ronin-sql 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/COPYING.txt +339 -0
- data/History.txt +7 -0
- data/Manifest.txt +45 -0
- data/README.txt +66 -0
- data/Rakefile +14 -0
- data/lib/ronin/code/sql.rb +24 -0
- data/lib/ronin/code/sql/between.rb +62 -0
- data/lib/ronin/code/sql/binary_expr.rb +46 -0
- data/lib/ronin/code/sql/builder.rb +61 -0
- data/lib/ronin/code/sql/code.rb +35 -0
- data/lib/ronin/code/sql/common_dialect.rb +62 -0
- data/lib/ronin/code/sql/create_index.rb +76 -0
- data/lib/ronin/code/sql/create_table.rb +93 -0
- data/lib/ronin/code/sql/create_view.rb +65 -0
- data/lib/ronin/code/sql/delete.rb +64 -0
- data/lib/ronin/code/sql/dialect.rb +162 -0
- data/lib/ronin/code/sql/drop_table.rb +51 -0
- data/lib/ronin/code/sql/exceptions.rb +24 -0
- data/lib/ronin/code/sql/exceptions/unknown_dialect.rb +31 -0
- data/lib/ronin/code/sql/expr.rb +193 -0
- data/lib/ronin/code/sql/field.rb +86 -0
- data/lib/ronin/code/sql/function.rb +52 -0
- data/lib/ronin/code/sql/in.rb +49 -0
- data/lib/ronin/code/sql/injection.rb +39 -0
- data/lib/ronin/code/sql/injection_builder.rb +137 -0
- data/lib/ronin/code/sql/injection_style.rb +79 -0
- data/lib/ronin/code/sql/insert.rb +86 -0
- data/lib/ronin/code/sql/keyword.rb +48 -0
- data/lib/ronin/code/sql/like_expr.rb +87 -0
- data/lib/ronin/code/sql/program.rb +79 -0
- data/lib/ronin/code/sql/replace.rb +58 -0
- data/lib/ronin/code/sql/select.rb +187 -0
- data/lib/ronin/code/sql/statement.rb +112 -0
- data/lib/ronin/code/sql/style.rb +170 -0
- data/lib/ronin/code/sql/unary_expr.rb +45 -0
- data/lib/ronin/code/sql/update.rb +75 -0
- data/lib/ronin/sql.rb +28 -0
- data/lib/ronin/sql/error.rb +52 -0
- data/lib/ronin/sql/extensions.rb +24 -0
- data/lib/ronin/sql/extensions/uri.rb +24 -0
- data/lib/ronin/sql/extensions/uri/http.rb +69 -0
- data/lib/ronin/sql/sql.rb +83 -0
- data/lib/ronin/sql/version.rb +29 -0
- data/spec/spec_helper.rb +5 -0
- data/tasks/spec.rb +7 -0
- metadata +121 -0
@@ -0,0 +1,86 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
|
+
# tasks.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/code/sql/statement'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Code
|
28
|
+
module SQL
|
29
|
+
class Insert < Statement
|
30
|
+
|
31
|
+
def initialize(style,table=nil,opts={:fields => nil, :values => nil, :from => nil},&block)
|
32
|
+
@table = table
|
33
|
+
@fields = opts[:fields]
|
34
|
+
@values = opts[:values]
|
35
|
+
@from = opts[:from]
|
36
|
+
|
37
|
+
super(style,&block)
|
38
|
+
end
|
39
|
+
|
40
|
+
def into(table)
|
41
|
+
@table = table
|
42
|
+
return self
|
43
|
+
end
|
44
|
+
|
45
|
+
def fields(*fields)
|
46
|
+
@fields = fields
|
47
|
+
return self
|
48
|
+
end
|
49
|
+
|
50
|
+
def values(*values)
|
51
|
+
if (@values.length==1 && @values[0].kind_of?(Hash))
|
52
|
+
@values = values[0]
|
53
|
+
else
|
54
|
+
@values = values
|
55
|
+
end
|
56
|
+
return self
|
57
|
+
end
|
58
|
+
|
59
|
+
def from(expr)
|
60
|
+
@from = expr
|
61
|
+
return self
|
62
|
+
end
|
63
|
+
|
64
|
+
def compile
|
65
|
+
if @values.kind_of?(Hash)
|
66
|
+
return compile_expr(keyword_insert,@table,compile_row(@values.keys),keyword_values,compile_datalist(@values.values))
|
67
|
+
elsif @from
|
68
|
+
return compile_expr(keyword_insert,@table,compile_row(@fields),@from)
|
69
|
+
else
|
70
|
+
if @fields
|
71
|
+
return compile_expr(keyword_insert,@table,compile_row(@fields),keyword_values,compile_datalist(@values))
|
72
|
+
else
|
73
|
+
return compile_expr(keyword_insert,@table,keyword_values,compile_datalist(@values))
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
protected
|
79
|
+
|
80
|
+
keyword :insert, 'INSERT INTO'
|
81
|
+
keyword :values
|
82
|
+
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
@@ -0,0 +1,48 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
|
+
# tasks.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
module Ronin
|
25
|
+
module Code
|
26
|
+
module SQL
|
27
|
+
class Keyword
|
28
|
+
|
29
|
+
# The style to use
|
30
|
+
attr_reader :style
|
31
|
+
|
32
|
+
def initialize(style,name)
|
33
|
+
@style = style
|
34
|
+
@name = name.to_s
|
35
|
+
end
|
36
|
+
|
37
|
+
def compile
|
38
|
+
@style.compile_keyword(@name)
|
39
|
+
end
|
40
|
+
|
41
|
+
def to_s
|
42
|
+
compile
|
43
|
+
end
|
44
|
+
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1,87 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
|
+
# tasks.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/code/sql/expr'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Code
|
28
|
+
module SQL
|
29
|
+
class LikeExpr < Expr
|
30
|
+
|
31
|
+
def initialize(style,op,left,right,escape=nil)
|
32
|
+
super(style)
|
33
|
+
|
34
|
+
@op = op
|
35
|
+
@left = left
|
36
|
+
@right = right
|
37
|
+
@escape = escape
|
38
|
+
@negated = false
|
39
|
+
end
|
40
|
+
|
41
|
+
def escape(str)
|
42
|
+
@escape = str
|
43
|
+
end
|
44
|
+
|
45
|
+
def not!
|
46
|
+
@negated = true
|
47
|
+
end
|
48
|
+
|
49
|
+
def compile
|
50
|
+
compile_expr(@left,negated?,@op,compile_pattern(@right),escaped?)
|
51
|
+
end
|
52
|
+
|
53
|
+
protected
|
54
|
+
|
55
|
+
keyword :escape
|
56
|
+
keyword :not
|
57
|
+
|
58
|
+
def escape_pattern(pattern)
|
59
|
+
pattern = pattern.to_s
|
60
|
+
|
61
|
+
if @escape
|
62
|
+
return quote_data(pattern)
|
63
|
+
else
|
64
|
+
return quote_data("%#{pattern}%")
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
def compile_pattern(pattern)
|
69
|
+
if pattern.kind_of?(Regexp)
|
70
|
+
return escape_pattern(pattern.source)
|
71
|
+
else
|
72
|
+
return escape_pattern(pattern)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
def escaped?
|
77
|
+
compile_expr(keyword_escape,"'#{@escape.to_s[0..0]}'") if @escape
|
78
|
+
end
|
79
|
+
|
80
|
+
def negated?
|
81
|
+
keyword_not if @negated
|
82
|
+
end
|
83
|
+
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
@@ -0,0 +1,79 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
|
+
# tasks.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/code/sql/style'
|
25
|
+
require 'ronin/code/sql/builder'
|
26
|
+
|
27
|
+
module Ronin
|
28
|
+
module Code
|
29
|
+
module SQL
|
30
|
+
class Program
|
31
|
+
|
32
|
+
def initialize(options={},&block)
|
33
|
+
@builder = Builder.new(Style.new(options),&block)
|
34
|
+
end
|
35
|
+
|
36
|
+
def style
|
37
|
+
@builder.style
|
38
|
+
end
|
39
|
+
|
40
|
+
def dialect
|
41
|
+
@builder.style.dialect.name
|
42
|
+
end
|
43
|
+
|
44
|
+
def compile
|
45
|
+
@builder.compile
|
46
|
+
end
|
47
|
+
|
48
|
+
def to_s
|
49
|
+
compile
|
50
|
+
end
|
51
|
+
|
52
|
+
def self.compile(options={},&block)
|
53
|
+
self.new(options,&block).compile
|
54
|
+
end
|
55
|
+
|
56
|
+
def uri_encode
|
57
|
+
compile.uri_encode
|
58
|
+
end
|
59
|
+
|
60
|
+
def uri_escape
|
61
|
+
compile.uri_escape
|
62
|
+
end
|
63
|
+
|
64
|
+
def html_encode
|
65
|
+
compile.html_encode
|
66
|
+
end
|
67
|
+
|
68
|
+
def format_html(options={})
|
69
|
+
compile.format_html(options)
|
70
|
+
end
|
71
|
+
|
72
|
+
def base64_encode
|
73
|
+
compile.base64_encode
|
74
|
+
end
|
75
|
+
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
|
+
# tasks.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/code/sql/statement'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Code
|
28
|
+
module SQL
|
29
|
+
class Replace < Statement
|
30
|
+
|
31
|
+
def initialize(style,table=nil,values=nil,from=nil,&block)
|
32
|
+
@table = table
|
33
|
+
@values = values
|
34
|
+
@from = from
|
35
|
+
|
36
|
+
super(style,&block)
|
37
|
+
end
|
38
|
+
|
39
|
+
def values(data)
|
40
|
+
@values = data
|
41
|
+
end
|
42
|
+
|
43
|
+
def from(expr)
|
44
|
+
@from = expr
|
45
|
+
end
|
46
|
+
|
47
|
+
def compile
|
48
|
+
if @values.kind_of?(Hash)
|
49
|
+
return compile_expr('REPLACE INTO',@table,compile_list(@values.keys),'VALUES',compile_datalist(@values.values))
|
50
|
+
elsif @from.kind_of?(Select)
|
51
|
+
return compile_expr('REPLACE INTO',@table,compile_list(@values),@from)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
@@ -0,0 +1,187 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
|
+
# tasks.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/code/sql/statement'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Code
|
28
|
+
module SQL
|
29
|
+
class Select < Statement
|
30
|
+
|
31
|
+
option_list :rows, [:all, :distinct]
|
32
|
+
|
33
|
+
def initialize(style,tables=nil,options={:fields => nil, :where => nil},&block)
|
34
|
+
@fields = options[:fields] || all
|
35
|
+
@tables = tables
|
36
|
+
@where = options[:where]
|
37
|
+
|
38
|
+
super(style,&block)
|
39
|
+
end
|
40
|
+
|
41
|
+
def fields(*exprs)
|
42
|
+
@fields = exprs
|
43
|
+
return self
|
44
|
+
end
|
45
|
+
|
46
|
+
def tables(*expr)
|
47
|
+
@tables = expr
|
48
|
+
return self
|
49
|
+
end
|
50
|
+
|
51
|
+
def where(expr)
|
52
|
+
@where = expr
|
53
|
+
return self
|
54
|
+
end
|
55
|
+
|
56
|
+
def group_by(*fields)
|
57
|
+
@group_by = fields
|
58
|
+
return self
|
59
|
+
end
|
60
|
+
|
61
|
+
def having(expr)
|
62
|
+
@having = expr
|
63
|
+
return self
|
64
|
+
end
|
65
|
+
|
66
|
+
def order_by(*exprs)
|
67
|
+
@order_by = exprs
|
68
|
+
return self
|
69
|
+
end
|
70
|
+
|
71
|
+
def limit(value)
|
72
|
+
@limit = value
|
73
|
+
end
|
74
|
+
|
75
|
+
def offset(value)
|
76
|
+
@limit = value
|
77
|
+
end
|
78
|
+
|
79
|
+
def union(table,opts={:fields => [], :where => nil},&block)
|
80
|
+
@union = Select.new(@style,table,opts,&block)
|
81
|
+
return self
|
82
|
+
end
|
83
|
+
|
84
|
+
def union_all(table,opts={:fields => [], :where => nil},&block)
|
85
|
+
@union_all = Select.new(@style,table,opts,&block)
|
86
|
+
return self
|
87
|
+
end
|
88
|
+
|
89
|
+
def join(table,on_expr)
|
90
|
+
@join_type = :outer
|
91
|
+
@join_table = table
|
92
|
+
@join_on = on_expr
|
93
|
+
end
|
94
|
+
|
95
|
+
def inner_join(table,on_expr)
|
96
|
+
@join_type = :inner
|
97
|
+
@join_table = table
|
98
|
+
@join_on = on_expr
|
99
|
+
end
|
100
|
+
|
101
|
+
def left_join(table,on_expr)
|
102
|
+
@join_type = :left
|
103
|
+
@join_table = table
|
104
|
+
@join_on = on_expr
|
105
|
+
end
|
106
|
+
|
107
|
+
def right_join(table,on_expr)
|
108
|
+
@join_type = :right
|
109
|
+
@join_table = table
|
110
|
+
@join_on = on_expr
|
111
|
+
end
|
112
|
+
|
113
|
+
def compile
|
114
|
+
compile_expr(keyword_select,
|
115
|
+
rows?,
|
116
|
+
fields?,
|
117
|
+
keyword_from,
|
118
|
+
compile_list(@tables),
|
119
|
+
where?,
|
120
|
+
order_by?,
|
121
|
+
having_by?,
|
122
|
+
order_by?,
|
123
|
+
limit?,
|
124
|
+
unioned?)
|
125
|
+
end
|
126
|
+
|
127
|
+
protected
|
128
|
+
|
129
|
+
keyword :select
|
130
|
+
keyword :from
|
131
|
+
keyword :where
|
132
|
+
keyword :union
|
133
|
+
keyword :union_all
|
134
|
+
keyword :group_by, 'GROUP BY'
|
135
|
+
keyword :having
|
136
|
+
keyword :order_by, 'ORDER BY'
|
137
|
+
keyword :limit
|
138
|
+
keyword :offset
|
139
|
+
|
140
|
+
def fields?
|
141
|
+
if @fields.kind_of?(Array)
|
142
|
+
unless @fields.empty?
|
143
|
+
return compile_row(@fields)
|
144
|
+
else
|
145
|
+
return all.to_s
|
146
|
+
end
|
147
|
+
else
|
148
|
+
return @fields.to_s
|
149
|
+
end
|
150
|
+
end
|
151
|
+
|
152
|
+
def where?
|
153
|
+
compile_expr(keyword_where,@where) if @where
|
154
|
+
end
|
155
|
+
|
156
|
+
def group_by?
|
157
|
+
compile_expr(keyword_group_by,compile_row(@group_by)) if @group_by
|
158
|
+
end
|
159
|
+
|
160
|
+
def having_by?
|
161
|
+
compile_expr(keyword_having,@having) if @having
|
162
|
+
end
|
163
|
+
|
164
|
+
def order_by?
|
165
|
+
compile_expr(keyword_order_by,@order_by) if @order_by
|
166
|
+
end
|
167
|
+
|
168
|
+
def limit?
|
169
|
+
compile_expr(keyword_limit,@limit,offset?) if @limit
|
170
|
+
end
|
171
|
+
|
172
|
+
def offset?
|
173
|
+
compile_expr(keyword_offset,@offset) if @offset
|
174
|
+
end
|
175
|
+
|
176
|
+
def unioned?
|
177
|
+
if @union_all
|
178
|
+
return compile_expr(keyword_union_all,@union_all)
|
179
|
+
elsif @union
|
180
|
+
return compile_expr(keyword_union,@union)
|
181
|
+
end
|
182
|
+
end
|
183
|
+
|
184
|
+
end
|
185
|
+
end
|
186
|
+
end
|
187
|
+
end
|