ronin-sql 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. data/COPYING.txt +339 -0
  2. data/History.txt +7 -0
  3. data/Manifest.txt +45 -0
  4. data/README.txt +66 -0
  5. data/Rakefile +14 -0
  6. data/lib/ronin/code/sql.rb +24 -0
  7. data/lib/ronin/code/sql/between.rb +62 -0
  8. data/lib/ronin/code/sql/binary_expr.rb +46 -0
  9. data/lib/ronin/code/sql/builder.rb +61 -0
  10. data/lib/ronin/code/sql/code.rb +35 -0
  11. data/lib/ronin/code/sql/common_dialect.rb +62 -0
  12. data/lib/ronin/code/sql/create_index.rb +76 -0
  13. data/lib/ronin/code/sql/create_table.rb +93 -0
  14. data/lib/ronin/code/sql/create_view.rb +65 -0
  15. data/lib/ronin/code/sql/delete.rb +64 -0
  16. data/lib/ronin/code/sql/dialect.rb +162 -0
  17. data/lib/ronin/code/sql/drop_table.rb +51 -0
  18. data/lib/ronin/code/sql/exceptions.rb +24 -0
  19. data/lib/ronin/code/sql/exceptions/unknown_dialect.rb +31 -0
  20. data/lib/ronin/code/sql/expr.rb +193 -0
  21. data/lib/ronin/code/sql/field.rb +86 -0
  22. data/lib/ronin/code/sql/function.rb +52 -0
  23. data/lib/ronin/code/sql/in.rb +49 -0
  24. data/lib/ronin/code/sql/injection.rb +39 -0
  25. data/lib/ronin/code/sql/injection_builder.rb +137 -0
  26. data/lib/ronin/code/sql/injection_style.rb +79 -0
  27. data/lib/ronin/code/sql/insert.rb +86 -0
  28. data/lib/ronin/code/sql/keyword.rb +48 -0
  29. data/lib/ronin/code/sql/like_expr.rb +87 -0
  30. data/lib/ronin/code/sql/program.rb +79 -0
  31. data/lib/ronin/code/sql/replace.rb +58 -0
  32. data/lib/ronin/code/sql/select.rb +187 -0
  33. data/lib/ronin/code/sql/statement.rb +112 -0
  34. data/lib/ronin/code/sql/style.rb +170 -0
  35. data/lib/ronin/code/sql/unary_expr.rb +45 -0
  36. data/lib/ronin/code/sql/update.rb +75 -0
  37. data/lib/ronin/sql.rb +28 -0
  38. data/lib/ronin/sql/error.rb +52 -0
  39. data/lib/ronin/sql/extensions.rb +24 -0
  40. data/lib/ronin/sql/extensions/uri.rb +24 -0
  41. data/lib/ronin/sql/extensions/uri/http.rb +69 -0
  42. data/lib/ronin/sql/sql.rb +83 -0
  43. data/lib/ronin/sql/version.rb +29 -0
  44. data/spec/spec_helper.rb +5 -0
  45. data/tasks/spec.rb +7 -0
  46. metadata +121 -0
@@ -0,0 +1,24 @@
1
+ #
2
+ #--
3
+ # Ronin SQL - A Ronin library providing support for SQL related security
4
+ # tasks.
5
+ #
6
+ # Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/sql/extensions/uri'
@@ -0,0 +1,24 @@
1
+ #
2
+ #--
3
+ # Ronin SQL - A Ronin library providing support for SQL related security
4
+ # tasks.
5
+ #
6
+ # Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/sql/extensions/uri/http'
@@ -0,0 +1,69 @@
1
+ #
2
+ #--
3
+ # Ronin SQL - A Ronin library providing support for SQL related security
4
+ # tasks.
5
+ #
6
+ # Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/sql/sql'
25
+ require 'ronin/network/http'
26
+
27
+ require 'uri'
28
+
29
+ module URI
30
+ class HTTP < Generic
31
+
32
+ #
33
+ # Tests the +query_params+ of the HTTP URL with the given _options_ for
34
+ # SQL errors.
35
+ #
36
+ # _options_ may contain the following keys:
37
+ # <tt>:injection</tt>:: The SQL injection to use. Defaults to
38
+ # <tt>"'"</tt>.
39
+ # <tt>:types</tt>:: A list of error types to test for. If not specified
40
+ # all the error patterns in ERROR_PATTERNS will be
41
+ # tested.
42
+ #
43
+ def sql_errors(options={})
44
+ injection = (options[:injection] || "'")
45
+
46
+ return test_query_params(injection,options) do |injection_url|
47
+ body = Net.http_get_body(options.merge(:url => injection_url))
48
+
49
+ Ronin::SQL.error(body,options)
50
+ end
51
+ end
52
+
53
+ #
54
+ # Tests each +query_params+ of the HTTP URI with the given _options_ for
55
+ # SQL errors.
56
+ #
57
+ # _options_ may contain the following keys:
58
+ # <tt>:injection</tt>:: The SQL injection to use. Defaults to
59
+ # <tt>"'"</tt>.
60
+ # <tt>:types</tt>:: A list of error types to test for. If not specified
61
+ # all the error patterns in ERROR_PATTERNS will be
62
+ # tested.
63
+ #
64
+ def has_sql_errors?(options={})
65
+ !(sql_errors(options).empty?)
66
+ end
67
+
68
+ end
69
+ end
@@ -0,0 +1,83 @@
1
+ #
2
+ #--
3
+ # Ronin SQL - A Ronin library providing support for SQL related security
4
+ # tasks.
5
+ #
6
+ # Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ require 'ronin/sql/error'
25
+ require 'ronin/extensions/uri'
26
+
27
+ module Ronin
28
+ module SQL
29
+
30
+ # SQL error patterns
31
+ ERROR_PATTERNS = {
32
+ # sourced from sqid (http://sqid.rubyforge.org/).
33
+ :ms_sql => /Microsoft OLE DB Provider for (SQL Server|ODBC Drivers.*\[Microsoft\]\[ODBC (SQL Server|Access) Driver\])/,
34
+ :ms_access => /\[Microsoft\]\[ODBC Microsoft Access Driver\] Syntax error/,
35
+ :ms_jetdb => /Microsoft JET Database Engine/,
36
+ :ms_adodb => /ADODB.Command.*error/,
37
+ :asp_net => /Server Error.*System\.Data\.OleDb\.OleDbException/,
38
+ :mysql => /(Warning.*(supplied argument is not a valid MySQL result|mysql_.*\(\))|You have an error in your SQL syntax.*(on|at) line)/,
39
+ :php => /(Warning.*failed to open stream|Fatal Error.*(on|at) line)/,
40
+ :oracle => /ORA-[0-9][0-9][0-9][0-9]/,
41
+ :jdbc => /Invalid SQL statement or JDBC/,
42
+ :java_servlet => /javax\.servlet\.ServletException/,
43
+ :apache_tomcat => /org\.apache\.jasper\.JasperException/,
44
+ :vb_runtime => /Microsoft VBScript runtime/,
45
+ :vb_asp => /Type mismatch/
46
+ }
47
+
48
+ #
49
+ # Tests whether the _body_ contains an SQL error message using the
50
+ # given _options_.
51
+ #
52
+ # _options_ may contain the following keys:
53
+ # <tt>:types</tt>:: A list of error types to test for. If not specified
54
+ # all the error patterns in ERROR_PATTERNS will be
55
+ # tested.
56
+ #
57
+ def SQL.error(body,options={})
58
+ patterns = (options[:types] || ERROR_PATTERNS.keys)
59
+
60
+ patterns.each do |type|
61
+ match = ERROR_PATTERNS[type].match(body)
62
+
63
+ return Error.new(type,match[0].strip_html) if match
64
+ end
65
+
66
+ return nil
67
+ end
68
+
69
+ #
70
+ # Returns +true+ if the specified _body_ using the given _options_
71
+ # contains an SQL error, returns +false+ otherwise.
72
+ #
73
+ # _options_ may contain the following keys:
74
+ # <tt>:types</tt>:: A list of error types to test for. If not specified
75
+ # all the error patterns in ERROR_PATTERNS will be
76
+ # tested.
77
+ #
78
+ def SQL.has_error?(body,options={})
79
+ !(SQL.error(body,options).nil?)
80
+ end
81
+
82
+ end
83
+ end
@@ -0,0 +1,29 @@
1
+ #
2
+ #--
3
+ # Ronin SQL - A Ronin library providing support for SQL related security
4
+ # tasks.
5
+ #
6
+ # Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
7
+ #
8
+ # This program is free software; you can redistribute it and/or modify
9
+ # it under the terms of the GNU General Public License as published by
10
+ # the Free Software Foundation; either version 2 of the License, or
11
+ # (at your option) any later version.
12
+ #
13
+ # This program is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with this program; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ #++
22
+ #
23
+
24
+ module Ronin
25
+ module SQL
26
+ # Ronin SQL version
27
+ VERSION = '0.1.0'
28
+ end
29
+ end
@@ -0,0 +1,5 @@
1
+ require 'rubygems'
2
+ gem 'rspec', '>=1.1.3'
3
+ require 'spec'
4
+
5
+ include Ronin
data/tasks/spec.rb ADDED
@@ -0,0 +1,7 @@
1
+ require 'spec/rake/spectask'
2
+
3
+ desc "Run all specifications"
4
+ Spec::Rake::SpecTask.new(:spec) do |t|
5
+ t.libs += ['lib', 'spec']
6
+ t.spec_opts = ['--colour', '--format', 'specdoc']
7
+ end
metadata ADDED
@@ -0,0 +1,121 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: ronin-sql
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Postmodern Modulus III
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+
12
+ date: 2008-08-20 00:00:00 -07:00
13
+ default_executable:
14
+ dependencies:
15
+ - !ruby/object:Gem::Dependency
16
+ name: ronin
17
+ type: :runtime
18
+ version_requirement:
19
+ version_requirements: !ruby/object:Gem::Requirement
20
+ requirements:
21
+ - - ">="
22
+ - !ruby/object:Gem::Version
23
+ version: 0.0.9
24
+ version:
25
+ - !ruby/object:Gem::Dependency
26
+ name: hoe
27
+ type: :development
28
+ version_requirement:
29
+ version_requirements: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: 1.7.0
34
+ version:
35
+ description: Ronin SQL is a Ruby library for Ronin that provids support for SQL related security tasks. Ronin is a Ruby platform designed for information security and data exploration tasks. Ronin allows for the rapid development and distribution of code over many of the common Source-Code-Management (SCM) systems.
36
+ email:
37
+ - postmodern.mod3@gmail.com
38
+ executables: []
39
+
40
+ extensions: []
41
+
42
+ extra_rdoc_files:
43
+ - History.txt
44
+ - COPYING.txt
45
+ - Manifest.txt
46
+ - README.txt
47
+ files:
48
+ - History.txt
49
+ - COPYING.txt
50
+ - Manifest.txt
51
+ - README.txt
52
+ - Rakefile
53
+ - lib/ronin/code/sql.rb
54
+ - lib/ronin/code/sql/between.rb
55
+ - lib/ronin/code/sql/binary_expr.rb
56
+ - lib/ronin/code/sql/builder.rb
57
+ - lib/ronin/code/sql/code.rb
58
+ - lib/ronin/code/sql/common_dialect.rb
59
+ - lib/ronin/code/sql/create_index.rb
60
+ - lib/ronin/code/sql/create_table.rb
61
+ - lib/ronin/code/sql/create_view.rb
62
+ - lib/ronin/code/sql/delete.rb
63
+ - lib/ronin/code/sql/dialect.rb
64
+ - lib/ronin/code/sql/drop_table.rb
65
+ - lib/ronin/code/sql/exceptions.rb
66
+ - lib/ronin/code/sql/exceptions/unknown_dialect.rb
67
+ - lib/ronin/code/sql/expr.rb
68
+ - lib/ronin/code/sql/field.rb
69
+ - lib/ronin/code/sql/function.rb
70
+ - lib/ronin/code/sql/in.rb
71
+ - lib/ronin/code/sql/injection.rb
72
+ - lib/ronin/code/sql/injection_builder.rb
73
+ - lib/ronin/code/sql/injection_style.rb
74
+ - lib/ronin/code/sql/insert.rb
75
+ - lib/ronin/code/sql/keyword.rb
76
+ - lib/ronin/code/sql/like_expr.rb
77
+ - lib/ronin/code/sql/program.rb
78
+ - lib/ronin/code/sql/replace.rb
79
+ - lib/ronin/code/sql/select.rb
80
+ - lib/ronin/code/sql/statement.rb
81
+ - lib/ronin/code/sql/style.rb
82
+ - lib/ronin/code/sql/unary_expr.rb
83
+ - lib/ronin/code/sql/update.rb
84
+ - lib/ronin/sql/extensions.rb
85
+ - lib/ronin/sql/extensions/uri.rb
86
+ - lib/ronin/sql/extensions/uri/http.rb
87
+ - lib/ronin/sql/error.rb
88
+ - lib/ronin/sql/sql.rb
89
+ - lib/ronin/sql/version.rb
90
+ - lib/ronin/sql.rb
91
+ - tasks/spec.rb
92
+ - spec/spec_helper.rb
93
+ has_rdoc: true
94
+ homepage: http://ronin.rubyforge.org/sql/
95
+ post_install_message:
96
+ rdoc_options:
97
+ - --main
98
+ - README.txt
99
+ require_paths:
100
+ - lib
101
+ required_ruby_version: !ruby/object:Gem::Requirement
102
+ requirements:
103
+ - - ">="
104
+ - !ruby/object:Gem::Version
105
+ version: "0"
106
+ version:
107
+ required_rubygems_version: !ruby/object:Gem::Requirement
108
+ requirements:
109
+ - - ">="
110
+ - !ruby/object:Gem::Version
111
+ version: "0"
112
+ version:
113
+ requirements: []
114
+
115
+ rubyforge_project: ronin
116
+ rubygems_version: 1.2.0
117
+ signing_key:
118
+ specification_version: 2
119
+ summary: Ronin SQL is a Ruby library for Ronin that provids support for SQL related security tasks
120
+ test_files: []
121
+