         #
         # The `STD` function.
         #
@@ -1045,7 +1033,7 @@ module Ronin
         def replace(string,from_string,to_string)
           Function.new(:REPLACE,string,from_string,to_string)
         end
-        
+
         #
         # The `REVERSE` function.
         #

data/lib/ronin/code/sql/injection.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -18,10 +18,10 @@
 # along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/code/sql/literals'
-require 'ronin/code/sql/clauses'
-require 'ronin/code/sql/injection_expr'
-require 'ronin/code/sql/statement_list'
+require_relative 'literals'
+require_relative 'clauses'
+require_relative 'injection_expr'
+require_relative 'statement_list'
 
 module Ronin
   module Code
@@ -145,17 +145,17 @@ module Ronin
           when :string, :list
             if (terminate || (sql[0,1] != sql[-1,1]))
               # terminate the expression
-              sql << ';--'
+              sql << ';' << emitter.emit_comment
             else
               sql = sql[0..-2]
             end
 
             # balance the quotes
-            sql = sql[1..-1]
+            sql = sql[1..]
           else
             if terminate
               # terminate the expression
-              sql << ';--'
+              sql << ';' << emitter.emit_comment
             end
           end
 

data/lib/ronin/code/sql/injection_expr.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -18,12 +18,12 @@
 # along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/code/sql/binary_expr'
-require 'ronin/code/sql/literals'
-require 'ronin/code/sql/fields'
-require 'ronin/code/sql/functions'
-require 'ronin/code/sql/statements'
-require 'ronin/code/sql/emittable'
+require_relative 'binary_expr'
+require_relative 'literals'
+require_relative 'fields'
+require_relative 'functions'
+require_relative 'statements'
+require_relative 'emittable'
 
 module Ronin
   module Code

data/lib/ronin/code/sql/literal.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -18,8 +18,8 @@
 # along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/code/sql/emittable'
-require 'ronin/code/sql/operators'
+require_relative 'emittable'
+require_relative 'operators'
 
 module Ronin
   module Code
@@ -29,11 +29,26 @@ module Ronin
       #
       # @api semipublic
       #
-      class Literal < Struct.new(:value)
+      class Literal
 
         include Operators
         include Emittable
 
+        # The literal value.
+        #
+        # @return [String, Integer, Float, :NULL]
+        attr_reader :value
+
+        #
+        # Initializes the literal value.
+        #
+        # @param [String, Integer, Float, :NULL] value
+        #   The value for the literal.
+        #
+        def initialize(value)
+          @value = value
+        end
+
       end
     end
   end

data/lib/ronin/code/sql/literals.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -18,7 +18,7 @@
 # along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/code/sql/literal'
+require_relative 'literal'
 
 module Ronin
   module Code

data/lib/ronin/code/sql/mixin.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+#
+# ronin-code-sql - A Ruby DSL for crafting SQL Injections.
+#
+# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-code-sql is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-code-sql is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require_relative 'statement_list'
+require_relative 'injection'
+
+module Ronin
+  module Code
+    module SQL
+      #
+      # Adds helper methods for building SQL or SQL injections.
+      #
+      # @since 2.1.0
+      #
+      module Mixin
+        #
+        # Creates a new SQL statement list.
+        #
+        # @yield [(statements)]
+        #   If a block is given, it will be evaluated within the statement list.
+        #   If the block accepts an argument, the block will be called with the
+        #   new statement list.
+        #
+        # @yieldparam [StatementList] statements
+        #   The new statement list.
+        #
+        # @return [StatementList]
+        #   The new SQL statement list.
+        #
+        # @example
+        #   sql { select(1,2,3,4,id).from(users) }
+        #   # => #<Ronin::Code::SQL::StatementList: SELECT (1,2,3,4,id) FROM users>
+        #
+        # @api public
+        #
+        def sql(&block)
+          StatementList.new(&block)
+        end
+
+        #
+        # Creates a new SQL injection (SQLi)
+        #
+        # @param [Hash{Symbol => Object}] kwargs
+        #   Additional keyword arguments for {Injection#initialize}.
+        #
+        # @option kwargs [:integer, :decimal, :string, :column] :escape
+        #   The type of element to escape out of.
+        #
+        # @option kwargs [Boolean] :terminate
+        #   Specifies whether to terminate the SQLi with a comment.
+        #
+        # @option kwargs [String, Symbol, Integer] :place_holder
+        #   Place-holder data.
+        #
+        # @yield [(injection)]
+        #   If a block is given, it will be evaluated within the injection.
+        #   If the block accepts an argument, the block will be called with the
+        #   new injection.
+        #
+        # @yieldparam [Injection] injection
+        #   The new injection.
+        #
+        # @return [Injection]
+        #   The new SQL injection.
+        #
+        # @example
+        #   sqli { self.and { 1 == 1 }.select(1,2,3,4,id).from(users) }
+        #   # => #<Ronin::Code::SQL::Injection: 1 AND 1=1; SELECT (1,2,3,4,id) FROM users; SELECT (1,2,3,4,id) FROM users>
+        #
+        # @api public
+        #
+        def sqli(**kwargs,&block)
+          Injection.new(**kwargs,&block)
+        end
+      end
+    end
+  end
+end

data/lib/ronin/code/sql/operators.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/code/sql/statement.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -18,11 +18,11 @@
 # along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/code/sql/literals'
-require 'ronin/code/sql/clause'
-require 'ronin/code/sql/clauses'
-require 'ronin/code/sql/operators'
-require 'ronin/code/sql/emittable'
+require_relative 'literals'
+require_relative 'clause'
+require_relative 'clauses'
+require_relative 'operators'
+require_relative 'emittable'
 
 module Ronin
   module Code
@@ -32,13 +32,23 @@ module Ronin
       #
       # @api semipublic
       #
-      class Statement < Struct.new(:keyword,:argument)
+      class Statement
 
         include Literals
         include Operators
         include Clauses
         include Emittable
 
+        # The statement name.
+        #
+        # @return [Symbol, Array<Symbol>]
+        attr_reader :keyword
+
+        # The statement's argument.
+        #
+        # @return [Object, nil]
+        attr_reader :argument
+
         #
         # Initializes a new SQL statement.
         #
@@ -56,7 +66,8 @@ module Ronin
         #   Otherwise the block will be evaluated within the statement.
         #
         def initialize(keyword,argument=nil,&block)
-          super(keyword,argument)
+          @keyword  = keyword
+          @argument = argument
 
           if block
             case block.arity

data/lib/ronin/code/sql/statement_list.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -18,14 +18,14 @@
 # along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/code/sql/field'
-require 'ronin/code/sql/fields'
-require 'ronin/code/sql/unary_expr'
-require 'ronin/code/sql/binary_expr'
-require 'ronin/code/sql/functions'
-require 'ronin/code/sql/statement'
-require 'ronin/code/sql/statements'
-require 'ronin/code/sql/emittable'
+require_relative 'field'
+require_relative 'fields'
+require_relative 'unary_expr'
+require_relative 'binary_expr'
+require_relative 'functions'
+require_relative 'statement'
+require_relative 'statements'
+require_relative 'emittable'
 
 module Ronin
   module Code

data/lib/ronin/code/sql/statements.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/code/sql/unary_expr.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -18,7 +18,7 @@
 # along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/code/sql/emittable'
+require_relative 'emittable'
 
 module Ronin
   module Code
@@ -28,10 +28,32 @@ module Ronin
       #
       # @api semipublic
       #
-      class UnaryExpr < Struct.new(:operator,:operand)
+      class UnaryExpr
 
         include Emittable
 
+        # The unary operator symbol.
+        #
+        # @return [Symbol]
+        attr_reader :operator
+
+        # The unary operand.
+        #
+        # @return [Statement, BinaryExpr, Function, Field, Literal]
+        attr_reader :operand
+
+        #
+        # Initializes the unary expression.
+        #
+        # @param [Symbol] operator
+        #
+        # @param [Statement, BinaryExpr, Function, Field, Literal] operand
+        #
+        def initialize(operator,operand)
+          @operator = operator
+          @operand  = operand
+        end
+
       end
     end
   end

data/lib/ronin/code/sql/version.rb

@@ -2,7 +2,7 @@
 #
 # ronin-code-sql - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-code-sql is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -21,8 +21,8 @@
 module Ronin
   module Code
     module SQL
-      # Ronin SQL version
-      VERSION = '2.0.0'
+      # ronin-code-sql version
+      VERSION = '2.1.1'
     end
   end
 end