ronin-sql 0.1.1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/History.txt +43 -0
- data/Manifest.txt +76 -23
- data/README.txt +31 -6
- data/Rakefile +2 -2
- data/lib/ronin/code/sql/{keyword.rb → add_column_clause.rb} +9 -13
- data/lib/ronin/code/sql/as.rb +47 -0
- data/lib/ronin/code/sql/asc.rb +38 -0
- data/lib/ronin/code/sql/between.rb +18 -12
- data/lib/ronin/code/sql/binary_expr.rb +12 -5
- data/lib/ronin/code/sql/clause.rb +37 -0
- data/lib/ronin/code/sql/code.rb +1 -1
- data/lib/ronin/code/sql/common_dialect.rb +16 -10
- data/lib/ronin/code/sql/create.rb +68 -0
- data/lib/ronin/code/sql/create_index.rb +9 -39
- data/lib/ronin/code/sql/create_table.rb +9 -56
- data/lib/ronin/code/sql/create_view.rb +7 -29
- data/lib/ronin/code/sql/default_values_clause.rb +38 -0
- data/lib/ronin/code/sql/delete.rb +10 -25
- data/lib/ronin/code/sql/desc.rb +38 -0
- data/lib/ronin/code/sql/dialect.rb +172 -52
- data/lib/ronin/code/sql/{builder.rb → drop.rb} +16 -20
- data/lib/ronin/code/sql/drop_index.rb +43 -0
- data/lib/ronin/code/sql/drop_table.rb +8 -16
- data/lib/ronin/code/sql/drop_view.rb +43 -0
- data/lib/ronin/code/sql/emittable.rb +102 -0
- data/lib/ronin/code/sql/exceptions/unknown_clause.rb +31 -0
- data/lib/ronin/code/sql/exceptions/unknown_dialect.rb +2 -2
- data/lib/ronin/code/sql/exceptions/unknown_statement.rb +31 -0
- data/lib/ronin/code/sql/exceptions.rb +3 -1
- data/lib/ronin/code/sql/expr.rb +7 -96
- data/lib/ronin/code/sql/field.rb +40 -23
- data/lib/ronin/code/sql/fields_clause.rb +48 -0
- data/lib/ronin/code/sql/from_clause.rb +44 -0
- data/lib/ronin/code/sql/function.rb +15 -12
- data/lib/ronin/code/sql/group_by_clause.rb +48 -0
- data/lib/ronin/code/sql/having_clause.rb +48 -0
- data/lib/ronin/code/sql/in.rb +9 -9
- data/lib/ronin/code/sql/injected_statement.rb +102 -0
- data/lib/ronin/code/sql/injection.rb +171 -5
- data/lib/ronin/code/sql/insert.rb +15 -45
- data/lib/ronin/code/sql/intersect_clause.rb +44 -0
- data/lib/ronin/code/sql/join_clause.rb +125 -0
- data/lib/ronin/code/sql/{like_expr.rb → like.rb} +19 -31
- data/lib/ronin/code/sql/limit_clause.rb +44 -0
- data/lib/ronin/code/sql/modifier.rb +50 -0
- data/lib/ronin/code/sql/offset_clause.rb +44 -0
- data/lib/ronin/code/sql/on_clause.rb +57 -0
- data/lib/ronin/code/sql/order_by_clause.rb +44 -0
- data/lib/ronin/code/sql/program.rb +170 -23
- data/lib/ronin/code/sql/rename_to_clause.rb +44 -0
- data/lib/ronin/code/sql/replace.rb +15 -17
- data/lib/ronin/code/sql/select.rb +46 -141
- data/lib/ronin/code/sql/set_clause.rb +44 -0
- data/lib/ronin/code/sql/statement.rb +117 -47
- data/lib/ronin/code/sql/token.rb +64 -0
- data/lib/ronin/code/sql/unary_expr.rb +9 -5
- data/lib/ronin/code/sql/union_all_clause.rb +44 -0
- data/lib/ronin/code/sql/union_clause.rb +44 -0
- data/lib/ronin/code/sql/update.rb +10 -31
- data/lib/ronin/code/sql/values_clause.rb +48 -0
- data/lib/ronin/code/sql/where_clause.rb +44 -0
- data/lib/ronin/code/sql.rb +1 -1
- data/lib/ronin/sql/error/error.rb +64 -0
- data/lib/ronin/sql/error/message.rb +64 -0
- data/lib/ronin/sql/error/pattern.rb +106 -0
- data/lib/ronin/sql/error/patterns.rb +100 -0
- data/lib/ronin/sql/error.rb +5 -30
- data/lib/ronin/sql/extensions/uri/http.rb +76 -21
- data/lib/ronin/sql/extensions/uri.rb +1 -1
- data/lib/ronin/sql/extensions.rb +2 -1
- data/lib/ronin/sql/injection.rb +213 -0
- data/lib/ronin/sql/version.rb +2 -2
- data/lib/ronin/sql.rb +7 -2
- data/spec/code/sql/create_examples.rb +19 -0
- data/spec/code/sql/create_index_spec.rb +25 -0
- data/spec/code/sql/create_table_spec.rb +27 -0
- data/spec/code/sql/create_view_spec.rb +16 -0
- data/spec/code/sql/delete_spec.rb +14 -0
- data/spec/code/sql/drop_examples.rb +10 -0
- data/spec/code/sql/drop_index_spec.rb +16 -0
- data/spec/code/sql/drop_table_spec.rb +16 -0
- data/spec/code/sql/drop_view_spec.rb +16 -0
- data/spec/code/sql/has_default_values_clause_examples.rb +10 -0
- data/spec/code/sql/has_fields_clause_examples.rb +15 -0
- data/spec/code/sql/has_from_clause_examples.rb +13 -0
- data/spec/code/sql/has_values_clause_examples.rb +15 -0
- data/spec/code/sql/has_where_clause_examples.rb +15 -0
- data/spec/code/sql/insert_spec.rb +21 -0
- data/spec/code/sql/replace_spec.rb +21 -0
- data/spec/code/sql/select_spec.rb +105 -0
- data/spec/code/sql/update_spec.rb +26 -0
- data/spec/helpers/code.rb +14 -0
- data/spec/sql/error_spec.rb +24 -0
- data/spec/sql/extensions/string_spec.rb +28 -0
- data/spec/sql_spec.rb +9 -0
- data/tasks/spec.rb +2 -0
- metadata +82 -29
- data/lib/ronin/code/sql/injection_builder.rb +0 -137
- data/lib/ronin/code/sql/injection_style.rb +0 -79
- data/lib/ronin/code/sql/style.rb +0 -170
- data/lib/ronin/sql/sql.rb +0 -83
data/History.txt
CHANGED
@@ -1,3 +1,46 @@
|
|
1
|
+
=== 0.2.0 / 2009-01-08
|
2
|
+
|
3
|
+
* Require Ronin >= 0.1.3.
|
4
|
+
* Refactored Ronin::Code::SQL.
|
5
|
+
* Implemented a token emitter system.
|
6
|
+
* Support common SQL expression modifiers.
|
7
|
+
* Support common SQL clauses.
|
8
|
+
* Allow for injecting arbitrary SQL clauses.
|
9
|
+
* Added more SQL Injection test generators.
|
10
|
+
* all_rows:
|
11
|
+
|
12
|
+
OR 1 = 1
|
13
|
+
|
14
|
+
* exact_rows:
|
15
|
+
|
16
|
+
AND 1 = 1
|
17
|
+
|
18
|
+
* no_rows:
|
19
|
+
|
20
|
+
AND 1 = 0
|
21
|
+
|
22
|
+
* has_column?(column):
|
23
|
+
|
24
|
+
OR column IS NOT NULL
|
25
|
+
|
26
|
+
* has_table?(table):
|
27
|
+
|
28
|
+
AND (SELECT FROM table count(*) == 1)
|
29
|
+
|
30
|
+
* uses_column?(column):
|
31
|
+
|
32
|
+
GROUP BY column HAVING 1 = 1
|
33
|
+
|
34
|
+
* uses_table?(table):
|
35
|
+
|
36
|
+
OR table IS NOT NULL
|
37
|
+
|
38
|
+
* Removed references to Ronin::Vulnerable.
|
39
|
+
* Added more specs:
|
40
|
+
* Specs for most of Ronin::Code::SQL.
|
41
|
+
* Specs on Ronin::SQL::Error and the SQL encoding/decoding extensions for
|
42
|
+
the String class.
|
43
|
+
|
1
44
|
=== 0.1.1 / 2008-09-28
|
2
45
|
|
3
46
|
* Trivial bug fix to URI::HTTP#sql_errors.
|
data/Manifest.txt
CHANGED
@@ -4,42 +4,95 @@ Manifest.txt
|
|
4
4
|
README.txt
|
5
5
|
Rakefile
|
6
6
|
lib/ronin/code/sql.rb
|
7
|
-
lib/ronin/code/sql/between.rb
|
8
|
-
lib/ronin/code/sql/binary_expr.rb
|
9
|
-
lib/ronin/code/sql/builder.rb
|
10
|
-
lib/ronin/code/sql/code.rb
|
11
|
-
lib/ronin/code/sql/common_dialect.rb
|
12
|
-
lib/ronin/code/sql/create_index.rb
|
13
|
-
lib/ronin/code/sql/create_table.rb
|
14
|
-
lib/ronin/code/sql/create_view.rb
|
15
|
-
lib/ronin/code/sql/delete.rb
|
16
|
-
lib/ronin/code/sql/dialect.rb
|
17
|
-
lib/ronin/code/sql/drop_table.rb
|
18
7
|
lib/ronin/code/sql/exceptions.rb
|
19
8
|
lib/ronin/code/sql/exceptions/unknown_dialect.rb
|
9
|
+
lib/ronin/code/sql/exceptions/unknown_statement.rb
|
10
|
+
lib/ronin/code/sql/exceptions/unknown_clause.rb
|
11
|
+
lib/ronin/code/sql/token.rb
|
12
|
+
lib/ronin/code/sql/emittable.rb
|
13
|
+
lib/ronin/code/sql/modifier.rb
|
14
|
+
lib/ronin/code/sql/asc.rb
|
15
|
+
lib/ronin/code/sql/desc.rb
|
16
|
+
lib/ronin/code/sql/as.rb
|
20
17
|
lib/ronin/code/sql/expr.rb
|
18
|
+
lib/ronin/code/sql/unary_expr.rb
|
19
|
+
lib/ronin/code/sql/binary_expr.rb
|
20
|
+
lib/ronin/code/sql/like.rb
|
21
|
+
lib/ronin/code/sql/between.rb
|
22
|
+
lib/ronin/code/sql/in.rb
|
21
23
|
lib/ronin/code/sql/field.rb
|
24
|
+
lib/ronin/code/sql/clause.rb
|
25
|
+
lib/ronin/code/sql/on_clause.rb
|
26
|
+
lib/ronin/code/sql/where_clause.rb
|
27
|
+
lib/ronin/code/sql/group_by_clause.rb
|
28
|
+
lib/ronin/code/sql/fields_clause.rb
|
29
|
+
lib/ronin/code/sql/set_clause.rb
|
30
|
+
lib/ronin/code/sql/values_clause.rb
|
31
|
+
lib/ronin/code/sql/from_clause.rb
|
32
|
+
lib/ronin/code/sql/default_values_clause.rb
|
33
|
+
lib/ronin/code/sql/join_clause.rb
|
34
|
+
lib/ronin/code/sql/order_by_clause.rb
|
35
|
+
lib/ronin/code/sql/limit_clause.rb
|
36
|
+
lib/ronin/code/sql/offset_clause.rb
|
37
|
+
lib/ronin/code/sql/union_clause.rb
|
38
|
+
lib/ronin/code/sql/having_clause.rb
|
39
|
+
lib/ronin/code/sql/union_all_clause.rb
|
40
|
+
lib/ronin/code/sql/intersect_clause.rb
|
41
|
+
lib/ronin/code/sql/rename_to_clause.rb
|
42
|
+
lib/ronin/code/sql/add_column_clause.rb
|
22
43
|
lib/ronin/code/sql/function.rb
|
23
|
-
lib/ronin/code/sql/
|
24
|
-
lib/ronin/code/sql/
|
25
|
-
lib/ronin/code/sql/
|
26
|
-
lib/ronin/code/sql/
|
44
|
+
lib/ronin/code/sql/statement.rb
|
45
|
+
lib/ronin/code/sql/create.rb
|
46
|
+
lib/ronin/code/sql/create_index.rb
|
47
|
+
lib/ronin/code/sql/create_table.rb
|
48
|
+
lib/ronin/code/sql/create_view.rb
|
27
49
|
lib/ronin/code/sql/insert.rb
|
28
|
-
lib/ronin/code/sql/keyword.rb
|
29
|
-
lib/ronin/code/sql/like_expr.rb
|
30
|
-
lib/ronin/code/sql/program.rb
|
31
|
-
lib/ronin/code/sql/replace.rb
|
32
50
|
lib/ronin/code/sql/select.rb
|
33
|
-
lib/ronin/code/sql/
|
34
|
-
lib/ronin/code/sql/style.rb
|
35
|
-
lib/ronin/code/sql/unary_expr.rb
|
51
|
+
lib/ronin/code/sql/replace.rb
|
36
52
|
lib/ronin/code/sql/update.rb
|
53
|
+
lib/ronin/code/sql/delete.rb
|
54
|
+
lib/ronin/code/sql/drop.rb
|
55
|
+
lib/ronin/code/sql/drop_index.rb
|
56
|
+
lib/ronin/code/sql/drop_table.rb
|
57
|
+
lib/ronin/code/sql/drop_view.rb
|
58
|
+
lib/ronin/code/sql/dialect.rb
|
59
|
+
lib/ronin/code/sql/common_dialect.rb
|
60
|
+
lib/ronin/code/sql/program.rb
|
61
|
+
lib/ronin/code/sql/injected_statement.rb
|
62
|
+
lib/ronin/code/sql/injection.rb
|
63
|
+
lib/ronin/code/sql/code.rb
|
37
64
|
lib/ronin/sql/extensions.rb
|
38
65
|
lib/ronin/sql/extensions/uri.rb
|
39
66
|
lib/ronin/sql/extensions/uri/http.rb
|
67
|
+
lib/ronin/sql/error/message.rb
|
68
|
+
lib/ronin/sql/error/pattern.rb
|
69
|
+
lib/ronin/sql/error/error.rb
|
70
|
+
lib/ronin/sql/error/patterns.rb
|
40
71
|
lib/ronin/sql/error.rb
|
41
|
-
lib/ronin/sql/
|
72
|
+
lib/ronin/sql/injection.rb
|
42
73
|
lib/ronin/sql/version.rb
|
43
74
|
lib/ronin/sql.rb
|
44
75
|
tasks/spec.rb
|
45
76
|
spec/spec_helper.rb
|
77
|
+
spec/sql_spec.rb
|
78
|
+
spec/helpers/code.rb
|
79
|
+
spec/code/sql/has_default_values_clause_examples.rb
|
80
|
+
spec/code/sql/has_fields_clause_examples.rb
|
81
|
+
spec/code/sql/has_from_clause_examples.rb
|
82
|
+
spec/code/sql/has_values_clause_examples.rb
|
83
|
+
spec/code/sql/has_where_clause_examples.rb
|
84
|
+
spec/code/sql/create_examples.rb
|
85
|
+
spec/code/sql/create_table_spec.rb
|
86
|
+
spec/code/sql/create_index_spec.rb
|
87
|
+
spec/code/sql/create_view_spec.rb
|
88
|
+
spec/code/sql/drop_examples.rb
|
89
|
+
spec/code/sql/drop_table_spec.rb
|
90
|
+
spec/code/sql/drop_index_spec.rb
|
91
|
+
spec/code/sql/drop_view_spec.rb
|
92
|
+
spec/code/sql/insert_spec.rb
|
93
|
+
spec/code/sql/select_spec.rb
|
94
|
+
spec/code/sql/update_spec.rb
|
95
|
+
spec/code/sql/replace_spec.rb
|
96
|
+
spec/code/sql/delete_spec.rb
|
97
|
+
spec/sql/error_spec.rb
|
98
|
+
spec/sql/extensions/string_spec.rb
|
data/README.txt
CHANGED
@@ -1,7 +1,9 @@
|
|
1
1
|
= Ronin SQL
|
2
2
|
|
3
3
|
* http://ronin.rubyforge.org/sql/
|
4
|
-
*
|
4
|
+
* http://github.com/postmodern/ronin-sql
|
5
|
+
* irc.freenode.net ##ronin
|
6
|
+
* Postmodern (postmodern.mod3 at gmail.com)
|
5
7
|
|
6
8
|
== DESCRIPTION:
|
7
9
|
|
@@ -22,9 +24,9 @@ commercial software.
|
|
22
24
|
|
23
25
|
=== Modular
|
24
26
|
|
25
|
-
Ronin was not designed as one monolithic
|
26
|
-
of libraries which can be individually installed. This allows
|
27
|
-
and choose what functionality they want in Ronin.
|
27
|
+
Ronin was not designed as one monolithic framework but instead as a
|
28
|
+
collection of libraries which can be individually installed. This allows
|
29
|
+
users to pick and choose what functionality they want in Ronin.
|
28
30
|
|
29
31
|
=== Decentralized
|
30
32
|
|
@@ -37,19 +39,42 @@ of Ronin.
|
|
37
39
|
|
38
40
|
== FEATURES:
|
39
41
|
|
40
|
-
* Provides an DSL for crafting normal SQL and
|
42
|
+
* Provides an Domain Specific Language (DSL) for crafting normal SQL and
|
43
|
+
SQL injections.
|
41
44
|
* Provides tests for finding SQL injections.
|
42
45
|
|
46
|
+
== REQUIREMENTS:
|
47
|
+
|
48
|
+
* Ronin >= 0.1.2
|
49
|
+
|
43
50
|
== INSTALL:
|
44
51
|
|
45
52
|
$ sudo gem install ronin-sql
|
46
53
|
|
54
|
+
== EXAMPLES:
|
55
|
+
|
56
|
+
* Generate valid SQL using the Ronin SQL DSL.
|
57
|
+
|
58
|
+
puts Code.sql {
|
59
|
+
select(:from => :users, :where => (name == 'bob'))
|
60
|
+
}
|
61
|
+
SELECT * FROM users WHERE name = 'bob'
|
62
|
+
=> nil
|
63
|
+
|
64
|
+
* Generate valid SQL injections using the Ronin SQL injection DSL.
|
65
|
+
|
66
|
+
puts Code.sql_injection {
|
67
|
+
escape_string { has_table?(:users) }
|
68
|
+
}
|
69
|
+
' AND (SELECT count(*) FROM users) = 1 --
|
70
|
+
=> nil
|
71
|
+
|
47
72
|
== LICENSE:
|
48
73
|
|
49
74
|
Ronin SQL - A Ruby library for Ronin that provids support for SQL related
|
50
75
|
security tasks.
|
51
76
|
|
52
|
-
Copyright (c) 2006-
|
77
|
+
Copyright (c) 2006-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
53
78
|
|
54
79
|
This program is free software; you can redistribute it and/or modify
|
55
80
|
it under the terms of the GNU General Public License as published by
|
data/Rakefile
CHANGED
@@ -7,9 +7,9 @@ require './lib/ronin/sql/version.rb'
|
|
7
7
|
|
8
8
|
Hoe.new('ronin-sql', Ronin::SQL::VERSION) do |p|
|
9
9
|
p.rubyforge_name = 'ronin'
|
10
|
-
p.developer('Postmodern
|
10
|
+
p.developer('Postmodern','postmodern.mod3@gmail.com')
|
11
11
|
p.remote_rdoc_dir = 'docs/ronin-sql'
|
12
|
-
p.extra_deps = [['ronin', '>=0.
|
12
|
+
p.extra_deps = [['ronin', '>=0.1.3']]
|
13
13
|
end
|
14
14
|
|
15
15
|
# vim: syntax=Ruby
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
4
|
# tasks.
|
5
5
|
#
|
6
|
-
# Copyright (c) 2007-
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
7
|
#
|
8
8
|
# This program is free software; you can redistribute it and/or modify
|
9
9
|
# it under the terms of the GNU General Public License as published by
|
@@ -21,25 +21,21 @@
|
|
21
21
|
#++
|
22
22
|
#
|
23
23
|
|
24
|
+
require 'ronin/code/sql/clause'
|
25
|
+
|
24
26
|
module Ronin
|
25
27
|
module Code
|
26
28
|
module SQL
|
27
|
-
class
|
28
|
-
|
29
|
-
# The style to use
|
30
|
-
attr_reader :style
|
29
|
+
class AddColumnClause < Clause
|
31
30
|
|
32
|
-
|
33
|
-
@style = style
|
34
|
-
@name = name.to_s
|
35
|
-
end
|
31
|
+
attr_accessor :table
|
36
32
|
|
37
|
-
def
|
38
|
-
@
|
33
|
+
def initialize(table)
|
34
|
+
@table = table
|
39
35
|
end
|
40
36
|
|
41
|
-
def
|
42
|
-
|
37
|
+
def emit
|
38
|
+
emit_token('ADD COLUMN') + emit_value(@table)
|
43
39
|
end
|
44
40
|
|
45
41
|
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
|
+
# tasks.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/code/sql/modifier'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Code
|
28
|
+
module SQL
|
29
|
+
class As < Modifier
|
30
|
+
|
31
|
+
# Alias name
|
32
|
+
attr_reader :alias_name
|
33
|
+
|
34
|
+
def initialize(field,alias_name)
|
35
|
+
super(field,'AS')
|
36
|
+
|
37
|
+
@alias_name = alias_name
|
38
|
+
end
|
39
|
+
|
40
|
+
def emit
|
41
|
+
super + emit_value(@alias_name)
|
42
|
+
end
|
43
|
+
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
|
+
# tasks.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/code/sql/modifier'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Code
|
28
|
+
module SQL
|
29
|
+
class Asc < Modifier
|
30
|
+
|
31
|
+
def initialize(expr)
|
32
|
+
super(expr,'ASC')
|
33
|
+
end
|
34
|
+
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
4
|
# tasks.
|
5
5
|
#
|
6
|
-
# Copyright (c) 2007-
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
7
|
#
|
8
8
|
# This program is free software; you can redistribute it and/or modify
|
9
9
|
# it under the terms of the GNU General Public License as published by
|
@@ -28,9 +28,16 @@ module Ronin
|
|
28
28
|
module SQL
|
29
29
|
class Between < Expr
|
30
30
|
|
31
|
-
|
32
|
-
|
31
|
+
# Expression
|
32
|
+
attr_reader :expr
|
33
|
+
|
34
|
+
# Lower bound
|
35
|
+
attr_reader :lower
|
36
|
+
|
37
|
+
# Higher bound
|
38
|
+
attr_reader :higher
|
33
39
|
|
40
|
+
def initialize(expr,lower,higher)
|
34
41
|
@expr = expr
|
35
42
|
@lower = lower
|
36
43
|
@higher = higher
|
@@ -42,18 +49,17 @@ module Ronin
|
|
42
49
|
return self
|
43
50
|
end
|
44
51
|
|
45
|
-
def
|
46
|
-
|
47
|
-
end
|
52
|
+
def emit
|
53
|
+
tokens = emit_value(@expr)
|
48
54
|
|
49
|
-
|
55
|
+
tokens += emit_token('NOT') if @negated
|
56
|
+
tokens += emit_token('BETWEEN')
|
50
57
|
|
51
|
-
|
52
|
-
|
53
|
-
|
58
|
+
tokens += emit_value(@lower)
|
59
|
+
tokens += emit_token('AND')
|
60
|
+
tokens += emit_value(@higher)
|
54
61
|
|
55
|
-
|
56
|
-
keyword_not if @negated
|
62
|
+
return tokens
|
57
63
|
end
|
58
64
|
|
59
65
|
end
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
4
|
# tasks.
|
5
5
|
#
|
6
|
-
# Copyright (c) 2007-
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
7
|
#
|
8
8
|
# This program is free software; you can redistribute it and/or modify
|
9
9
|
# it under the terms of the GNU General Public License as published by
|
@@ -28,16 +28,23 @@ module Ronin
|
|
28
28
|
module SQL
|
29
29
|
class BinaryExpr < Expr
|
30
30
|
|
31
|
-
|
32
|
-
|
31
|
+
# Operator
|
32
|
+
attr_reader :op
|
33
33
|
|
34
|
+
# Left-hand side
|
35
|
+
attr_reader :left
|
36
|
+
|
37
|
+
# Right-hand side
|
38
|
+
attr_reader :right
|
39
|
+
|
40
|
+
def initialize(op,left,right)
|
34
41
|
@op = op
|
35
42
|
@left = left
|
36
43
|
@right = right
|
37
44
|
end
|
38
45
|
|
39
|
-
def
|
40
|
-
|
46
|
+
def emit
|
47
|
+
emit_value(@left) + emit_token(@op) + emit_value(@right)
|
41
48
|
end
|
42
49
|
|
43
50
|
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
|
+
# tasks.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/code/sql/emittable'
|
25
|
+
require 'ronin/code/sql/token'
|
26
|
+
|
27
|
+
module Ronin
|
28
|
+
module Code
|
29
|
+
module SQL
|
30
|
+
class Clause
|
31
|
+
|
32
|
+
include Emittable
|
33
|
+
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
data/lib/ronin/code/sql/code.rb
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
# Ronin SQL - A Ronin library providing support for SQL related security
|
3
3
|
# tasks.
|
4
4
|
#
|
5
|
-
# Copyright (c) 2007-
|
5
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# This program is free software; you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU General Public License as published by
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
4
|
# tasks.
|
5
5
|
#
|
6
|
-
# Copyright (c) 2007-
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
7
|
#
|
8
8
|
# This program is free software; you can redistribute it and/or modify
|
9
9
|
# it under the terms of the GNU General Public License as published by
|
@@ -25,11 +25,14 @@ require 'ronin/code/sql/dialect'
|
|
25
25
|
require 'ronin/code/sql/create_table'
|
26
26
|
require 'ronin/code/sql/create_index'
|
27
27
|
require 'ronin/code/sql/create_view'
|
28
|
+
require 'ronin/code/sql/alter_table'
|
28
29
|
require 'ronin/code/sql/insert'
|
29
30
|
require 'ronin/code/sql/select'
|
30
31
|
require 'ronin/code/sql/update'
|
31
32
|
require 'ronin/code/sql/delete'
|
32
33
|
require 'ronin/code/sql/drop_table'
|
34
|
+
require 'ronin/code/sql/drop_index'
|
35
|
+
require 'ronin/code/sql/drop_view'
|
33
36
|
|
34
37
|
module Ronin
|
35
38
|
module Code
|
@@ -45,16 +48,19 @@ module Ronin
|
|
45
48
|
data_type :text
|
46
49
|
data_type :record
|
47
50
|
|
48
|
-
aggregators :count, :min, :max, :sum, :
|
51
|
+
aggregators :avg, :count, :group_concat, :min, :max, :sum, :total
|
49
52
|
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
53
|
+
statement :create_type, CreateTable
|
54
|
+
statement :create_index, CreateIndex
|
55
|
+
statement :create_view, CreateView
|
56
|
+
statement :alter_table, AlterTable
|
57
|
+
statement :insert, Insert
|
58
|
+
statement :select, Select
|
59
|
+
statement :update, Update
|
60
|
+
statement :delete, Delete
|
61
|
+
statement :drop_table, DropTable
|
62
|
+
statement :drop_index, DropIndex
|
63
|
+
statement :drop_view, DropView
|
58
64
|
|
59
65
|
end
|
60
66
|
end
|
@@ -0,0 +1,68 @@
|
|
1
|
+
#
|
2
|
+
#--
|
3
|
+
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
|
+
# tasks.
|
5
|
+
#
|
6
|
+
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
+
#
|
8
|
+
# This program is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# This program is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
#++
|
22
|
+
#
|
23
|
+
|
24
|
+
require 'ronin/code/sql/statement'
|
25
|
+
require 'ronin/code/sql/fields_clause'
|
26
|
+
|
27
|
+
module Ronin
|
28
|
+
module Code
|
29
|
+
module SQL
|
30
|
+
class Create < Statement
|
31
|
+
|
32
|
+
clause :fields, FieldsClause
|
33
|
+
|
34
|
+
def initialize(dialect,type,name=nil,options={},&block)
|
35
|
+
@type = type
|
36
|
+
@name = name
|
37
|
+
@temp = (options[:temp] || options[:temporary])
|
38
|
+
@if_not_exists = options[:if_not_exists]
|
39
|
+
|
40
|
+
super(dialect,options,&block)
|
41
|
+
end
|
42
|
+
|
43
|
+
def temp
|
44
|
+
@temp = true
|
45
|
+
return self
|
46
|
+
end
|
47
|
+
|
48
|
+
def if_not_exists
|
49
|
+
@if_not_exists = true
|
50
|
+
return self
|
51
|
+
end
|
52
|
+
|
53
|
+
def emit
|
54
|
+
tokens = emit_token('CREATE')
|
55
|
+
tokens += emit_token('TEMP') if @temp
|
56
|
+
|
57
|
+
tokens += emit_token(@type)
|
58
|
+
|
59
|
+
tokens += emit_token('IF NOT EXISTS') if @if_not_exists
|
60
|
+
tokens += emit_token(@name)
|
61
|
+
|
62
|
+
return tokens + super
|
63
|
+
end
|
64
|
+
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|