ronin-sql 0.1.1 → 0.2.0

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification 
 name: ronin-sql
 version: !ruby/object:Gem::Version 
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors: 
-- Postmodern Modulus III
+- Postmodern
 autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2008-09-28 00:00:00 -07:00
+date: 2009-01-08 00:00:00 -08:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -20,7 +20,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 0.0.9
+        version: 0.1.3
     version: 
 - !ruby/object:Gem::Dependency 
   name: hoe
@@ -30,7 +30,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.7.0
+        version: 1.8.2
     version: 
 description: Ronin SQL is a Ruby library for Ronin that provids support for SQL related security tasks.  Ronin is a Ruby platform designed for information security and data exploration tasks. Ronin allows for the rapid development and distribution of code over many of the common Source-Code-Management (SCM) systems.
 email: 
@@ -51,45 +51,98 @@ files:
 - README.txt
 - Rakefile
 - lib/ronin/code/sql.rb
-- lib/ronin/code/sql/between.rb
-- lib/ronin/code/sql/binary_expr.rb
-- lib/ronin/code/sql/builder.rb
-- lib/ronin/code/sql/code.rb
-- lib/ronin/code/sql/common_dialect.rb
-- lib/ronin/code/sql/create_index.rb
-- lib/ronin/code/sql/create_table.rb
-- lib/ronin/code/sql/create_view.rb
-- lib/ronin/code/sql/delete.rb
-- lib/ronin/code/sql/dialect.rb
-- lib/ronin/code/sql/drop_table.rb
 - lib/ronin/code/sql/exceptions.rb
 - lib/ronin/code/sql/exceptions/unknown_dialect.rb
+- lib/ronin/code/sql/exceptions/unknown_statement.rb
+- lib/ronin/code/sql/exceptions/unknown_clause.rb
+- lib/ronin/code/sql/token.rb
+- lib/ronin/code/sql/emittable.rb
+- lib/ronin/code/sql/modifier.rb
+- lib/ronin/code/sql/asc.rb
+- lib/ronin/code/sql/desc.rb
+- lib/ronin/code/sql/as.rb
 - lib/ronin/code/sql/expr.rb
+- lib/ronin/code/sql/unary_expr.rb
+- lib/ronin/code/sql/binary_expr.rb
+- lib/ronin/code/sql/like.rb
+- lib/ronin/code/sql/between.rb
+- lib/ronin/code/sql/in.rb
 - lib/ronin/code/sql/field.rb
+- lib/ronin/code/sql/clause.rb
+- lib/ronin/code/sql/on_clause.rb
+- lib/ronin/code/sql/where_clause.rb
+- lib/ronin/code/sql/group_by_clause.rb
+- lib/ronin/code/sql/fields_clause.rb
+- lib/ronin/code/sql/set_clause.rb
+- lib/ronin/code/sql/values_clause.rb
+- lib/ronin/code/sql/from_clause.rb
+- lib/ronin/code/sql/default_values_clause.rb
+- lib/ronin/code/sql/join_clause.rb
+- lib/ronin/code/sql/order_by_clause.rb
+- lib/ronin/code/sql/limit_clause.rb
+- lib/ronin/code/sql/offset_clause.rb
+- lib/ronin/code/sql/union_clause.rb
+- lib/ronin/code/sql/having_clause.rb
+- lib/ronin/code/sql/union_all_clause.rb
+- lib/ronin/code/sql/intersect_clause.rb
+- lib/ronin/code/sql/rename_to_clause.rb
+- lib/ronin/code/sql/add_column_clause.rb
 - lib/ronin/code/sql/function.rb
-- lib/ronin/code/sql/in.rb
-- lib/ronin/code/sql/injection.rb
-- lib/ronin/code/sql/injection_builder.rb
-- lib/ronin/code/sql/injection_style.rb
+- lib/ronin/code/sql/statement.rb
+- lib/ronin/code/sql/create.rb
+- lib/ronin/code/sql/create_index.rb
+- lib/ronin/code/sql/create_table.rb
+- lib/ronin/code/sql/create_view.rb
 - lib/ronin/code/sql/insert.rb
-- lib/ronin/code/sql/keyword.rb
-- lib/ronin/code/sql/like_expr.rb
-- lib/ronin/code/sql/program.rb
-- lib/ronin/code/sql/replace.rb
 - lib/ronin/code/sql/select.rb
-- lib/ronin/code/sql/statement.rb
-- lib/ronin/code/sql/style.rb
-- lib/ronin/code/sql/unary_expr.rb
+- lib/ronin/code/sql/replace.rb
 - lib/ronin/code/sql/update.rb
+- lib/ronin/code/sql/delete.rb
+- lib/ronin/code/sql/drop.rb
+- lib/ronin/code/sql/drop_index.rb
+- lib/ronin/code/sql/drop_table.rb
+- lib/ronin/code/sql/drop_view.rb
+- lib/ronin/code/sql/dialect.rb
+- lib/ronin/code/sql/common_dialect.rb
+- lib/ronin/code/sql/program.rb
+- lib/ronin/code/sql/injected_statement.rb
+- lib/ronin/code/sql/injection.rb
+- lib/ronin/code/sql/code.rb
 - lib/ronin/sql/extensions.rb
 - lib/ronin/sql/extensions/uri.rb
 - lib/ronin/sql/extensions/uri/http.rb
+- lib/ronin/sql/error/message.rb
+- lib/ronin/sql/error/pattern.rb
+- lib/ronin/sql/error/error.rb
+- lib/ronin/sql/error/patterns.rb
 - lib/ronin/sql/error.rb
-- lib/ronin/sql/sql.rb
+- lib/ronin/sql/injection.rb
 - lib/ronin/sql/version.rb
 - lib/ronin/sql.rb
 - tasks/spec.rb
 - spec/spec_helper.rb
+- spec/sql_spec.rb
+- spec/helpers/code.rb
+- spec/code/sql/has_default_values_clause_examples.rb
+- spec/code/sql/has_fields_clause_examples.rb
+- spec/code/sql/has_from_clause_examples.rb
+- spec/code/sql/has_values_clause_examples.rb
+- spec/code/sql/has_where_clause_examples.rb
+- spec/code/sql/create_examples.rb
+- spec/code/sql/create_table_spec.rb
+- spec/code/sql/create_index_spec.rb
+- spec/code/sql/create_view_spec.rb
+- spec/code/sql/drop_examples.rb
+- spec/code/sql/drop_table_spec.rb
+- spec/code/sql/drop_index_spec.rb
+- spec/code/sql/drop_view_spec.rb
+- spec/code/sql/insert_spec.rb
+- spec/code/sql/select_spec.rb
+- spec/code/sql/update_spec.rb
+- spec/code/sql/replace_spec.rb
+- spec/code/sql/delete_spec.rb
+- spec/sql/error_spec.rb
+- spec/sql/extensions/string_spec.rb
 has_rdoc: true
 homepage: http://ronin.rubyforge.org/sql/
 post_install_message: 
@@ -113,7 +166,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: ronin
-rubygems_version: 1.2.0
+rubygems_version: 1.3.1
 signing_key: 
 specification_version: 2
 summary: Ronin SQL is a Ruby library for Ronin that provids support for SQL related security tasks

data/lib/ronin/code/sql/injection_builder.rb

@@ -1,137 +0,0 @@
-#
-#--
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
-#
-# Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#++
-#
-
-require 'ronin/code/sql/statement'
-require 'ronin/code/sql/injection_style'
-
-module Ronin
-  module Code
-    module SQL
-      class InjectionBuilder < Statement
-
-        def initialize(style,&block)
-          @escape = nil
-          @escape_data = nil
-          @expressions = []
-          @program = nil
-
-          super(style,&block)
-        end
-
-        def escape(var=1,&block)
-          @escape = nil
-          @escape_data = var
-
-          block.call if block
-          return self
-        end
-
-        def inject(*expr)
-          @expressions += expr
-          return self
-        end
-
-        def inject_and(expr)
-          inject(keyword_and, expr)
-        end
-
-        def inject_or(expr)
-          inject(keyword_or, expr)
-        end
-
-        def inject_sql(options={},&block)
-          @program = Program.new(@style,options,&block)
-        end
-
-        def all_rows(var=1)
-          inject_or(BinaryExpr.new(@style,'=',var,var))
-        end
-
-        def exact_rows(var=1)
-          inject_and(BinaryExpr.new(@style,'=',var,var))
-        end
-
-        def has_field?(name)
-          inject_or(field(name).is_not?(null))
-        end
-
-        def has_table?(table)
-          inject_and(select_from(table,:fields => count(all), :from => table)==1)
-        end
-
-        def uses_table?(table)
-          inject_or(table.is_not?(null))
-        end
-
-        def compile
-          injection_expr = lambda {
-            compile_expr("#{@escape_data}#{@escape}",*(@expressions))
-          }
-
-          append_comment = lambda { |str|
-            compile_expr(str,'--')
-          }
-
-          if @program
-            return compile_statements(injection_expr.call,append_comment.call(@program))
-          else
-            injection = injection_expr.call
-
-            if (@escape && injection =~ /#{@escape}\s*$/)
-              return injection.rstrip.chop
-            else
-              return append_comment.call(injection)
-            end
-          end
-        end
-
-        protected
-
-        keyword :or
-        keyword :and
-
-        def self.escape(name,char)
-          name = name.to_s.downcase.to_sym
-          char = char.to_s
-
-          class_eval %{
-            def escape_#{name}(var=nil,&block)
-              @escape = #{char.dump}
-              @escape_data = var
-
-              block.call if block
-              return self
-            end
-          }
-
-          return self
-        end
-
-        escape :string, "'"
-        escape :parenthesis, ')'
-        escape :statement, ';'
-
-      end
-    end
-  end
-end

data/lib/ronin/code/sql/injection_style.rb

@@ -1,79 +0,0 @@
-#
-#--
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
-#
-# Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#++
-#
-
-require 'ronin/code/sql/style'
-
-module Ronin
-  module Code
-    module SQL
-      class InjectionStyle < Style
-
-        # Comment-Obfusticate all keywords
-        attr_accessor :comment_evasion
-
-        # Swapcase-Obfusciate all keywords
-        attr_accessor :case_evasion
-
-        def initialize(options={})
-          super(options)
-
-          if options[:comment_evasion].nil?
-            @comment_evasion = false
-          else
-            @comment_evasion = options[:comment_evasion]
-          end
-
-          if options[:case_evasion].nil?
-            @case_evasion = false
-          else
-            @case_evasion = options[:case_evasion]
-          end
-        end
-
-        def compile_space
-          if @comment_evasion
-            return '/**/'
-          else
-            return super
-          end
-        end
-
-        def compile_keyword(name)
-          name = name.to_s
-
-          if @case_evasion
-            (rand(name.length)+1).times do
-              i = rand(name.length-1).to_i
-              name[i] = name[i..i].swapcase
-            end
-
-            return name
-          else
-            return super(name)
-          end
-        end
-
-      end
-    end
-  end
-end

data/lib/ronin/code/sql/style.rb

@@ -1,170 +0,0 @@
-#
-#--
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
-#
-# Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#++
-#
-
-require 'ronin/code/sql/dialect'
-require 'ronin/code/sql/common_dialect'
-
-module Ronin
-  module Code
-    module SQL
-      class Style
-
-        # The dialect of SQL
-        attr_reader :dialect
-
-        # Use single-line or multi-line style
-        attr_accessor :multiline
-
-        # Use lowercase style
-        attr_accessor :lowercase
-
-        # Compile with less parenthesis
-        attr_accessor :less_parenthesis
-
-        # Space string
-        attr_accessor :space
-
-        # New-line string
-        attr_accessor :newline
-
-        def initialize(options={})
-          @dialect = Dialect.get_dialect(options[:dialect] || :common).new(self)
-
-          if options[:multiline].nil?
-            @multiline = true
-          else
-            @multiline = options[:multiline]
-          end
-
-          if options[:lowercase].nil?
-            @lowercase = false
-          else
-            @lowercase = options[:lowercase]
-          end
-
-          if options[:less_parenthesis].nil?
-            @less_parenthesis = false
-          else
-            @less_parenthesis = options[:less_parenthesis]
-          end
-
-          @space = (options[:space] || ' ')
-          @newline = (options[:newline] || "\n")
-        end
-
-        def compile_space
-          if @space.kind_of?(Array)
-            return @space[rand(@space.length)].to_s
-          else
-            return @space.to_s
-          end
-        end
-
-        def preappend_space(str)
-          compile_space + str.to_s
-        end
-
-        def append_space(str)
-          str.to_s + compile_space
-        end
-
-        def compile_newline
-          return compile_space unless @multiline
-
-          if @newline.kind_of?(Array)
-            return @newline[@newline.length * rand].to_s
-          else
-            return @newline.to_s
-          end
-        end
-
-        def quote_string(data)
-         "'" + data.to_s.sub("'","''") + "'"
-        end
-
-        def compile_keyword(name)
-          name = name.to_s
-
-          if @lowercase
-            return name.downcase
-          else
-            return name.upcase
-          end
-        end
-
-        def compile_list(*exprs)
-          exprs = exprs.flatten
-
-          unless @less_parenthesis
-            return exprs.compact.join(append_space(','))
-          else
-            return exprs.compact.join(',')
-          end
-        end
-
-        def compile_datalist(*exprs)
-          compile_row( exprs.flatten.map { |expr| compile_data(value) } )
-        end
-
-        def compile_row(*exprs)
-          exprs = exprs.flatten
-
-          unless exprs.length==1
-            unless @less_parenthesis
-              return "(#{compile_list(exprs)})"
-            else
-              return compile_list(exprs)
-            end
-          else
-            return exprs[0].to_s
-          end
-        end
-
-        def compile_data(data)
-          if data.kind_of?(Statement)
-            return "(#{data})"
-          elsif data.kind_of?(Array)
-            return compile_datalist(data)
-          elsif data.kind_of?(String)
-            return quote_string(data)
-          else
-            return data.to_s
-          end
-        end
-
-        def compile_expr(*expr)
-          expr.compact.join(compile_space).strip
-        end
-
-        def compile_statements(statements,separator=compile_newline)
-          if @multiline
-            return statements.join(compile_newline)
-          else
-            return statements.join(append_space(';'))
-          end
-        end
-
-      end
-    end
-  end
-end

data/lib/ronin/sql/sql.rb

@@ -1,83 +0,0 @@
-#
-#--
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
-#
-# Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#++
-#
-
-require 'ronin/sql/error'
-require 'ronin/extensions/uri'
-
-module Ronin
-  module SQL
-
-    # SQL error patterns
-    ERROR_PATTERNS = {
-      # sourced from sqid (http://sqid.rubyforge.org/).
-      :ms_sql => /Microsoft OLE DB Provider for (SQL Server|ODBC Drivers.*\[Microsoft\]\[ODBC (SQL Server|Access) Driver\])/,
-      :ms_access => /\[Microsoft\]\[ODBC Microsoft Access Driver\] Syntax error/,
-      :ms_jetdb => /Microsoft JET Database Engine/,
-      :ms_adodb => /ADODB.Command.*error/,
-      :asp_net => /Server Error.*System\.Data\.OleDb\.OleDbException/,
-      :mysql => /(Warning.*(supplied argument is not a valid MySQL result|mysql_.*\(\))|You have an error in your SQL syntax.*(on|at) line)/,
-      :php => /(Warning.*failed to open stream|Fatal Error.*(on|at) line)/,
-      :oracle => /ORA-[0-9][0-9][0-9][0-9]/,
-      :jdbc => /Invalid SQL statement or JDBC/,
-      :java_servlet => /javax\.servlet\.ServletException/,
-      :apache_tomcat => /org\.apache\.jasper\.JasperException/,
-      :vb_runtime => /Microsoft VBScript runtime/,
-      :vb_asp => /Type mismatch/
-    }
-
-    #
-    # Tests whether the _body_ contains an SQL error message using the
-    # given _options_.
-    #
-    # _options_ may contain the following keys:
-    # <tt>:types</tt>:: A list of error types to test for. If not specified
-    #                   all the error patterns in ERROR_PATTERNS will be
-    #                   tested.
-    #
-    def SQL.error(body,options={})
-      patterns = (options[:types] || ERROR_PATTERNS.keys)
-
-      patterns.each do |type|
-        match = ERROR_PATTERNS[type].match(body)
-
-        return Error.new(type,match[0].strip_html) if match
-      end
-
-      return nil
-    end
-
-    #
-    # Returns +true+ if the specified _body_ using the given _options_
-    # contains an SQL error, returns +false+ otherwise.
-    #
-    # _options_ may contain the following keys:
-    # <tt>:types</tt>:: A list of error types to test for. If not specified
-    #                   all the error patterns in ERROR_PATTERNS will be
-    #                   tested.
-    #
-    def SQL.has_error?(body,options={})
-      !(SQL.error(body,options).nil?)
-    end
-
-  end
-end