ronin-sql 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (101) hide show
  1. data/History.txt +43 -0
  2. data/Manifest.txt +76 -23
  3. data/README.txt +31 -6
  4. data/Rakefile +2 -2
  5. data/lib/ronin/code/sql/{keyword.rb → add_column_clause.rb} +9 -13
  6. data/lib/ronin/code/sql/as.rb +47 -0
  7. data/lib/ronin/code/sql/asc.rb +38 -0
  8. data/lib/ronin/code/sql/between.rb +18 -12
  9. data/lib/ronin/code/sql/binary_expr.rb +12 -5
  10. data/lib/ronin/code/sql/clause.rb +37 -0
  11. data/lib/ronin/code/sql/code.rb +1 -1
  12. data/lib/ronin/code/sql/common_dialect.rb +16 -10
  13. data/lib/ronin/code/sql/create.rb +68 -0
  14. data/lib/ronin/code/sql/create_index.rb +9 -39
  15. data/lib/ronin/code/sql/create_table.rb +9 -56
  16. data/lib/ronin/code/sql/create_view.rb +7 -29
  17. data/lib/ronin/code/sql/default_values_clause.rb +38 -0
  18. data/lib/ronin/code/sql/delete.rb +10 -25
  19. data/lib/ronin/code/sql/desc.rb +38 -0
  20. data/lib/ronin/code/sql/dialect.rb +172 -52
  21. data/lib/ronin/code/sql/{builder.rb → drop.rb} +16 -20
  22. data/lib/ronin/code/sql/drop_index.rb +43 -0
  23. data/lib/ronin/code/sql/drop_table.rb +8 -16
  24. data/lib/ronin/code/sql/drop_view.rb +43 -0
  25. data/lib/ronin/code/sql/emittable.rb +102 -0
  26. data/lib/ronin/code/sql/exceptions/unknown_clause.rb +31 -0
  27. data/lib/ronin/code/sql/exceptions/unknown_dialect.rb +2 -2
  28. data/lib/ronin/code/sql/exceptions/unknown_statement.rb +31 -0
  29. data/lib/ronin/code/sql/exceptions.rb +3 -1
  30. data/lib/ronin/code/sql/expr.rb +7 -96
  31. data/lib/ronin/code/sql/field.rb +40 -23
  32. data/lib/ronin/code/sql/fields_clause.rb +48 -0
  33. data/lib/ronin/code/sql/from_clause.rb +44 -0
  34. data/lib/ronin/code/sql/function.rb +15 -12
  35. data/lib/ronin/code/sql/group_by_clause.rb +48 -0
  36. data/lib/ronin/code/sql/having_clause.rb +48 -0
  37. data/lib/ronin/code/sql/in.rb +9 -9
  38. data/lib/ronin/code/sql/injected_statement.rb +102 -0
  39. data/lib/ronin/code/sql/injection.rb +171 -5
  40. data/lib/ronin/code/sql/insert.rb +15 -45
  41. data/lib/ronin/code/sql/intersect_clause.rb +44 -0
  42. data/lib/ronin/code/sql/join_clause.rb +125 -0
  43. data/lib/ronin/code/sql/{like_expr.rb → like.rb} +19 -31
  44. data/lib/ronin/code/sql/limit_clause.rb +44 -0
  45. data/lib/ronin/code/sql/modifier.rb +50 -0
  46. data/lib/ronin/code/sql/offset_clause.rb +44 -0
  47. data/lib/ronin/code/sql/on_clause.rb +57 -0
  48. data/lib/ronin/code/sql/order_by_clause.rb +44 -0
  49. data/lib/ronin/code/sql/program.rb +170 -23
  50. data/lib/ronin/code/sql/rename_to_clause.rb +44 -0
  51. data/lib/ronin/code/sql/replace.rb +15 -17
  52. data/lib/ronin/code/sql/select.rb +46 -141
  53. data/lib/ronin/code/sql/set_clause.rb +44 -0
  54. data/lib/ronin/code/sql/statement.rb +117 -47
  55. data/lib/ronin/code/sql/token.rb +64 -0
  56. data/lib/ronin/code/sql/unary_expr.rb +9 -5
  57. data/lib/ronin/code/sql/union_all_clause.rb +44 -0
  58. data/lib/ronin/code/sql/union_clause.rb +44 -0
  59. data/lib/ronin/code/sql/update.rb +10 -31
  60. data/lib/ronin/code/sql/values_clause.rb +48 -0
  61. data/lib/ronin/code/sql/where_clause.rb +44 -0
  62. data/lib/ronin/code/sql.rb +1 -1
  63. data/lib/ronin/sql/error/error.rb +64 -0
  64. data/lib/ronin/sql/error/message.rb +64 -0
  65. data/lib/ronin/sql/error/pattern.rb +106 -0
  66. data/lib/ronin/sql/error/patterns.rb +100 -0
  67. data/lib/ronin/sql/error.rb +5 -30
  68. data/lib/ronin/sql/extensions/uri/http.rb +76 -21
  69. data/lib/ronin/sql/extensions/uri.rb +1 -1
  70. data/lib/ronin/sql/extensions.rb +2 -1
  71. data/lib/ronin/sql/injection.rb +213 -0
  72. data/lib/ronin/sql/version.rb +2 -2
  73. data/lib/ronin/sql.rb +7 -2
  74. data/spec/code/sql/create_examples.rb +19 -0
  75. data/spec/code/sql/create_index_spec.rb +25 -0
  76. data/spec/code/sql/create_table_spec.rb +27 -0
  77. data/spec/code/sql/create_view_spec.rb +16 -0
  78. data/spec/code/sql/delete_spec.rb +14 -0
  79. data/spec/code/sql/drop_examples.rb +10 -0
  80. data/spec/code/sql/drop_index_spec.rb +16 -0
  81. data/spec/code/sql/drop_table_spec.rb +16 -0
  82. data/spec/code/sql/drop_view_spec.rb +16 -0
  83. data/spec/code/sql/has_default_values_clause_examples.rb +10 -0
  84. data/spec/code/sql/has_fields_clause_examples.rb +15 -0
  85. data/spec/code/sql/has_from_clause_examples.rb +13 -0
  86. data/spec/code/sql/has_values_clause_examples.rb +15 -0
  87. data/spec/code/sql/has_where_clause_examples.rb +15 -0
  88. data/spec/code/sql/insert_spec.rb +21 -0
  89. data/spec/code/sql/replace_spec.rb +21 -0
  90. data/spec/code/sql/select_spec.rb +105 -0
  91. data/spec/code/sql/update_spec.rb +26 -0
  92. data/spec/helpers/code.rb +14 -0
  93. data/spec/sql/error_spec.rb +24 -0
  94. data/spec/sql/extensions/string_spec.rb +28 -0
  95. data/spec/sql_spec.rb +9 -0
  96. data/tasks/spec.rb +2 -0
  97. metadata +82 -29
  98. data/lib/ronin/code/sql/injection_builder.rb +0 -137
  99. data/lib/ronin/code/sql/injection_style.rb +0 -79
  100. data/lib/ronin/code/sql/style.rb +0 -170
  101. data/lib/ronin/sql/sql.rb +0 -83
metadata CHANGED
@@ -1,15 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ronin-sql
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
- - Postmodern Modulus III
7
+ - Postmodern
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2008-09-28 00:00:00 -07:00
12
+ date: 2009-01-08 00:00:00 -08:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -20,7 +20,7 @@ dependencies:
20
20
  requirements:
21
21
  - - ">="
22
22
  - !ruby/object:Gem::Version
23
- version: 0.0.9
23
+ version: 0.1.3
24
24
  version:
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: hoe
@@ -30,7 +30,7 @@ dependencies:
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: 1.7.0
33
+ version: 1.8.2
34
34
  version:
35
35
  description: Ronin SQL is a Ruby library for Ronin that provids support for SQL related security tasks. Ronin is a Ruby platform designed for information security and data exploration tasks. Ronin allows for the rapid development and distribution of code over many of the common Source-Code-Management (SCM) systems.
36
36
  email:
@@ -51,45 +51,98 @@ files:
51
51
  - README.txt
52
52
  - Rakefile
53
53
  - lib/ronin/code/sql.rb
54
- - lib/ronin/code/sql/between.rb
55
- - lib/ronin/code/sql/binary_expr.rb
56
- - lib/ronin/code/sql/builder.rb
57
- - lib/ronin/code/sql/code.rb
58
- - lib/ronin/code/sql/common_dialect.rb
59
- - lib/ronin/code/sql/create_index.rb
60
- - lib/ronin/code/sql/create_table.rb
61
- - lib/ronin/code/sql/create_view.rb
62
- - lib/ronin/code/sql/delete.rb
63
- - lib/ronin/code/sql/dialect.rb
64
- - lib/ronin/code/sql/drop_table.rb
65
54
  - lib/ronin/code/sql/exceptions.rb
66
55
  - lib/ronin/code/sql/exceptions/unknown_dialect.rb
56
+ - lib/ronin/code/sql/exceptions/unknown_statement.rb
57
+ - lib/ronin/code/sql/exceptions/unknown_clause.rb
58
+ - lib/ronin/code/sql/token.rb
59
+ - lib/ronin/code/sql/emittable.rb
60
+ - lib/ronin/code/sql/modifier.rb
61
+ - lib/ronin/code/sql/asc.rb
62
+ - lib/ronin/code/sql/desc.rb
63
+ - lib/ronin/code/sql/as.rb
67
64
  - lib/ronin/code/sql/expr.rb
65
+ - lib/ronin/code/sql/unary_expr.rb
66
+ - lib/ronin/code/sql/binary_expr.rb
67
+ - lib/ronin/code/sql/like.rb
68
+ - lib/ronin/code/sql/between.rb
69
+ - lib/ronin/code/sql/in.rb
68
70
  - lib/ronin/code/sql/field.rb
71
+ - lib/ronin/code/sql/clause.rb
72
+ - lib/ronin/code/sql/on_clause.rb
73
+ - lib/ronin/code/sql/where_clause.rb
74
+ - lib/ronin/code/sql/group_by_clause.rb
75
+ - lib/ronin/code/sql/fields_clause.rb
76
+ - lib/ronin/code/sql/set_clause.rb
77
+ - lib/ronin/code/sql/values_clause.rb
78
+ - lib/ronin/code/sql/from_clause.rb
79
+ - lib/ronin/code/sql/default_values_clause.rb
80
+ - lib/ronin/code/sql/join_clause.rb
81
+ - lib/ronin/code/sql/order_by_clause.rb
82
+ - lib/ronin/code/sql/limit_clause.rb
83
+ - lib/ronin/code/sql/offset_clause.rb
84
+ - lib/ronin/code/sql/union_clause.rb
85
+ - lib/ronin/code/sql/having_clause.rb
86
+ - lib/ronin/code/sql/union_all_clause.rb
87
+ - lib/ronin/code/sql/intersect_clause.rb
88
+ - lib/ronin/code/sql/rename_to_clause.rb
89
+ - lib/ronin/code/sql/add_column_clause.rb
69
90
  - lib/ronin/code/sql/function.rb
70
- - lib/ronin/code/sql/in.rb
71
- - lib/ronin/code/sql/injection.rb
72
- - lib/ronin/code/sql/injection_builder.rb
73
- - lib/ronin/code/sql/injection_style.rb
91
+ - lib/ronin/code/sql/statement.rb
92
+ - lib/ronin/code/sql/create.rb
93
+ - lib/ronin/code/sql/create_index.rb
94
+ - lib/ronin/code/sql/create_table.rb
95
+ - lib/ronin/code/sql/create_view.rb
74
96
  - lib/ronin/code/sql/insert.rb
75
- - lib/ronin/code/sql/keyword.rb
76
- - lib/ronin/code/sql/like_expr.rb
77
- - lib/ronin/code/sql/program.rb
78
- - lib/ronin/code/sql/replace.rb
79
97
  - lib/ronin/code/sql/select.rb
80
- - lib/ronin/code/sql/statement.rb
81
- - lib/ronin/code/sql/style.rb
82
- - lib/ronin/code/sql/unary_expr.rb
98
+ - lib/ronin/code/sql/replace.rb
83
99
  - lib/ronin/code/sql/update.rb
100
+ - lib/ronin/code/sql/delete.rb
101
+ - lib/ronin/code/sql/drop.rb
102
+ - lib/ronin/code/sql/drop_index.rb
103
+ - lib/ronin/code/sql/drop_table.rb
104
+ - lib/ronin/code/sql/drop_view.rb
105
+ - lib/ronin/code/sql/dialect.rb
106
+ - lib/ronin/code/sql/common_dialect.rb
107
+ - lib/ronin/code/sql/program.rb
108
+ - lib/ronin/code/sql/injected_statement.rb
109
+ - lib/ronin/code/sql/injection.rb
110
+ - lib/ronin/code/sql/code.rb
84
111
  - lib/ronin/sql/extensions.rb
85
112
  - lib/ronin/sql/extensions/uri.rb
86
113
  - lib/ronin/sql/extensions/uri/http.rb
114
+ - lib/ronin/sql/error/message.rb
115
+ - lib/ronin/sql/error/pattern.rb
116
+ - lib/ronin/sql/error/error.rb
117
+ - lib/ronin/sql/error/patterns.rb
87
118
  - lib/ronin/sql/error.rb
88
- - lib/ronin/sql/sql.rb
119
+ - lib/ronin/sql/injection.rb
89
120
  - lib/ronin/sql/version.rb
90
121
  - lib/ronin/sql.rb
91
122
  - tasks/spec.rb
92
123
  - spec/spec_helper.rb
124
+ - spec/sql_spec.rb
125
+ - spec/helpers/code.rb
126
+ - spec/code/sql/has_default_values_clause_examples.rb
127
+ - spec/code/sql/has_fields_clause_examples.rb
128
+ - spec/code/sql/has_from_clause_examples.rb
129
+ - spec/code/sql/has_values_clause_examples.rb
130
+ - spec/code/sql/has_where_clause_examples.rb
131
+ - spec/code/sql/create_examples.rb
132
+ - spec/code/sql/create_table_spec.rb
133
+ - spec/code/sql/create_index_spec.rb
134
+ - spec/code/sql/create_view_spec.rb
135
+ - spec/code/sql/drop_examples.rb
136
+ - spec/code/sql/drop_table_spec.rb
137
+ - spec/code/sql/drop_index_spec.rb
138
+ - spec/code/sql/drop_view_spec.rb
139
+ - spec/code/sql/insert_spec.rb
140
+ - spec/code/sql/select_spec.rb
141
+ - spec/code/sql/update_spec.rb
142
+ - spec/code/sql/replace_spec.rb
143
+ - spec/code/sql/delete_spec.rb
144
+ - spec/sql/error_spec.rb
145
+ - spec/sql/extensions/string_spec.rb
93
146
  has_rdoc: true
94
147
  homepage: http://ronin.rubyforge.org/sql/
95
148
  post_install_message:
@@ -113,7 +166,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
113
166
  requirements: []
114
167
 
115
168
  rubyforge_project: ronin
116
- rubygems_version: 1.2.0
169
+ rubygems_version: 1.3.1
117
170
  signing_key:
118
171
  specification_version: 2
119
172
  summary: Ronin SQL is a Ruby library for Ronin that provids support for SQL related security tasks
@@ -1,137 +0,0 @@
1
- #
2
- #--
3
- # Ronin SQL - A Ronin library providing support for SQL related security
4
- # tasks.
5
- #
6
- # Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
7
- #
8
- # This program is free software; you can redistribute it and/or modify
9
- # it under the terms of the GNU General Public License as published by
10
- # the Free Software Foundation; either version 2 of the License, or
11
- # (at your option) any later version.
12
- #
13
- # This program is distributed in the hope that it will be useful,
14
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
- # GNU General Public License for more details.
17
- #
18
- # You should have received a copy of the GNU General Public License
19
- # along with this program; if not, write to the Free Software
20
- # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
- #++
22
- #
23
-
24
- require 'ronin/code/sql/statement'
25
- require 'ronin/code/sql/injection_style'
26
-
27
- module Ronin
28
- module Code
29
- module SQL
30
- class InjectionBuilder < Statement
31
-
32
- def initialize(style,&block)
33
- @escape = nil
34
- @escape_data = nil
35
- @expressions = []
36
- @program = nil
37
-
38
- super(style,&block)
39
- end
40
-
41
- def escape(var=1,&block)
42
- @escape = nil
43
- @escape_data = var
44
-
45
- block.call if block
46
- return self
47
- end
48
-
49
- def inject(*expr)
50
- @expressions += expr
51
- return self
52
- end
53
-
54
- def inject_and(expr)
55
- inject(keyword_and, expr)
56
- end
57
-
58
- def inject_or(expr)
59
- inject(keyword_or, expr)
60
- end
61
-
62
- def inject_sql(options={},&block)
63
- @program = Program.new(@style,options,&block)
64
- end
65
-
66
- def all_rows(var=1)
67
- inject_or(BinaryExpr.new(@style,'=',var,var))
68
- end
69
-
70
- def exact_rows(var=1)
71
- inject_and(BinaryExpr.new(@style,'=',var,var))
72
- end
73
-
74
- def has_field?(name)
75
- inject_or(field(name).is_not?(null))
76
- end
77
-
78
- def has_table?(table)
79
- inject_and(select_from(table,:fields => count(all), :from => table)==1)
80
- end
81
-
82
- def uses_table?(table)
83
- inject_or(table.is_not?(null))
84
- end
85
-
86
- def compile
87
- injection_expr = lambda {
88
- compile_expr("#{@escape_data}#{@escape}",*(@expressions))
89
- }
90
-
91
- append_comment = lambda { |str|
92
- compile_expr(str,'--')
93
- }
94
-
95
- if @program
96
- return compile_statements(injection_expr.call,append_comment.call(@program))
97
- else
98
- injection = injection_expr.call
99
-
100
- if (@escape && injection =~ /#{@escape}\s*$/)
101
- return injection.rstrip.chop
102
- else
103
- return append_comment.call(injection)
104
- end
105
- end
106
- end
107
-
108
- protected
109
-
110
- keyword :or
111
- keyword :and
112
-
113
- def self.escape(name,char)
114
- name = name.to_s.downcase.to_sym
115
- char = char.to_s
116
-
117
- class_eval %{
118
- def escape_#{name}(var=nil,&block)
119
- @escape = #{char.dump}
120
- @escape_data = var
121
-
122
- block.call if block
123
- return self
124
- end
125
- }
126
-
127
- return self
128
- end
129
-
130
- escape :string, "'"
131
- escape :parenthesis, ')'
132
- escape :statement, ';'
133
-
134
- end
135
- end
136
- end
137
- end
@@ -1,79 +0,0 @@
1
- #
2
- #--
3
- # Ronin SQL - A Ronin library providing support for SQL related security
4
- # tasks.
5
- #
6
- # Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
7
- #
8
- # This program is free software; you can redistribute it and/or modify
9
- # it under the terms of the GNU General Public License as published by
10
- # the Free Software Foundation; either version 2 of the License, or
11
- # (at your option) any later version.
12
- #
13
- # This program is distributed in the hope that it will be useful,
14
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
- # GNU General Public License for more details.
17
- #
18
- # You should have received a copy of the GNU General Public License
19
- # along with this program; if not, write to the Free Software
20
- # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
- #++
22
- #
23
-
24
- require 'ronin/code/sql/style'
25
-
26
- module Ronin
27
- module Code
28
- module SQL
29
- class InjectionStyle < Style
30
-
31
- # Comment-Obfusticate all keywords
32
- attr_accessor :comment_evasion
33
-
34
- # Swapcase-Obfusciate all keywords
35
- attr_accessor :case_evasion
36
-
37
- def initialize(options={})
38
- super(options)
39
-
40
- if options[:comment_evasion].nil?
41
- @comment_evasion = false
42
- else
43
- @comment_evasion = options[:comment_evasion]
44
- end
45
-
46
- if options[:case_evasion].nil?
47
- @case_evasion = false
48
- else
49
- @case_evasion = options[:case_evasion]
50
- end
51
- end
52
-
53
- def compile_space
54
- if @comment_evasion
55
- return '/**/'
56
- else
57
- return super
58
- end
59
- end
60
-
61
- def compile_keyword(name)
62
- name = name.to_s
63
-
64
- if @case_evasion
65
- (rand(name.length)+1).times do
66
- i = rand(name.length-1).to_i
67
- name[i] = name[i..i].swapcase
68
- end
69
-
70
- return name
71
- else
72
- return super(name)
73
- end
74
- end
75
-
76
- end
77
- end
78
- end
79
- end
@@ -1,170 +0,0 @@
1
- #
2
- #--
3
- # Ronin SQL - A Ronin library providing support for SQL related security
4
- # tasks.
5
- #
6
- # Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
7
- #
8
- # This program is free software; you can redistribute it and/or modify
9
- # it under the terms of the GNU General Public License as published by
10
- # the Free Software Foundation; either version 2 of the License, or
11
- # (at your option) any later version.
12
- #
13
- # This program is distributed in the hope that it will be useful,
14
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
- # GNU General Public License for more details.
17
- #
18
- # You should have received a copy of the GNU General Public License
19
- # along with this program; if not, write to the Free Software
20
- # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
- #++
22
- #
23
-
24
- require 'ronin/code/sql/dialect'
25
- require 'ronin/code/sql/common_dialect'
26
-
27
- module Ronin
28
- module Code
29
- module SQL
30
- class Style
31
-
32
- # The dialect of SQL
33
- attr_reader :dialect
34
-
35
- # Use single-line or multi-line style
36
- attr_accessor :multiline
37
-
38
- # Use lowercase style
39
- attr_accessor :lowercase
40
-
41
- # Compile with less parenthesis
42
- attr_accessor :less_parenthesis
43
-
44
- # Space string
45
- attr_accessor :space
46
-
47
- # New-line string
48
- attr_accessor :newline
49
-
50
- def initialize(options={})
51
- @dialect = Dialect.get_dialect(options[:dialect] || :common).new(self)
52
-
53
- if options[:multiline].nil?
54
- @multiline = true
55
- else
56
- @multiline = options[:multiline]
57
- end
58
-
59
- if options[:lowercase].nil?
60
- @lowercase = false
61
- else
62
- @lowercase = options[:lowercase]
63
- end
64
-
65
- if options[:less_parenthesis].nil?
66
- @less_parenthesis = false
67
- else
68
- @less_parenthesis = options[:less_parenthesis]
69
- end
70
-
71
- @space = (options[:space] || ' ')
72
- @newline = (options[:newline] || "\n")
73
- end
74
-
75
- def compile_space
76
- if @space.kind_of?(Array)
77
- return @space[rand(@space.length)].to_s
78
- else
79
- return @space.to_s
80
- end
81
- end
82
-
83
- def preappend_space(str)
84
- compile_space + str.to_s
85
- end
86
-
87
- def append_space(str)
88
- str.to_s + compile_space
89
- end
90
-
91
- def compile_newline
92
- return compile_space unless @multiline
93
-
94
- if @newline.kind_of?(Array)
95
- return @newline[@newline.length * rand].to_s
96
- else
97
- return @newline.to_s
98
- end
99
- end
100
-
101
- def quote_string(data)
102
- "'" + data.to_s.sub("'","''") + "'"
103
- end
104
-
105
- def compile_keyword(name)
106
- name = name.to_s
107
-
108
- if @lowercase
109
- return name.downcase
110
- else
111
- return name.upcase
112
- end
113
- end
114
-
115
- def compile_list(*exprs)
116
- exprs = exprs.flatten
117
-
118
- unless @less_parenthesis
119
- return exprs.compact.join(append_space(','))
120
- else
121
- return exprs.compact.join(',')
122
- end
123
- end
124
-
125
- def compile_datalist(*exprs)
126
- compile_row( exprs.flatten.map { |expr| compile_data(value) } )
127
- end
128
-
129
- def compile_row(*exprs)
130
- exprs = exprs.flatten
131
-
132
- unless exprs.length==1
133
- unless @less_parenthesis
134
- return "(#{compile_list(exprs)})"
135
- else
136
- return compile_list(exprs)
137
- end
138
- else
139
- return exprs[0].to_s
140
- end
141
- end
142
-
143
- def compile_data(data)
144
- if data.kind_of?(Statement)
145
- return "(#{data})"
146
- elsif data.kind_of?(Array)
147
- return compile_datalist(data)
148
- elsif data.kind_of?(String)
149
- return quote_string(data)
150
- else
151
- return data.to_s
152
- end
153
- end
154
-
155
- def compile_expr(*expr)
156
- expr.compact.join(compile_space).strip
157
- end
158
-
159
- def compile_statements(statements,separator=compile_newline)
160
- if @multiline
161
- return statements.join(compile_newline)
162
- else
163
- return statements.join(append_space(';'))
164
- end
165
- end
166
-
167
- end
168
- end
169
- end
170
- end
data/lib/ronin/sql/sql.rb DELETED
@@ -1,83 +0,0 @@
1
- #
2
- #--
3
- # Ronin SQL - A Ronin library providing support for SQL related security
4
- # tasks.
5
- #
6
- # Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
7
- #
8
- # This program is free software; you can redistribute it and/or modify
9
- # it under the terms of the GNU General Public License as published by
10
- # the Free Software Foundation; either version 2 of the License, or
11
- # (at your option) any later version.
12
- #
13
- # This program is distributed in the hope that it will be useful,
14
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
- # GNU General Public License for more details.
17
- #
18
- # You should have received a copy of the GNU General Public License
19
- # along with this program; if not, write to the Free Software
20
- # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
- #++
22
- #
23
-
24
- require 'ronin/sql/error'
25
- require 'ronin/extensions/uri'
26
-
27
- module Ronin
28
- module SQL
29
-
30
- # SQL error patterns
31
- ERROR_PATTERNS = {
32
- # sourced from sqid (http://sqid.rubyforge.org/).
33
- :ms_sql => /Microsoft OLE DB Provider for (SQL Server|ODBC Drivers.*\[Microsoft\]\[ODBC (SQL Server|Access) Driver\])/,
34
- :ms_access => /\[Microsoft\]\[ODBC Microsoft Access Driver\] Syntax error/,
35
- :ms_jetdb => /Microsoft JET Database Engine/,
36
- :ms_adodb => /ADODB.Command.*error/,
37
- :asp_net => /Server Error.*System\.Data\.OleDb\.OleDbException/,
38
- :mysql => /(Warning.*(supplied argument is not a valid MySQL result|mysql_.*\(\))|You have an error in your SQL syntax.*(on|at) line)/,
39
- :php => /(Warning.*failed to open stream|Fatal Error.*(on|at) line)/,
40
- :oracle => /ORA-[0-9][0-9][0-9][0-9]/,
41
- :jdbc => /Invalid SQL statement or JDBC/,
42
- :java_servlet => /javax\.servlet\.ServletException/,
43
- :apache_tomcat => /org\.apache\.jasper\.JasperException/,
44
- :vb_runtime => /Microsoft VBScript runtime/,
45
- :vb_asp => /Type mismatch/
46
- }
47
-
48
- #
49
- # Tests whether the _body_ contains an SQL error message using the
50
- # given _options_.
51
- #
52
- # _options_ may contain the following keys:
53
- # <tt>:types</tt>:: A list of error types to test for. If not specified
54
- # all the error patterns in ERROR_PATTERNS will be
55
- # tested.
56
- #
57
- def SQL.error(body,options={})
58
- patterns = (options[:types] || ERROR_PATTERNS.keys)
59
-
60
- patterns.each do |type|
61
- match = ERROR_PATTERNS[type].match(body)
62
-
63
- return Error.new(type,match[0].strip_html) if match
64
- end
65
-
66
- return nil
67
- end
68
-
69
- #
70
- # Returns +true+ if the specified _body_ using the given _options_
71
- # contains an SQL error, returns +false+ otherwise.
72
- #
73
- # _options_ may contain the following keys:
74
- # <tt>:types</tt>:: A list of error types to test for. If not specified
75
- # all the error patterns in ERROR_PATTERNS will be
76
- # tested.
77
- #
78
- def SQL.has_error?(body,options={})
79
- !(SQL.error(body,options).nil?)
80
- end
81
-
82
- end
83
- end