ronin-code-sql 2.0.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bebb1935967905988d415c412fa1a88b3e8785da8ec9c22cfcd9e9a9ec4a7a34
-  data.tar.gz: dd91249093d87d6d351fd4f4a766010e053ed780b419e5e370395e5d168a1d1f
+  metadata.gz: 8ef7433a57468588fad1becd6d4bc48e5e9a63ec137ff6f6e4ae8be967654267
+  data.tar.gz: 218ff08b369ef3287e22f59f0274b23e27685ae4812db11aff064485be14c3e6
 SHA512:
-  metadata.gz: efdbd2b72acd2d75865109d0b803c5a65681085c7fd76cef7c630da3fade71326aa982328cf0ec2dc30ca4e4929f3a52b767872405dc1584246629da1f94ccc3
-  data.tar.gz: c8fec6e491e0cea640b18ea4be2d4ff479e679f15eaddaafbbc07b17b28fe1c8a3a32b96243237f2904850dae3397bcc8c4a3ed45b5fb3c109a0dd28a4104b3f
+  metadata.gz: 6b8b697faf3a989d20c174975cee3a2a1d674f6e0154583e7906987b048a6fd000a4d8c1491fac55297a7fbe72e46fc9eb04b6d71fe4fec0f4a036dbfa122db3
+  data.tar.gz: f474ebf13c229500a6117fce4f23b06d7072de914c257b76aeded05d2c801a0ecf4b92e397ba674b6ec68e82d48888f9639f709bcd8444dd88449bc532868b84

data/.github/workflows/ruby.yml

@@ -26,3 +26,17 @@ jobs:
         run: bundle install --jobs 4 --retry 3
       - name: Run tests
         run: bundle exec rake test
+
+  # rubocop linting
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+      - name: Run rubocop
+        run: bundle exec rubocop --parallel

data/.rubocop.yml

@@ -0,0 +1,13 @@
+AllCops:
+  NewCops: enable
+  SuggestExtensions: false
+  TargetRubyVersion: 3.1
+
+inherit_gem:
+  rubocop-ronin: rubocop.yml
+
+#
+# ronin-code-sql specific exceptions
+#
+Lint/BinaryOperatorWithIdenticalOperands: { Exclude: ['spec/**/*_spec.rb'] }
+Naming/MethodParameterName: { Exclude: ['lib/ronin/code/sql/functions.rb'] }

data/ChangeLog.md

@@ -1,4 +1,13 @@
-### 2.0.0 / 2023-XX-XX
+### 2.1.0 / 2023-06-26
+
+* Added {Ronin::Code::SQL::Mixin}.
+* Added {Ronin::Code::SQLI} as an alias for {Ronin::Code::SQL::Injection}.
+* Added support for the `syntax:` and `comment:` keyword arguments to
+  {Ronin::Code::SQL::Statement#to_sql} and {Ronin::Code::SQL::Injection#to_sql}.
+* Added {Ronin::Code::SQL::Clauses#order_by}.
+* Added {Ronin::Code::SQL::Emitter#emit_comment}.
+
+### 2.0.0 / 2023-02-01
 
 * Require `ruby` >= 3.0.0.
 * Added [ronin-support] ~> 0.1 as a dependency.

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 gemspec
@@ -25,4 +27,6 @@ group :development do
   gem 'dead_end',        require: false
   gem 'sord',            require: false, platform: :mri
   gem 'stackprof',       require: false, platform: :mri
+  gem 'rubocop',         require: false, platform: :mri
+  gem 'rubocop-ronin',   require: false, platform: :mri
 end

data/README.md

@@ -61,7 +61,7 @@ string.sql_decode
 Injecting a `1=1` test into a Integer comparison:
 
 ```ruby
-sqli = Ronin::Code::SQL::Injection.new
+sqli = Ronin::Code::SQLI.new
 sqli.or { 1 == 1 }
 puts sqli
 # 1 OR 1=1
@@ -70,7 +70,7 @@ puts sqli
 Injecting a `1=1` test into a String comparison:
 
 ```ruby
-sqli = Ronin::Code::SQL::Injection.new(escape: :string)
+sqli = Ronin::Code::SQLI.new(escape: :string)
 sqli.or { string(1) == string(1) }
 puts sqli
 # 1' OR '1'='1
@@ -79,7 +79,7 @@ puts sqli
 Columns:
 
 ```ruby
-sqli = Ronin::Code::SQL::Injection.new
+sqli = Ronin::Code::SQLI.new
 sqli.and { admin == 1 }
 puts sqli
 # 1 AND admin=1
@@ -88,7 +88,7 @@ puts sqli
 Clauses:
 
 ```ruby
-sqli = Ronin::Code::SQL::Injection.new
+sqli = Ronin::Code::SQLI.new
 sqli.or { 1 == 1 }.limit(0)
 puts sqli
 # 1 OR 1=1 LIMIT 0
@@ -97,7 +97,7 @@ puts sqli
 Statements:
 
 ```ruby
-sqli = Ronin::Code::SQL::Injection.new
+sqli = Ronin::Code::SQLI.new
 sqli.and { 1 == 0 }
 sqli.insert.into(:users).values('hacker','passw0rd','t')
 puts sqli
@@ -107,7 +107,7 @@ puts sqli
 Sub-Statements:
 
 ```ruby
-sqli = Ronin::Code::SQL::Injection.new
+sqli = Ronin::Code::SQLI.new
 sqli.union { select(1,2,3,4,id).from(users) }
 puts sqli
 # 1 UNION SELECT (1,2,3,4,id) FROM users
@@ -116,7 +116,7 @@ puts sqli
 Test if a table exists:
 
 ```ruby
-sqli = Ronin::Code::SQL::Injection.new
+sqli = Ronin::Code::SQLI.new
 sqli.and { select(count).from(:users) == 1 }
 puts sqli
 # 1 AND (SELECT COUNT(*) FROM users)=1
@@ -125,7 +125,7 @@ puts sqli
 Create errors by using non-existent tables:
 
 ```ruby
-sqli = Ronin::Code::SQL::Injection.new(escape: :string)
+sqli = Ronin::Code::SQLI.new(escape: :string)
 sqli.and { non_existent_table == '1' }
 puts sqli
 # 1' AND non_existent_table='1
@@ -134,7 +134,7 @@ puts sqli
 Dumping all values of a column:
 
 ```ruby
-sqli = Ronin::Code::SQL::Injection.new(escape: :string)
+sqli = Ronin::Code::SQLI.new(escape: :string)
 sqli.or { username.is_not(null) }.or { username == '' }
 puts sqli
 # 1' OR username IS NOT NULL OR username='
@@ -143,7 +143,7 @@ puts sqli
 Enumerate through database table names:
 
 ```ruby
-sqli = Ronin::Code::SQL::Injection.new
+sqli = Ronin::Code::SQLI.new
 sqli.and {
   ascii(
     lower(
@@ -160,7 +160,7 @@ puts sqli
 Find user supplied tables via the `sysObjects` table:
 
 ```ruby
-sqli = Ronin::Code::SQL::Injection.new
+sqli = Ronin::Code::SQLI.new
 sqli.union_all {
   select(1,2,3,4,5,6,name).from(sysObjects).where { xtype == 'U' }
 }
@@ -171,12 +171,21 @@ puts sqli.to_sql(terminate: true)
 Bypass filters using `/**/` instead of spaces:
 
 ```ruby
-sqli = Ronin::Code::SQL::Injection.new
+sqli = Ronin::Code::SQLI.new
 sqli.union { select(1,2,3,4,id).from(users) }
 puts sqli.to_sql(space: '/**/')
 # 1/**/UNION/**/SELECT/**/(1,2,3,4,id)/**/FROM/**/users
 ```
 
+Bypass filters using MySQL `#` comments:
+
+```ruby
+sqli = Ronin::Code::SQLI.new
+sqli.or { 1 == 1 }
+puts sqli.to_sql(terminate: true, comment: '#')
+# 1 OR 1=1 OR 1=1;#
+```
+
 ## Requirements
 
 * [Ruby] >= 3.0.0

data/Rakefile

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'rubygems'
 
 begin

data/lib/ronin/code/sql/binary_expr.rb

@@ -29,11 +29,44 @@ module Ronin
       #
       # @api semipublic
       #
-      class BinaryExpr < Struct.new(:left,:operator,:right)
+      class BinaryExpr
 
         include Operators
         include Emittable
 
+        # The left-hand side of the binary expression.
+        #
+        # @return [Statement, Function, BinaryExpr, Field, Literal]
+        attr_reader :left
+
+        # The binary expression's operator.
+        #
+        # @return [Symbol]
+        attr_reader :operator
+
+        # The right-hand side of the binary expression.
+        #
+        # @return [Object]
+        attr_reader :right
+
+        #
+        # Initializes the binary expression.
+        #
+        # @param [Statement, Function, BinaryExpr, Field, Literal] left
+        #   The left-hand side of the binary expression.
+        #
+        # @param [Symbol] operator
+        #   The binary expression's operator.
+        #
+        # @param [Object] right
+        #   The right-hand side of the binary expression.
+        #
+        def initialize(left,operator,right)
+          @left     = left
+          @operator = operator
+          @right    = right
+        end
+
         #
         # Converts the binary expression to SQL.
         #

data/lib/ronin/code/sql/clause.rb

@@ -33,7 +33,7 @@ module Ronin
       #
       # @api semipublic
       #
-      class Clause < Struct.new(:keyword,:argument)
+      class Clause
 
         include Literals
         include Fields
@@ -41,13 +41,23 @@ module Ronin
         include Statements
         include Emittable
 
+        # The name of the clause.
+        #
+        # @return [Symbol]
+        attr_reader :keyword
+
+        # The clause's argument.
+        #
+        # @return [Object, nil]
+        attr_reader :argument
+
         #
         # Initializes the SQL clause.
         #
         # @param [Symbol] keyword
         #   The name of the clause.
         #
-        # @param [Object] argument
+        # @param [Object, nil] argument
         #   Additional argument for the clause.
         #
         # @yield [(clause)]
@@ -58,13 +68,14 @@ module Ronin
         #   Otherwise the block will be evaluated within the clause.
         #
         def initialize(keyword,argument=nil,&block)
-          super(keyword,argument)
+          @keyword  = keyword
+          @argument = argument
 
           if block
-            self.argument = case block.arity
-                            when 0 then instance_eval(&block)
-                            else        block.call(self)
-                            end
+            @argument = case block.arity
+                        when 0 then instance_eval(&block)
+                        else        block.call(self)
+                        end
           end
         end
 

data/lib/ronin/code/sql/clauses.rb

@@ -75,7 +75,7 @@ module Ronin
         #
         # Appends an `INTO` clause.
         #
-        # @param [Field, Symbol] table
+        # @param [Field, Symbol, nil] table
         #   The table to insert into.
         #
         # @return [self]
@@ -194,6 +194,20 @@ module Ronin
           clause([:GROUP, :BY],columns,&block)
         end
 
+        #
+        # Appends a `ORDER BY` clause.
+        #
+        # @param [Array<Field, Symbol>] columns
+        #   The columns for `ORDER BY`.
+        #
+        # @return [self]
+        #
+        # @since 2.1.0
+        #
+        def order_by(*columns,&block)
+          clause([:ORDER, :BY],columns,&block)
+        end
+
         #
         # Appends a `HAVING` clause.
         #
@@ -231,7 +245,7 @@ module Ronin
         # Appends a `TOP` clause.
         #
         # @param [Integer] value
-        #   The number of top rows to select. 
+        #   The number of top rows to select.
         #
         # @return [self]
         #
@@ -239,18 +253,6 @@ module Ronin
           clause(:TOP,value,&block)
         end
 
-        #
-        # Appends a `INTO` clause.
-        #
-        # @param [Field, Symbol] table
-        #   The table to insert/replace into.
-        #
-        # @return [self]
-        #
-        def into(table)
-          clause(:INTO,table)
-        end
-
         #
         # Appends a `VALUES` clause.
         #

data/lib/ronin/code/sql/emittable.rb

@@ -36,7 +36,7 @@ module Ronin
         #   Additional keyword arguments for {Emitter#initialize}.
         #
         # @api private
-        #   
+        #
         def emitter(**kwargs)
           Emitter.new(**kwargs)
         end
@@ -56,6 +56,13 @@ module Ronin
         # @option kwargs [:single, :double] :quotes (:single)
         #   Type of quotes to use for Strings.
         #
+        # @option kwargs [nil, :mysql, :postgres, :oracle, :mssql] :syntax
+        #   Specific SQL syntax to use.
+        #
+        # @option kwargs [nil, String] :comment
+        #   Optional String to use as the SQL comment when terminating
+        #   injection string
+        #
         # @return [String]
         #   The raw SQL.
         #

data/lib/ronin/code/sql/emitter.rb

@@ -31,14 +31,30 @@ module Ronin
       class Emitter
 
         # The case to use when emitting keywords
+        #
+        # @return [:lower, :upper, :random, nil]
         attr_reader :case
 
         # String to use for white-space
+        #
+        # @return [String]
         attr_reader :space
 
         # Type of String quotes to use
+        #
+        # @return [:single, :double]
         attr_reader :quotes
 
+        # Generate DB-specific code
+        #
+        # @return [nil, :mysql, :postgres, :oracle, :mssql]
+        attr_reader :syntax
+
+        # String to use as 'comment' or `nil` to let the emitter decide
+        #
+        # @return [String, nil]
+        attr_reader :comment
+
         #
         # Initializes the SQL Emitter.
         #
@@ -48,16 +64,24 @@ module Ronin
         # @param [:single, :double] quotes
         #   Type of quotes to use for Strings.
         #
+        # @param [nil, :mysql, :postgres, :oracle, :mssql] syntax
+        #   Syntax used during code-generation
+        #
+        # @param [nil, String] comment
+        #   String to use as the comment when terminating injection string
+        #
         # @param [Hash{Symbol => Object}] kwargs
         #   Emitter options.
         #
         # @option kwargs [:lower, :upper, :random, nil] :case
         #   Case for keywords.
         #
-        def initialize(space: ' ', quotes: :single, **kwargs)
-          @case   = kwargs[:case] # HACK: because `case` is a ruby keyword
-          @space  = space
-          @quotes = quotes
+        def initialize(space: ' ', quotes: :single, syntax: nil, comment: nil, **kwargs)
+          @case    = kwargs[:case] # HACK: because `case` is a ruby keyword
+          @syntax  = syntax
+          @comment = comment
+          @space   = space
+          @quotes  = quotes
         end
 
         #
@@ -70,36 +94,37 @@ module Ronin
         #   The raw SQL.
         #
         def emit_keyword(keyword)
-          keyword = Array(keyword).join(@space)
+          string = Array(keyword).join(@space)
 
           case @case
-          when :upper  then keyword.upcase
-          when :lower  then keyword.downcase
+          when :upper  then string.upcase
+          when :lower  then string.downcase
           when :random
-            keyword.tap do
-              (keyword.length / 2).times do
-                index = rand(keyword.length)
-                keyword[index] = keyword[index].swapcase
+            string.tap do
+              (string.length / 2).times do
+                index = rand(string.length)
+
+                string[index] = string[index].swapcase
               end
             end
           else
-            keyword
+            string
           end
         end
 
         #
         # Emits a SQL operator.
         #
-        # @param [Array<Symbol>, Symbol] op
+        # @param [Array<Symbol>, Symbol] operator
         #   The operator symbol.
         #
         # @return [String]
         #   The raw SQL.
         #
-        def emit_operator(op)
-          case op
-          when /^\W+$/          then op.to_s
-          else                       emit_keyword(op)
+        def emit_operator(operator)
+          case operator
+          when /^\W+$/ then operator.to_s
+          else              emit_keyword(operator)
           end
         end
 
@@ -132,6 +157,19 @@ module Ronin
           "1=1"
         end
 
+        #
+        # Emits a SQL comment.
+        #
+        # @return [String]
+        #   The raw SQL.
+        #
+        # @since 2.1.0
+        #
+        def emit_comment
+          # Return chosen comment or default one which works everywhere
+          @comment || '-- '
+        end
+
         #
         # Emits a SQL Integer.
         #
@@ -200,7 +238,7 @@ module Ronin
         #   The raw SQL.
         #
         def emit_list(list)
-          '(' + list.map { |element| emit(element) }.join(',') + ')'
+          "(#{list.map { |element| emit(element) }.join(',')})"
         end
 
         #
@@ -250,7 +288,8 @@ module Ronin
 
           case expr
           when BinaryExpr
-            left, right = emit_argument(expr.left), emit_argument(expr.right)
+            left  = emit_argument(expr.left)
+            right = emit_argument(expr.right)
 
             case op
             when /^\W+$/ then "#{left}#{op}#{right}"
@@ -366,16 +405,16 @@ module Ronin
           sql = emit_keyword(stmt.keyword)
 
           unless stmt.argument.nil?
-            case stmt.argument
-            when Array
-              sql << @space << if stmt.argument.length == 1
+            sql << @space << case stmt.argument
+                             when Array
+                               if stmt.argument.length == 1
                                  emit_argument(stmt.argument[0])
                                else
                                  emit_list(stmt.argument)
                                end
-            else
-              sql << @space << emit_argument(stmt.argument)
-            end
+                             else
+                               emit_argument(stmt.argument)
+                             end
           end
 
           unless stmt.clauses.empty?

data/lib/ronin/code/sql/field.rb

@@ -29,22 +29,33 @@ module Ronin
       #
       # @api semipublic
       #
-      class Field < Struct.new(:name,:parent)
+      class Field
 
         include Operators
         include Emittable
 
+        # The name of the field.
+        #
+        # @return [String]
+        attr_reader :name
+
+        # The parent of the field name.
+        #
+        # @return [Field, nil]
+        attr_reader :parent
+
         #
         # Initializes the new field.
         #
         # @param [String] name
         #   The name of the field.
         #
-        # @param [Field] parent
+        # @param [Field, nil] parent
         #   The parent of the field.
         #
         def initialize(name,parent=nil)
-          super(name.to_s,parent)
+          @name   = name.to_s
+          @parent = parent
         end
 
         #
@@ -59,13 +70,27 @@ module Ronin
           names = name.to_s.split('.',3)
           field = nil
 
-          names.each { |name| field = new(name,field) }
+          names.each { |keyword| field = new(keyword,field) }
 
           return field
         end
 
         alias to_str to_s
 
+        #
+        # Determines if the field responds to the given method.
+        #
+        # @param [Symbol] name
+        #   The method name.
+        #
+        # @return [Boolean]
+        #   Will return false if the field already has two parents, otherwise
+        #   will return true.
+        #
+        def respond_to_missing?(name)
+          self.parent.nil? || self.parent.parent.nil?
+        end
+
         protected
 
         #

data/lib/ronin/code/sql/function.rb

@@ -29,11 +29,21 @@ module Ronin
       #
       # @api semipublic
       #
-      class Function < Struct.new(:name,:arguments)
+      class Function
 
         include Operators
         include Emittable
 
+        # The function's name.
+        #
+        # @return [Symbol]
+        attr_reader :name
+
+        # The function's arguments.
+        #
+        # @return [Array]
+        attr_reader :arguments
+
         #
         # Creates a new Function object.
         #
@@ -41,10 +51,11 @@ module Ronin
         #   The name of the function.
         #
         # @param [Array] arguments
-        #   The arguments of the function.
+        #   The arguments being passed to the function.
         #
         def initialize(name,*arguments)
-          super(name,arguments)
+          @name      = name
+          @arguments = arguments
         end
 
       end

data/lib/ronin/code/sql/functions.rb

@@ -101,7 +101,7 @@ module Ronin
         #
         # The `SQRT` function.
         #
-        # @param [Field, Symbol] field
+        # @param [Field, Function, Symbol, Numeric] field
         #   The field to aggregate.
         #
         # @return [Function]
@@ -502,18 +502,6 @@ module Ronin
           Function.new(:SIN,x)
         end
 
-        #
-        # The `SQRT` function.
-        #
-        # @param [Field, Function, Symbol, Numeric] x
-        #
-        # @return [Function]
-        #   The new function.
-        #
-        def sqrt(x)
-          Function.new(:SQRT,x)
-        end
-
         #
         # The `STD` function.
         #
@@ -1045,7 +1033,7 @@ module Ronin
         def replace(string,from_string,to_string)
           Function.new(:REPLACE,string,from_string,to_string)
         end
-        
+
         #
         # The `REVERSE` function.
         #

data/lib/ronin/code/sql/injection.rb

@@ -145,17 +145,17 @@ module Ronin
           when :string, :list
             if (terminate || (sql[0,1] != sql[-1,1]))
               # terminate the expression
-              sql << ';--'
+              sql << ';' << emitter.emit_comment
             else
               sql = sql[0..-2]
             end
 
             # balance the quotes
-            sql = sql[1..-1]
+            sql = sql[1..]
           else
             if terminate
               # terminate the expression
-              sql << ';--'
+              sql << ';' << emitter.emit_comment
             end
           end
 

data/lib/ronin/code/sql/literal.rb

@@ -29,11 +29,26 @@ module Ronin
       #
       # @api semipublic
       #
-      class Literal < Struct.new(:value)
+      class Literal
 
         include Operators
         include Emittable
 
+        # The literal value.
+        #
+        # @return [String, Integer, Float, :NULL]
+        attr_reader :value
+
+        #
+        # Initializes the literal value.
+        #
+        # @param [String, Integer, Float, :NULL] value
+        #   The value for the literal.
+        #
+        def initialize(value)
+          @value = value
+        end
+
       end
     end
   end

data/lib/ronin/code/sql/mixin.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+#
+# ronin-code-sql - A Ruby DSL for crafting SQL Injections.
+#
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-code-sql is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-code-sql is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/code/sql/statement_list'
+require 'ronin/code/sql/injection'
+
+module Ronin
+  module Code
+    module SQL
+      #
+      # Adds helper methods for building SQL or SQL injections.
+      #
+      # @since 2.1.0
+      #
+      module Mixin
+        #
+        # Creates a new SQL statement list.
+        #
+        # @yield [(statements)]
+        #   If a block is given, it will be evaluated within the statement list.
+        #   If the block accepts an argument, the block will be called with the
+        #   new statement list.
+        #
+        # @yieldparam [StatementList] statements
+        #   The new statement list.
+        #
+        # @return [StatementList]
+        #   The new SQL statement list.
+        #
+        # @example
+        #   sql { select(1,2,3,4,id).from(users) }
+        #   # => #<Ronin::Code::SQL::StatementList: SELECT (1,2,3,4,id) FROM users>
+        #
+        # @api public
+        #
+        def sql(&block)
+          StatementList.new(&block)
+        end
+
+        #
+        # Creates a new SQL injection (SQLi)
+        #
+        # @param [Hash{Symbol => Object}] kwargs
+        #   Additional keyword arguments for {Injection#initialize}.
+        #
+        # @option kwargs [:integer, :decimal, :string, :column] :escape
+        #   The type of element to escape out of.
+        #
+        # @option kwargs [Boolean] :terminate
+        #   Specifies whether to terminate the SQLi with a comment.
+        #
+        # @option kwargs [String, Symbol, Integer] :place_holder
+        #   Place-holder data.
+        #
+        # @yield [(injection)]
+        #   If a block is given, it will be evaluated within the injection.
+        #   If the block accepts an argument, the block will be called with the
+        #   new injection.
+        #
+        # @yieldparam [Injection] injection
+        #   The new injection.
+        #
+        # @return [Injection]
+        #   The new SQL injection.
+        #
+        # @example
+        #   sqli { self.and { 1 == 1 }.select(1,2,3,4,id).from(users) }
+        #   # => #<Ronin::Code::SQL::Injection: 1 AND 1=1; SELECT (1,2,3,4,id) FROM users; SELECT (1,2,3,4,id) FROM users>
+        #
+        # @api public
+        #
+        def sqli(**kwargs,&block)
+          Injection.new(**kwargs,&block)
+        end
+      end
+    end
+  end
+end

data/lib/ronin/code/sql/statement.rb

@@ -32,13 +32,23 @@ module Ronin
       #
       # @api semipublic
       #
-      class Statement < Struct.new(:keyword,:argument)
+      class Statement
 
         include Literals
         include Operators
         include Clauses
         include Emittable
 
+        # The statement name.
+        #
+        # @return [Symbol, Array<Symbol>]
+        attr_reader :keyword
+
+        # The statement's argument.
+        #
+        # @return [Object, nil]
+        attr_reader :argument
+
         #
         # Initializes a new SQL statement.
         #
@@ -56,7 +66,8 @@ module Ronin
         #   Otherwise the block will be evaluated within the statement.
         #
         def initialize(keyword,argument=nil,&block)
-          super(keyword,argument)
+          @keyword  = keyword
+          @argument = argument
 
           if block
             case block.arity

data/lib/ronin/code/sql/unary_expr.rb

@@ -28,10 +28,32 @@ module Ronin
       #
       # @api semipublic
       #
-      class UnaryExpr < Struct.new(:operator,:operand)
+      class UnaryExpr
 
         include Emittable
 
+        # The unary operator symbol.
+        #
+        # @return [Symbol]
+        attr_reader :operator
+
+        # The unary operand.
+        #
+        # @return [Statement, BinaryExpr, Function, Field, Literal]
+        attr_reader :operand
+
+        #
+        # Initializes the unary expression.
+        #
+        # @param [Symbol] operator
+        #
+        # @param [Statement, BinaryExpr, Function, Field, Literal] operand
+        #
+        def initialize(operator,operand)
+          @operator = operator
+          @operand  = operand
+        end
+
       end
     end
   end

data/lib/ronin/code/sql/version.rb

@@ -21,8 +21,8 @@
 module Ronin
   module Code
     module SQL
-      # Ronin SQL version
-      VERSION = '2.0.0'
+      # ronin-code-sql version
+      VERSION = '2.1.0'
     end
   end
 end

data/lib/ronin/code/sql.rb

@@ -18,8 +18,8 @@
 # along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/code/sql/statement_list'
-require 'ronin/code/sql/injection'
+require 'ronin/code/sql/mixin'
+require 'ronin/code/sqli'
 
 module Ronin
   module Code
@@ -30,67 +30,8 @@ module Ronin
     # @see http://en.wikipedia.org/wiki/SQL_injection
     #
     module SQL
-
-      #
-      # Creates a new SQL statement list.
-      #
-      # @yield [(statements)]
-      #   If a block is given, it will be evaluated within the statement list.
-      #   If the block accepts an argument, the block will be called with the
-      #   new statement list.
-      #
-      # @yieldparam [StatementList] statements
-      #   The new statement list.
-      #
-      # @return [StatementList]
-      #   The new SQL statement list.
-      #
-      # @example
-      #   sql { select(1,2,3,4,id).from(users) }
-      #   # => #<Ronin::Code::SQL::StatementList: SELECT (1,2,3,4,id) FROM users>
-      #
-      # @api public
-      #
-      def sql(&block)
-        StatementList.new(&block)
-      end
-
-      #
-      # Creates a new SQL injection (SQLi)
-      #
-      # @param [Hash{Symbol => Object}] kwargs
-      #   Additional keyword arguments for {Injection#initialize}.
-      #
-      # @option kwargs [:integer, :decimal, :string, :column] :escape
-      #   The type of element to escape out of.
-      #
-      # @option kwargs [Boolean] :terminate
-      #   Specifies whether to terminate the SQLi with a comment.
-      #
-      # @option kwargs [String, Symbol, Integer] :place_holder
-      #   Place-holder data.
-      #
-      # @yield [(injection)]
-      #   If a block is given, it will be evaluated within the injection.
-      #   If the block accepts an argument, the block will be called with the
-      #   new injection.
-      #
-      # @yieldparam [Injection] injection
-      #   The new injection.
-      #
-      # @return [Injection]
-      #   The new SQL injection.
-      #
-      # @example
-      #   sqli { self.and { 1 == 1 }.select(1,2,3,4,id).from(users) }
-      #   # => #<Ronin::Code::SQL::Injection: 1 AND 1=1; SELECT (1,2,3,4,id) FROM users; SELECT (1,2,3,4,id) FROM users>
-      #
-      # @api public
-      #
-      def sqli(**kwargs,&block)
-        Injection.new(**kwargs,&block)
-      end
-
+      include Mixin
+      extend Mixin
     end
   end
 end

data/lib/ronin/code/sqli.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+#
+# ronin-code-sql - A Ruby DSL for crafting SQL Injections.
+#
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-code-sql is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-code-sql is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/code/sql/injection'
+
+module Ronin
+  module Code
+    # Alias for {SQL::Injection}.
+    #
+    # @since 2.1.0
+    SQLI = SQL::Injection
+  end
+end

data/ronin-code-sql.gemspec

@@ -1,4 +1,4 @@
-# encoding: utf-8
+# frozen_string_literal: true
 
 require 'yaml'
 
@@ -22,7 +22,7 @@ Gem::Specification.new do |gem|
   gem.homepage    = gemspec['homepage']
   gem.metadata    = gemspec['metadata'] if gemspec['metadata']
 
-  glob = lambda { |patterns| gem.files & Dir[*patterns] }
+  glob = ->(patterns) { gem.files & Dir[*patterns] }
 
   gem.files  = `git ls-files`.split($/)
   gem.files  = glob[gemspec['files']] if gemspec['files']
@@ -33,7 +33,6 @@ Gem::Specification.new do |gem|
   gem.executables = gemspec.fetch('executables') do
     glob['bin/*'].map { |path| File.basename(path) }
   end
-  gem.default_executable = gem.executables.first if Gem::VERSION < '1.7.'
 
   gem.extensions       = glob[gemspec['extensions'] || 'ext/**/extconf.rb']
   gem.extra_rdoc_files = glob[gemspec['extra_doc_files'] || '*.{txt,md}']
@@ -47,7 +46,7 @@ Gem::Specification.new do |gem|
   gem.required_rubygems_version = gemspec['required_rubygems_version']
   gem.post_install_message      = gemspec['post_install_message']
 
-  split = lambda { |string| string.split(/,\s*/) }
+  split = ->(string) { string.split(/,\s*/) }
 
   if gemspec['dependencies']
     gemspec['dependencies'].each do |name,versions|

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ronin-code-sql
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.0
 platform: ruby
 authors:
 - Postmodern
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-02-01 00:00:00.000000000 Z
+date: 2023-06-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ronin-support
@@ -53,6 +53,7 @@ files:
 - ".gitignore"
 - ".mailmap"
 - ".rspec"
+- ".rubocop.yml"
 - ".ruby-version"
 - ".yardopts"
 - COPYING.txt
@@ -75,12 +76,14 @@ files:
 - lib/ronin/code/sql/injection_expr.rb
 - lib/ronin/code/sql/literal.rb
 - lib/ronin/code/sql/literals.rb
+- lib/ronin/code/sql/mixin.rb
 - lib/ronin/code/sql/operators.rb
 - lib/ronin/code/sql/statement.rb
 - lib/ronin/code/sql/statement_list.rb
 - lib/ronin/code/sql/statements.rb
 - lib/ronin/code/sql/unary_expr.rb
 - lib/ronin/code/sql/version.rb
+- lib/ronin/code/sqli.rb
 - ronin-code-sql.gemspec
 homepage: https://github.com/ronin-rb/ronin-code-sql#readme
 licenses: