ronin-sql 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. data/COPYING.txt +339 -0
  2. data/History.txt +7 -0
  3. data/Manifest.txt +45 -0
  4. data/README.txt +66 -0
  5. data/Rakefile +14 -0
  6. data/lib/ronin/code/sql.rb +24 -0
  7. data/lib/ronin/code/sql/between.rb +62 -0
  8. data/lib/ronin/code/sql/binary_expr.rb +46 -0
  9. data/lib/ronin/code/sql/builder.rb +61 -0
  10. data/lib/ronin/code/sql/code.rb +35 -0
  11. data/lib/ronin/code/sql/common_dialect.rb +62 -0
  12. data/lib/ronin/code/sql/create_index.rb +76 -0
  13. data/lib/ronin/code/sql/create_table.rb +93 -0
  14. data/lib/ronin/code/sql/create_view.rb +65 -0
  15. data/lib/ronin/code/sql/delete.rb +64 -0
  16. data/lib/ronin/code/sql/dialect.rb +162 -0
  17. data/lib/ronin/code/sql/drop_table.rb +51 -0
  18. data/lib/ronin/code/sql/exceptions.rb +24 -0
  19. data/lib/ronin/code/sql/exceptions/unknown_dialect.rb +31 -0
  20. data/lib/ronin/code/sql/expr.rb +193 -0
  21. data/lib/ronin/code/sql/field.rb +86 -0
  22. data/lib/ronin/code/sql/function.rb +52 -0
  23. data/lib/ronin/code/sql/in.rb +49 -0
  24. data/lib/ronin/code/sql/injection.rb +39 -0
  25. data/lib/ronin/code/sql/injection_builder.rb +137 -0
  26. data/lib/ronin/code/sql/injection_style.rb +79 -0
  27. data/lib/ronin/code/sql/insert.rb +86 -0
  28. data/lib/ronin/code/sql/keyword.rb +48 -0
  29. data/lib/ronin/code/sql/like_expr.rb +87 -0
  30. data/lib/ronin/code/sql/program.rb +79 -0
  31. data/lib/ronin/code/sql/replace.rb +58 -0
  32. data/lib/ronin/code/sql/select.rb +187 -0
  33. data/lib/ronin/code/sql/statement.rb +112 -0
  34. data/lib/ronin/code/sql/style.rb +170 -0
  35. data/lib/ronin/code/sql/unary_expr.rb +45 -0
  36. data/lib/ronin/code/sql/update.rb +75 -0
  37. data/lib/ronin/sql.rb +28 -0
  38. data/lib/ronin/sql/error.rb +52 -0
  39. data/lib/ronin/sql/extensions.rb +24 -0
  40. data/lib/ronin/sql/extensions/uri.rb +24 -0
  41. data/lib/ronin/sql/extensions/uri/http.rb +69 -0
  42. data/lib/ronin/sql/sql.rb +83 -0
  43. data/lib/ronin/sql/version.rb +29 -0
  44. data/spec/spec_helper.rb +5 -0
  45. data/tasks/spec.rb +7 -0
  46. metadata +121 -0
@@ -0,0 +1,86 @@
1
+ #
2
+ #--
3
+ # Ronin SQL - A Ronin library providing support for SQL related security
4
+ # tasks.
5
+ #
6
+ # Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/code/sql/statement'
25
+
26
+ module Ronin
27
+ module Code
28
+ module SQL
29
+ class Insert < Statement
30
+
31
+ def initialize(style,table=nil,opts={:fields => nil, :values => nil, :from => nil},&block)
32
+ @table = table
33
+ @fields = opts[:fields]
34
+ @values = opts[:values]
35
+ @from = opts[:from]
36
+
37
+ super(style,&block)
38
+ end
39
+
40
+ def into(table)
41
+ @table = table
42
+ return self
43
+ end
44
+
45
+ def fields(*fields)
46
+ @fields = fields
47
+ return self
48
+ end
49
+
50
+ def values(*values)
51
+ if (@values.length==1 && @values[0].kind_of?(Hash))
52
+ @values = values[0]
53
+ else
54
+ @values = values
55
+ end
56
+ return self
57
+ end
58
+
59
+ def from(expr)
60
+ @from = expr
61
+ return self
62
+ end
63
+
64
+ def compile
65
+ if @values.kind_of?(Hash)
66
+ return compile_expr(keyword_insert,@table,compile_row(@values.keys),keyword_values,compile_datalist(@values.values))
67
+ elsif @from
68
+ return compile_expr(keyword_insert,@table,compile_row(@fields),@from)
69
+ else
70
+ if @fields
71
+ return compile_expr(keyword_insert,@table,compile_row(@fields),keyword_values,compile_datalist(@values))
72
+ else
73
+ return compile_expr(keyword_insert,@table,keyword_values,compile_datalist(@values))
74
+ end
75
+ end
76
+ end
77
+
78
+ protected
79
+
80
+ keyword :insert, 'INSERT INTO'
81
+ keyword :values
82
+
83
+ end
84
+ end
85
+ end
86
+ end
@@ -0,0 +1,48 @@
1
+ #
2
+ #--
3
+ # Ronin SQL - A Ronin library providing support for SQL related security
4
+ # tasks.
5
+ #
6
+ # Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ module Ronin
25
+ module Code
26
+ module SQL
27
+ class Keyword
28
+
29
+ # The style to use
30
+ attr_reader :style
31
+
32
+ def initialize(style,name)
33
+ @style = style
34
+ @name = name.to_s
35
+ end
36
+
37
+ def compile
38
+ @style.compile_keyword(@name)
39
+ end
40
+
41
+ def to_s
42
+ compile
43
+ end
44
+
45
+ end
46
+ end
47
+ end
48
+ end
@@ -0,0 +1,87 @@
1
+ #
2
+ #--
3
+ # Ronin SQL - A Ronin library providing support for SQL related security
4
+ # tasks.
5
+ #
6
+ # Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/code/sql/expr'
25
+
26
+ module Ronin
27
+ module Code
28
+ module SQL
29
+ class LikeExpr < Expr
30
+
31
+ def initialize(style,op,left,right,escape=nil)
32
+ super(style)
33
+
34
+ @op = op
35
+ @left = left
36
+ @right = right
37
+ @escape = escape
38
+ @negated = false
39
+ end
40
+
41
+ def escape(str)
42
+ @escape = str
43
+ end
44
+
45
+ def not!
46
+ @negated = true
47
+ end
48
+
49
+ def compile
50
+ compile_expr(@left,negated?,@op,compile_pattern(@right),escaped?)
51
+ end
52
+
53
+ protected
54
+
55
+ keyword :escape
56
+ keyword :not
57
+
58
+ def escape_pattern(pattern)
59
+ pattern = pattern.to_s
60
+
61
+ if @escape
62
+ return quote_data(pattern)
63
+ else
64
+ return quote_data("%#{pattern}%")
65
+ end
66
+ end
67
+
68
+ def compile_pattern(pattern)
69
+ if pattern.kind_of?(Regexp)
70
+ return escape_pattern(pattern.source)
71
+ else
72
+ return escape_pattern(pattern)
73
+ end
74
+ end
75
+
76
+ def escaped?
77
+ compile_expr(keyword_escape,"'#{@escape.to_s[0..0]}'") if @escape
78
+ end
79
+
80
+ def negated?
81
+ keyword_not if @negated
82
+ end
83
+
84
+ end
85
+ end
86
+ end
87
+ end
@@ -0,0 +1,79 @@
1
+ #
2
+ #--
3
+ # Ronin SQL - A Ronin library providing support for SQL related security
4
+ # tasks.
5
+ #
6
+ # Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/code/sql/style'
25
+ require 'ronin/code/sql/builder'
26
+
27
+ module Ronin
28
+ module Code
29
+ module SQL
30
+ class Program
31
+
32
+ def initialize(options={},&block)
33
+ @builder = Builder.new(Style.new(options),&block)
34
+ end
35
+
36
+ def style
37
+ @builder.style
38
+ end
39
+
40
+ def dialect
41
+ @builder.style.dialect.name
42
+ end
43
+
44
+ def compile
45
+ @builder.compile
46
+ end
47
+
48
+ def to_s
49
+ compile
50
+ end
51
+
52
+ def self.compile(options={},&block)
53
+ self.new(options,&block).compile
54
+ end
55
+
56
+ def uri_encode
57
+ compile.uri_encode
58
+ end
59
+
60
+ def uri_escape
61
+ compile.uri_escape
62
+ end
63
+
64
+ def html_encode
65
+ compile.html_encode
66
+ end
67
+
68
+ def format_html(options={})
69
+ compile.format_html(options)
70
+ end
71
+
72
+ def base64_encode
73
+ compile.base64_encode
74
+ end
75
+
76
+ end
77
+ end
78
+ end
79
+ end
@@ -0,0 +1,58 @@
1
+ #
2
+ #--
3
+ # Ronin SQL - A Ronin library providing support for SQL related security
4
+ # tasks.
5
+ #
6
+ # Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/code/sql/statement'
25
+
26
+ module Ronin
27
+ module Code
28
+ module SQL
29
+ class Replace < Statement
30
+
31
+ def initialize(style,table=nil,values=nil,from=nil,&block)
32
+ @table = table
33
+ @values = values
34
+ @from = from
35
+
36
+ super(style,&block)
37
+ end
38
+
39
+ def values(data)
40
+ @values = data
41
+ end
42
+
43
+ def from(expr)
44
+ @from = expr
45
+ end
46
+
47
+ def compile
48
+ if @values.kind_of?(Hash)
49
+ return compile_expr('REPLACE INTO',@table,compile_list(@values.keys),'VALUES',compile_datalist(@values.values))
50
+ elsif @from.kind_of?(Select)
51
+ return compile_expr('REPLACE INTO',@table,compile_list(@values),@from)
52
+ end
53
+ end
54
+
55
+ end
56
+ end
57
+ end
58
+ end
@@ -0,0 +1,187 @@
1
+ #
2
+ #--
3
+ # Ronin SQL - A Ronin library providing support for SQL related security
4
+ # tasks.
5
+ #
6
+ # Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/code/sql/statement'
25
+
26
+ module Ronin
27
+ module Code
28
+ module SQL
29
+ class Select < Statement
30
+
31
+ option_list :rows, [:all, :distinct]
32
+
33
+ def initialize(style,tables=nil,options={:fields => nil, :where => nil},&block)
34
+ @fields = options[:fields] || all
35
+ @tables = tables
36
+ @where = options[:where]
37
+
38
+ super(style,&block)
39
+ end
40
+
41
+ def fields(*exprs)
42
+ @fields = exprs
43
+ return self
44
+ end
45
+
46
+ def tables(*expr)
47
+ @tables = expr
48
+ return self
49
+ end
50
+
51
+ def where(expr)
52
+ @where = expr
53
+ return self
54
+ end
55
+
56
+ def group_by(*fields)
57
+ @group_by = fields
58
+ return self
59
+ end
60
+
61
+ def having(expr)
62
+ @having = expr
63
+ return self
64
+ end
65
+
66
+ def order_by(*exprs)
67
+ @order_by = exprs
68
+ return self
69
+ end
70
+
71
+ def limit(value)
72
+ @limit = value
73
+ end
74
+
75
+ def offset(value)
76
+ @limit = value
77
+ end
78
+
79
+ def union(table,opts={:fields => [], :where => nil},&block)
80
+ @union = Select.new(@style,table,opts,&block)
81
+ return self
82
+ end
83
+
84
+ def union_all(table,opts={:fields => [], :where => nil},&block)
85
+ @union_all = Select.new(@style,table,opts,&block)
86
+ return self
87
+ end
88
+
89
+ def join(table,on_expr)
90
+ @join_type = :outer
91
+ @join_table = table
92
+ @join_on = on_expr
93
+ end
94
+
95
+ def inner_join(table,on_expr)
96
+ @join_type = :inner
97
+ @join_table = table
98
+ @join_on = on_expr
99
+ end
100
+
101
+ def left_join(table,on_expr)
102
+ @join_type = :left
103
+ @join_table = table
104
+ @join_on = on_expr
105
+ end
106
+
107
+ def right_join(table,on_expr)
108
+ @join_type = :right
109
+ @join_table = table
110
+ @join_on = on_expr
111
+ end
112
+
113
+ def compile
114
+ compile_expr(keyword_select,
115
+ rows?,
116
+ fields?,
117
+ keyword_from,
118
+ compile_list(@tables),
119
+ where?,
120
+ order_by?,
121
+ having_by?,
122
+ order_by?,
123
+ limit?,
124
+ unioned?)
125
+ end
126
+
127
+ protected
128
+
129
+ keyword :select
130
+ keyword :from
131
+ keyword :where
132
+ keyword :union
133
+ keyword :union_all
134
+ keyword :group_by, 'GROUP BY'
135
+ keyword :having
136
+ keyword :order_by, 'ORDER BY'
137
+ keyword :limit
138
+ keyword :offset
139
+
140
+ def fields?
141
+ if @fields.kind_of?(Array)
142
+ unless @fields.empty?
143
+ return compile_row(@fields)
144
+ else
145
+ return all.to_s
146
+ end
147
+ else
148
+ return @fields.to_s
149
+ end
150
+ end
151
+
152
+ def where?
153
+ compile_expr(keyword_where,@where) if @where
154
+ end
155
+
156
+ def group_by?
157
+ compile_expr(keyword_group_by,compile_row(@group_by)) if @group_by
158
+ end
159
+
160
+ def having_by?
161
+ compile_expr(keyword_having,@having) if @having
162
+ end
163
+
164
+ def order_by?
165
+ compile_expr(keyword_order_by,@order_by) if @order_by
166
+ end
167
+
168
+ def limit?
169
+ compile_expr(keyword_limit,@limit,offset?) if @limit
170
+ end
171
+
172
+ def offset?
173
+ compile_expr(keyword_offset,@offset) if @offset
174
+ end
175
+
176
+ def unioned?
177
+ if @union_all
178
+ return compile_expr(keyword_union_all,@union_all)
179
+ elsif @union
180
+ return compile_expr(keyword_union,@union)
181
+ end
182
+ end
183
+
184
+ end
185
+ end
186
+ end
187
+ end