ronin-sql 0.1.1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/History.txt +43 -0
- data/Manifest.txt +76 -23
- data/README.txt +31 -6
- data/Rakefile +2 -2
- data/lib/ronin/code/sql/{keyword.rb → add_column_clause.rb} +9 -13
- data/lib/ronin/code/sql/as.rb +47 -0
- data/lib/ronin/code/sql/asc.rb +38 -0
- data/lib/ronin/code/sql/between.rb +18 -12
- data/lib/ronin/code/sql/binary_expr.rb +12 -5
- data/lib/ronin/code/sql/clause.rb +37 -0
- data/lib/ronin/code/sql/code.rb +1 -1
- data/lib/ronin/code/sql/common_dialect.rb +16 -10
- data/lib/ronin/code/sql/create.rb +68 -0
- data/lib/ronin/code/sql/create_index.rb +9 -39
- data/lib/ronin/code/sql/create_table.rb +9 -56
- data/lib/ronin/code/sql/create_view.rb +7 -29
- data/lib/ronin/code/sql/default_values_clause.rb +38 -0
- data/lib/ronin/code/sql/delete.rb +10 -25
- data/lib/ronin/code/sql/desc.rb +38 -0
- data/lib/ronin/code/sql/dialect.rb +172 -52
- data/lib/ronin/code/sql/{builder.rb → drop.rb} +16 -20
- data/lib/ronin/code/sql/drop_index.rb +43 -0
- data/lib/ronin/code/sql/drop_table.rb +8 -16
- data/lib/ronin/code/sql/drop_view.rb +43 -0
- data/lib/ronin/code/sql/emittable.rb +102 -0
- data/lib/ronin/code/sql/exceptions/unknown_clause.rb +31 -0
- data/lib/ronin/code/sql/exceptions/unknown_dialect.rb +2 -2
- data/lib/ronin/code/sql/exceptions/unknown_statement.rb +31 -0
- data/lib/ronin/code/sql/exceptions.rb +3 -1
- data/lib/ronin/code/sql/expr.rb +7 -96
- data/lib/ronin/code/sql/field.rb +40 -23
- data/lib/ronin/code/sql/fields_clause.rb +48 -0
- data/lib/ronin/code/sql/from_clause.rb +44 -0
- data/lib/ronin/code/sql/function.rb +15 -12
- data/lib/ronin/code/sql/group_by_clause.rb +48 -0
- data/lib/ronin/code/sql/having_clause.rb +48 -0
- data/lib/ronin/code/sql/in.rb +9 -9
- data/lib/ronin/code/sql/injected_statement.rb +102 -0
- data/lib/ronin/code/sql/injection.rb +171 -5
- data/lib/ronin/code/sql/insert.rb +15 -45
- data/lib/ronin/code/sql/intersect_clause.rb +44 -0
- data/lib/ronin/code/sql/join_clause.rb +125 -0
- data/lib/ronin/code/sql/{like_expr.rb → like.rb} +19 -31
- data/lib/ronin/code/sql/limit_clause.rb +44 -0
- data/lib/ronin/code/sql/modifier.rb +50 -0
- data/lib/ronin/code/sql/offset_clause.rb +44 -0
- data/lib/ronin/code/sql/on_clause.rb +57 -0
- data/lib/ronin/code/sql/order_by_clause.rb +44 -0
- data/lib/ronin/code/sql/program.rb +170 -23
- data/lib/ronin/code/sql/rename_to_clause.rb +44 -0
- data/lib/ronin/code/sql/replace.rb +15 -17
- data/lib/ronin/code/sql/select.rb +46 -141
- data/lib/ronin/code/sql/set_clause.rb +44 -0
- data/lib/ronin/code/sql/statement.rb +117 -47
- data/lib/ronin/code/sql/token.rb +64 -0
- data/lib/ronin/code/sql/unary_expr.rb +9 -5
- data/lib/ronin/code/sql/union_all_clause.rb +44 -0
- data/lib/ronin/code/sql/union_clause.rb +44 -0
- data/lib/ronin/code/sql/update.rb +10 -31
- data/lib/ronin/code/sql/values_clause.rb +48 -0
- data/lib/ronin/code/sql/where_clause.rb +44 -0
- data/lib/ronin/code/sql.rb +1 -1
- data/lib/ronin/sql/error/error.rb +64 -0
- data/lib/ronin/sql/error/message.rb +64 -0
- data/lib/ronin/sql/error/pattern.rb +106 -0
- data/lib/ronin/sql/error/patterns.rb +100 -0
- data/lib/ronin/sql/error.rb +5 -30
- data/lib/ronin/sql/extensions/uri/http.rb +76 -21
- data/lib/ronin/sql/extensions/uri.rb +1 -1
- data/lib/ronin/sql/extensions.rb +2 -1
- data/lib/ronin/sql/injection.rb +213 -0
- data/lib/ronin/sql/version.rb +2 -2
- data/lib/ronin/sql.rb +7 -2
- data/spec/code/sql/create_examples.rb +19 -0
- data/spec/code/sql/create_index_spec.rb +25 -0
- data/spec/code/sql/create_table_spec.rb +27 -0
- data/spec/code/sql/create_view_spec.rb +16 -0
- data/spec/code/sql/delete_spec.rb +14 -0
- data/spec/code/sql/drop_examples.rb +10 -0
- data/spec/code/sql/drop_index_spec.rb +16 -0
- data/spec/code/sql/drop_table_spec.rb +16 -0
- data/spec/code/sql/drop_view_spec.rb +16 -0
- data/spec/code/sql/has_default_values_clause_examples.rb +10 -0
- data/spec/code/sql/has_fields_clause_examples.rb +15 -0
- data/spec/code/sql/has_from_clause_examples.rb +13 -0
- data/spec/code/sql/has_values_clause_examples.rb +15 -0
- data/spec/code/sql/has_where_clause_examples.rb +15 -0
- data/spec/code/sql/insert_spec.rb +21 -0
- data/spec/code/sql/replace_spec.rb +21 -0
- data/spec/code/sql/select_spec.rb +105 -0
- data/spec/code/sql/update_spec.rb +26 -0
- data/spec/helpers/code.rb +14 -0
- data/spec/sql/error_spec.rb +24 -0
- data/spec/sql/extensions/string_spec.rb +28 -0
- data/spec/sql_spec.rb +9 -0
- data/tasks/spec.rb +2 -0
- metadata +82 -29
- data/lib/ronin/code/sql/injection_builder.rb +0 -137
- data/lib/ronin/code/sql/injection_style.rb +0 -79
- data/lib/ronin/code/sql/style.rb +0 -170
- data/lib/ronin/sql/sql.rb +0 -83
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ronin-sql
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
- Postmodern
|
7
|
+
- Postmodern
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date:
|
12
|
+
date: 2009-01-08 00:00:00 -08:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
@@ -20,7 +20,7 @@ dependencies:
|
|
20
20
|
requirements:
|
21
21
|
- - ">="
|
22
22
|
- !ruby/object:Gem::Version
|
23
|
-
version: 0.
|
23
|
+
version: 0.1.3
|
24
24
|
version:
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: hoe
|
@@ -30,7 +30,7 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 1.
|
33
|
+
version: 1.8.2
|
34
34
|
version:
|
35
35
|
description: Ronin SQL is a Ruby library for Ronin that provids support for SQL related security tasks. Ronin is a Ruby platform designed for information security and data exploration tasks. Ronin allows for the rapid development and distribution of code over many of the common Source-Code-Management (SCM) systems.
|
36
36
|
email:
|
@@ -51,45 +51,98 @@ files:
|
|
51
51
|
- README.txt
|
52
52
|
- Rakefile
|
53
53
|
- lib/ronin/code/sql.rb
|
54
|
-
- lib/ronin/code/sql/between.rb
|
55
|
-
- lib/ronin/code/sql/binary_expr.rb
|
56
|
-
- lib/ronin/code/sql/builder.rb
|
57
|
-
- lib/ronin/code/sql/code.rb
|
58
|
-
- lib/ronin/code/sql/common_dialect.rb
|
59
|
-
- lib/ronin/code/sql/create_index.rb
|
60
|
-
- lib/ronin/code/sql/create_table.rb
|
61
|
-
- lib/ronin/code/sql/create_view.rb
|
62
|
-
- lib/ronin/code/sql/delete.rb
|
63
|
-
- lib/ronin/code/sql/dialect.rb
|
64
|
-
- lib/ronin/code/sql/drop_table.rb
|
65
54
|
- lib/ronin/code/sql/exceptions.rb
|
66
55
|
- lib/ronin/code/sql/exceptions/unknown_dialect.rb
|
56
|
+
- lib/ronin/code/sql/exceptions/unknown_statement.rb
|
57
|
+
- lib/ronin/code/sql/exceptions/unknown_clause.rb
|
58
|
+
- lib/ronin/code/sql/token.rb
|
59
|
+
- lib/ronin/code/sql/emittable.rb
|
60
|
+
- lib/ronin/code/sql/modifier.rb
|
61
|
+
- lib/ronin/code/sql/asc.rb
|
62
|
+
- lib/ronin/code/sql/desc.rb
|
63
|
+
- lib/ronin/code/sql/as.rb
|
67
64
|
- lib/ronin/code/sql/expr.rb
|
65
|
+
- lib/ronin/code/sql/unary_expr.rb
|
66
|
+
- lib/ronin/code/sql/binary_expr.rb
|
67
|
+
- lib/ronin/code/sql/like.rb
|
68
|
+
- lib/ronin/code/sql/between.rb
|
69
|
+
- lib/ronin/code/sql/in.rb
|
68
70
|
- lib/ronin/code/sql/field.rb
|
71
|
+
- lib/ronin/code/sql/clause.rb
|
72
|
+
- lib/ronin/code/sql/on_clause.rb
|
73
|
+
- lib/ronin/code/sql/where_clause.rb
|
74
|
+
- lib/ronin/code/sql/group_by_clause.rb
|
75
|
+
- lib/ronin/code/sql/fields_clause.rb
|
76
|
+
- lib/ronin/code/sql/set_clause.rb
|
77
|
+
- lib/ronin/code/sql/values_clause.rb
|
78
|
+
- lib/ronin/code/sql/from_clause.rb
|
79
|
+
- lib/ronin/code/sql/default_values_clause.rb
|
80
|
+
- lib/ronin/code/sql/join_clause.rb
|
81
|
+
- lib/ronin/code/sql/order_by_clause.rb
|
82
|
+
- lib/ronin/code/sql/limit_clause.rb
|
83
|
+
- lib/ronin/code/sql/offset_clause.rb
|
84
|
+
- lib/ronin/code/sql/union_clause.rb
|
85
|
+
- lib/ronin/code/sql/having_clause.rb
|
86
|
+
- lib/ronin/code/sql/union_all_clause.rb
|
87
|
+
- lib/ronin/code/sql/intersect_clause.rb
|
88
|
+
- lib/ronin/code/sql/rename_to_clause.rb
|
89
|
+
- lib/ronin/code/sql/add_column_clause.rb
|
69
90
|
- lib/ronin/code/sql/function.rb
|
70
|
-
- lib/ronin/code/sql/
|
71
|
-
- lib/ronin/code/sql/
|
72
|
-
- lib/ronin/code/sql/
|
73
|
-
- lib/ronin/code/sql/
|
91
|
+
- lib/ronin/code/sql/statement.rb
|
92
|
+
- lib/ronin/code/sql/create.rb
|
93
|
+
- lib/ronin/code/sql/create_index.rb
|
94
|
+
- lib/ronin/code/sql/create_table.rb
|
95
|
+
- lib/ronin/code/sql/create_view.rb
|
74
96
|
- lib/ronin/code/sql/insert.rb
|
75
|
-
- lib/ronin/code/sql/keyword.rb
|
76
|
-
- lib/ronin/code/sql/like_expr.rb
|
77
|
-
- lib/ronin/code/sql/program.rb
|
78
|
-
- lib/ronin/code/sql/replace.rb
|
79
97
|
- lib/ronin/code/sql/select.rb
|
80
|
-
- lib/ronin/code/sql/
|
81
|
-
- lib/ronin/code/sql/style.rb
|
82
|
-
- lib/ronin/code/sql/unary_expr.rb
|
98
|
+
- lib/ronin/code/sql/replace.rb
|
83
99
|
- lib/ronin/code/sql/update.rb
|
100
|
+
- lib/ronin/code/sql/delete.rb
|
101
|
+
- lib/ronin/code/sql/drop.rb
|
102
|
+
- lib/ronin/code/sql/drop_index.rb
|
103
|
+
- lib/ronin/code/sql/drop_table.rb
|
104
|
+
- lib/ronin/code/sql/drop_view.rb
|
105
|
+
- lib/ronin/code/sql/dialect.rb
|
106
|
+
- lib/ronin/code/sql/common_dialect.rb
|
107
|
+
- lib/ronin/code/sql/program.rb
|
108
|
+
- lib/ronin/code/sql/injected_statement.rb
|
109
|
+
- lib/ronin/code/sql/injection.rb
|
110
|
+
- lib/ronin/code/sql/code.rb
|
84
111
|
- lib/ronin/sql/extensions.rb
|
85
112
|
- lib/ronin/sql/extensions/uri.rb
|
86
113
|
- lib/ronin/sql/extensions/uri/http.rb
|
114
|
+
- lib/ronin/sql/error/message.rb
|
115
|
+
- lib/ronin/sql/error/pattern.rb
|
116
|
+
- lib/ronin/sql/error/error.rb
|
117
|
+
- lib/ronin/sql/error/patterns.rb
|
87
118
|
- lib/ronin/sql/error.rb
|
88
|
-
- lib/ronin/sql/
|
119
|
+
- lib/ronin/sql/injection.rb
|
89
120
|
- lib/ronin/sql/version.rb
|
90
121
|
- lib/ronin/sql.rb
|
91
122
|
- tasks/spec.rb
|
92
123
|
- spec/spec_helper.rb
|
124
|
+
- spec/sql_spec.rb
|
125
|
+
- spec/helpers/code.rb
|
126
|
+
- spec/code/sql/has_default_values_clause_examples.rb
|
127
|
+
- spec/code/sql/has_fields_clause_examples.rb
|
128
|
+
- spec/code/sql/has_from_clause_examples.rb
|
129
|
+
- spec/code/sql/has_values_clause_examples.rb
|
130
|
+
- spec/code/sql/has_where_clause_examples.rb
|
131
|
+
- spec/code/sql/create_examples.rb
|
132
|
+
- spec/code/sql/create_table_spec.rb
|
133
|
+
- spec/code/sql/create_index_spec.rb
|
134
|
+
- spec/code/sql/create_view_spec.rb
|
135
|
+
- spec/code/sql/drop_examples.rb
|
136
|
+
- spec/code/sql/drop_table_spec.rb
|
137
|
+
- spec/code/sql/drop_index_spec.rb
|
138
|
+
- spec/code/sql/drop_view_spec.rb
|
139
|
+
- spec/code/sql/insert_spec.rb
|
140
|
+
- spec/code/sql/select_spec.rb
|
141
|
+
- spec/code/sql/update_spec.rb
|
142
|
+
- spec/code/sql/replace_spec.rb
|
143
|
+
- spec/code/sql/delete_spec.rb
|
144
|
+
- spec/sql/error_spec.rb
|
145
|
+
- spec/sql/extensions/string_spec.rb
|
93
146
|
has_rdoc: true
|
94
147
|
homepage: http://ronin.rubyforge.org/sql/
|
95
148
|
post_install_message:
|
@@ -113,7 +166,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
113
166
|
requirements: []
|
114
167
|
|
115
168
|
rubyforge_project: ronin
|
116
|
-
rubygems_version: 1.
|
169
|
+
rubygems_version: 1.3.1
|
117
170
|
signing_key:
|
118
171
|
specification_version: 2
|
119
172
|
summary: Ronin SQL is a Ruby library for Ronin that provids support for SQL related security tasks
|
@@ -1,137 +0,0 @@
|
|
1
|
-
#
|
2
|
-
#--
|
3
|
-
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
|
-
# tasks.
|
5
|
-
#
|
6
|
-
# Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
-
#
|
8
|
-
# This program is free software; you can redistribute it and/or modify
|
9
|
-
# it under the terms of the GNU General Public License as published by
|
10
|
-
# the Free Software Foundation; either version 2 of the License, or
|
11
|
-
# (at your option) any later version.
|
12
|
-
#
|
13
|
-
# This program is distributed in the hope that it will be useful,
|
14
|
-
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
-
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
-
# GNU General Public License for more details.
|
17
|
-
#
|
18
|
-
# You should have received a copy of the GNU General Public License
|
19
|
-
# along with this program; if not, write to the Free Software
|
20
|
-
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
-
#++
|
22
|
-
#
|
23
|
-
|
24
|
-
require 'ronin/code/sql/statement'
|
25
|
-
require 'ronin/code/sql/injection_style'
|
26
|
-
|
27
|
-
module Ronin
|
28
|
-
module Code
|
29
|
-
module SQL
|
30
|
-
class InjectionBuilder < Statement
|
31
|
-
|
32
|
-
def initialize(style,&block)
|
33
|
-
@escape = nil
|
34
|
-
@escape_data = nil
|
35
|
-
@expressions = []
|
36
|
-
@program = nil
|
37
|
-
|
38
|
-
super(style,&block)
|
39
|
-
end
|
40
|
-
|
41
|
-
def escape(var=1,&block)
|
42
|
-
@escape = nil
|
43
|
-
@escape_data = var
|
44
|
-
|
45
|
-
block.call if block
|
46
|
-
return self
|
47
|
-
end
|
48
|
-
|
49
|
-
def inject(*expr)
|
50
|
-
@expressions += expr
|
51
|
-
return self
|
52
|
-
end
|
53
|
-
|
54
|
-
def inject_and(expr)
|
55
|
-
inject(keyword_and, expr)
|
56
|
-
end
|
57
|
-
|
58
|
-
def inject_or(expr)
|
59
|
-
inject(keyword_or, expr)
|
60
|
-
end
|
61
|
-
|
62
|
-
def inject_sql(options={},&block)
|
63
|
-
@program = Program.new(@style,options,&block)
|
64
|
-
end
|
65
|
-
|
66
|
-
def all_rows(var=1)
|
67
|
-
inject_or(BinaryExpr.new(@style,'=',var,var))
|
68
|
-
end
|
69
|
-
|
70
|
-
def exact_rows(var=1)
|
71
|
-
inject_and(BinaryExpr.new(@style,'=',var,var))
|
72
|
-
end
|
73
|
-
|
74
|
-
def has_field?(name)
|
75
|
-
inject_or(field(name).is_not?(null))
|
76
|
-
end
|
77
|
-
|
78
|
-
def has_table?(table)
|
79
|
-
inject_and(select_from(table,:fields => count(all), :from => table)==1)
|
80
|
-
end
|
81
|
-
|
82
|
-
def uses_table?(table)
|
83
|
-
inject_or(table.is_not?(null))
|
84
|
-
end
|
85
|
-
|
86
|
-
def compile
|
87
|
-
injection_expr = lambda {
|
88
|
-
compile_expr("#{@escape_data}#{@escape}",*(@expressions))
|
89
|
-
}
|
90
|
-
|
91
|
-
append_comment = lambda { |str|
|
92
|
-
compile_expr(str,'--')
|
93
|
-
}
|
94
|
-
|
95
|
-
if @program
|
96
|
-
return compile_statements(injection_expr.call,append_comment.call(@program))
|
97
|
-
else
|
98
|
-
injection = injection_expr.call
|
99
|
-
|
100
|
-
if (@escape && injection =~ /#{@escape}\s*$/)
|
101
|
-
return injection.rstrip.chop
|
102
|
-
else
|
103
|
-
return append_comment.call(injection)
|
104
|
-
end
|
105
|
-
end
|
106
|
-
end
|
107
|
-
|
108
|
-
protected
|
109
|
-
|
110
|
-
keyword :or
|
111
|
-
keyword :and
|
112
|
-
|
113
|
-
def self.escape(name,char)
|
114
|
-
name = name.to_s.downcase.to_sym
|
115
|
-
char = char.to_s
|
116
|
-
|
117
|
-
class_eval %{
|
118
|
-
def escape_#{name}(var=nil,&block)
|
119
|
-
@escape = #{char.dump}
|
120
|
-
@escape_data = var
|
121
|
-
|
122
|
-
block.call if block
|
123
|
-
return self
|
124
|
-
end
|
125
|
-
}
|
126
|
-
|
127
|
-
return self
|
128
|
-
end
|
129
|
-
|
130
|
-
escape :string, "'"
|
131
|
-
escape :parenthesis, ')'
|
132
|
-
escape :statement, ';'
|
133
|
-
|
134
|
-
end
|
135
|
-
end
|
136
|
-
end
|
137
|
-
end
|
@@ -1,79 +0,0 @@
|
|
1
|
-
#
|
2
|
-
#--
|
3
|
-
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
|
-
# tasks.
|
5
|
-
#
|
6
|
-
# Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
-
#
|
8
|
-
# This program is free software; you can redistribute it and/or modify
|
9
|
-
# it under the terms of the GNU General Public License as published by
|
10
|
-
# the Free Software Foundation; either version 2 of the License, or
|
11
|
-
# (at your option) any later version.
|
12
|
-
#
|
13
|
-
# This program is distributed in the hope that it will be useful,
|
14
|
-
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
-
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
-
# GNU General Public License for more details.
|
17
|
-
#
|
18
|
-
# You should have received a copy of the GNU General Public License
|
19
|
-
# along with this program; if not, write to the Free Software
|
20
|
-
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
-
#++
|
22
|
-
#
|
23
|
-
|
24
|
-
require 'ronin/code/sql/style'
|
25
|
-
|
26
|
-
module Ronin
|
27
|
-
module Code
|
28
|
-
module SQL
|
29
|
-
class InjectionStyle < Style
|
30
|
-
|
31
|
-
# Comment-Obfusticate all keywords
|
32
|
-
attr_accessor :comment_evasion
|
33
|
-
|
34
|
-
# Swapcase-Obfusciate all keywords
|
35
|
-
attr_accessor :case_evasion
|
36
|
-
|
37
|
-
def initialize(options={})
|
38
|
-
super(options)
|
39
|
-
|
40
|
-
if options[:comment_evasion].nil?
|
41
|
-
@comment_evasion = false
|
42
|
-
else
|
43
|
-
@comment_evasion = options[:comment_evasion]
|
44
|
-
end
|
45
|
-
|
46
|
-
if options[:case_evasion].nil?
|
47
|
-
@case_evasion = false
|
48
|
-
else
|
49
|
-
@case_evasion = options[:case_evasion]
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
def compile_space
|
54
|
-
if @comment_evasion
|
55
|
-
return '/**/'
|
56
|
-
else
|
57
|
-
return super
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
def compile_keyword(name)
|
62
|
-
name = name.to_s
|
63
|
-
|
64
|
-
if @case_evasion
|
65
|
-
(rand(name.length)+1).times do
|
66
|
-
i = rand(name.length-1).to_i
|
67
|
-
name[i] = name[i..i].swapcase
|
68
|
-
end
|
69
|
-
|
70
|
-
return name
|
71
|
-
else
|
72
|
-
return super(name)
|
73
|
-
end
|
74
|
-
end
|
75
|
-
|
76
|
-
end
|
77
|
-
end
|
78
|
-
end
|
79
|
-
end
|
data/lib/ronin/code/sql/style.rb
DELETED
@@ -1,170 +0,0 @@
|
|
1
|
-
#
|
2
|
-
#--
|
3
|
-
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
|
-
# tasks.
|
5
|
-
#
|
6
|
-
# Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
-
#
|
8
|
-
# This program is free software; you can redistribute it and/or modify
|
9
|
-
# it under the terms of the GNU General Public License as published by
|
10
|
-
# the Free Software Foundation; either version 2 of the License, or
|
11
|
-
# (at your option) any later version.
|
12
|
-
#
|
13
|
-
# This program is distributed in the hope that it will be useful,
|
14
|
-
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
-
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
-
# GNU General Public License for more details.
|
17
|
-
#
|
18
|
-
# You should have received a copy of the GNU General Public License
|
19
|
-
# along with this program; if not, write to the Free Software
|
20
|
-
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
-
#++
|
22
|
-
#
|
23
|
-
|
24
|
-
require 'ronin/code/sql/dialect'
|
25
|
-
require 'ronin/code/sql/common_dialect'
|
26
|
-
|
27
|
-
module Ronin
|
28
|
-
module Code
|
29
|
-
module SQL
|
30
|
-
class Style
|
31
|
-
|
32
|
-
# The dialect of SQL
|
33
|
-
attr_reader :dialect
|
34
|
-
|
35
|
-
# Use single-line or multi-line style
|
36
|
-
attr_accessor :multiline
|
37
|
-
|
38
|
-
# Use lowercase style
|
39
|
-
attr_accessor :lowercase
|
40
|
-
|
41
|
-
# Compile with less parenthesis
|
42
|
-
attr_accessor :less_parenthesis
|
43
|
-
|
44
|
-
# Space string
|
45
|
-
attr_accessor :space
|
46
|
-
|
47
|
-
# New-line string
|
48
|
-
attr_accessor :newline
|
49
|
-
|
50
|
-
def initialize(options={})
|
51
|
-
@dialect = Dialect.get_dialect(options[:dialect] || :common).new(self)
|
52
|
-
|
53
|
-
if options[:multiline].nil?
|
54
|
-
@multiline = true
|
55
|
-
else
|
56
|
-
@multiline = options[:multiline]
|
57
|
-
end
|
58
|
-
|
59
|
-
if options[:lowercase].nil?
|
60
|
-
@lowercase = false
|
61
|
-
else
|
62
|
-
@lowercase = options[:lowercase]
|
63
|
-
end
|
64
|
-
|
65
|
-
if options[:less_parenthesis].nil?
|
66
|
-
@less_parenthesis = false
|
67
|
-
else
|
68
|
-
@less_parenthesis = options[:less_parenthesis]
|
69
|
-
end
|
70
|
-
|
71
|
-
@space = (options[:space] || ' ')
|
72
|
-
@newline = (options[:newline] || "\n")
|
73
|
-
end
|
74
|
-
|
75
|
-
def compile_space
|
76
|
-
if @space.kind_of?(Array)
|
77
|
-
return @space[rand(@space.length)].to_s
|
78
|
-
else
|
79
|
-
return @space.to_s
|
80
|
-
end
|
81
|
-
end
|
82
|
-
|
83
|
-
def preappend_space(str)
|
84
|
-
compile_space + str.to_s
|
85
|
-
end
|
86
|
-
|
87
|
-
def append_space(str)
|
88
|
-
str.to_s + compile_space
|
89
|
-
end
|
90
|
-
|
91
|
-
def compile_newline
|
92
|
-
return compile_space unless @multiline
|
93
|
-
|
94
|
-
if @newline.kind_of?(Array)
|
95
|
-
return @newline[@newline.length * rand].to_s
|
96
|
-
else
|
97
|
-
return @newline.to_s
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
def quote_string(data)
|
102
|
-
"'" + data.to_s.sub("'","''") + "'"
|
103
|
-
end
|
104
|
-
|
105
|
-
def compile_keyword(name)
|
106
|
-
name = name.to_s
|
107
|
-
|
108
|
-
if @lowercase
|
109
|
-
return name.downcase
|
110
|
-
else
|
111
|
-
return name.upcase
|
112
|
-
end
|
113
|
-
end
|
114
|
-
|
115
|
-
def compile_list(*exprs)
|
116
|
-
exprs = exprs.flatten
|
117
|
-
|
118
|
-
unless @less_parenthesis
|
119
|
-
return exprs.compact.join(append_space(','))
|
120
|
-
else
|
121
|
-
return exprs.compact.join(',')
|
122
|
-
end
|
123
|
-
end
|
124
|
-
|
125
|
-
def compile_datalist(*exprs)
|
126
|
-
compile_row( exprs.flatten.map { |expr| compile_data(value) } )
|
127
|
-
end
|
128
|
-
|
129
|
-
def compile_row(*exprs)
|
130
|
-
exprs = exprs.flatten
|
131
|
-
|
132
|
-
unless exprs.length==1
|
133
|
-
unless @less_parenthesis
|
134
|
-
return "(#{compile_list(exprs)})"
|
135
|
-
else
|
136
|
-
return compile_list(exprs)
|
137
|
-
end
|
138
|
-
else
|
139
|
-
return exprs[0].to_s
|
140
|
-
end
|
141
|
-
end
|
142
|
-
|
143
|
-
def compile_data(data)
|
144
|
-
if data.kind_of?(Statement)
|
145
|
-
return "(#{data})"
|
146
|
-
elsif data.kind_of?(Array)
|
147
|
-
return compile_datalist(data)
|
148
|
-
elsif data.kind_of?(String)
|
149
|
-
return quote_string(data)
|
150
|
-
else
|
151
|
-
return data.to_s
|
152
|
-
end
|
153
|
-
end
|
154
|
-
|
155
|
-
def compile_expr(*expr)
|
156
|
-
expr.compact.join(compile_space).strip
|
157
|
-
end
|
158
|
-
|
159
|
-
def compile_statements(statements,separator=compile_newline)
|
160
|
-
if @multiline
|
161
|
-
return statements.join(compile_newline)
|
162
|
-
else
|
163
|
-
return statements.join(append_space(';'))
|
164
|
-
end
|
165
|
-
end
|
166
|
-
|
167
|
-
end
|
168
|
-
end
|
169
|
-
end
|
170
|
-
end
|
data/lib/ronin/sql/sql.rb
DELETED
@@ -1,83 +0,0 @@
|
|
1
|
-
#
|
2
|
-
#--
|
3
|
-
# Ronin SQL - A Ronin library providing support for SQL related security
|
4
|
-
# tasks.
|
5
|
-
#
|
6
|
-
# Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
-
#
|
8
|
-
# This program is free software; you can redistribute it and/or modify
|
9
|
-
# it under the terms of the GNU General Public License as published by
|
10
|
-
# the Free Software Foundation; either version 2 of the License, or
|
11
|
-
# (at your option) any later version.
|
12
|
-
#
|
13
|
-
# This program is distributed in the hope that it will be useful,
|
14
|
-
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
-
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
-
# GNU General Public License for more details.
|
17
|
-
#
|
18
|
-
# You should have received a copy of the GNU General Public License
|
19
|
-
# along with this program; if not, write to the Free Software
|
20
|
-
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
-
#++
|
22
|
-
#
|
23
|
-
|
24
|
-
require 'ronin/sql/error'
|
25
|
-
require 'ronin/extensions/uri'
|
26
|
-
|
27
|
-
module Ronin
|
28
|
-
module SQL
|
29
|
-
|
30
|
-
# SQL error patterns
|
31
|
-
ERROR_PATTERNS = {
|
32
|
-
# sourced from sqid (http://sqid.rubyforge.org/).
|
33
|
-
:ms_sql => /Microsoft OLE DB Provider for (SQL Server|ODBC Drivers.*\[Microsoft\]\[ODBC (SQL Server|Access) Driver\])/,
|
34
|
-
:ms_access => /\[Microsoft\]\[ODBC Microsoft Access Driver\] Syntax error/,
|
35
|
-
:ms_jetdb => /Microsoft JET Database Engine/,
|
36
|
-
:ms_adodb => /ADODB.Command.*error/,
|
37
|
-
:asp_net => /Server Error.*System\.Data\.OleDb\.OleDbException/,
|
38
|
-
:mysql => /(Warning.*(supplied argument is not a valid MySQL result|mysql_.*\(\))|You have an error in your SQL syntax.*(on|at) line)/,
|
39
|
-
:php => /(Warning.*failed to open stream|Fatal Error.*(on|at) line)/,
|
40
|
-
:oracle => /ORA-[0-9][0-9][0-9][0-9]/,
|
41
|
-
:jdbc => /Invalid SQL statement or JDBC/,
|
42
|
-
:java_servlet => /javax\.servlet\.ServletException/,
|
43
|
-
:apache_tomcat => /org\.apache\.jasper\.JasperException/,
|
44
|
-
:vb_runtime => /Microsoft VBScript runtime/,
|
45
|
-
:vb_asp => /Type mismatch/
|
46
|
-
}
|
47
|
-
|
48
|
-
#
|
49
|
-
# Tests whether the _body_ contains an SQL error message using the
|
50
|
-
# given _options_.
|
51
|
-
#
|
52
|
-
# _options_ may contain the following keys:
|
53
|
-
# <tt>:types</tt>:: A list of error types to test for. If not specified
|
54
|
-
# all the error patterns in ERROR_PATTERNS will be
|
55
|
-
# tested.
|
56
|
-
#
|
57
|
-
def SQL.error(body,options={})
|
58
|
-
patterns = (options[:types] || ERROR_PATTERNS.keys)
|
59
|
-
|
60
|
-
patterns.each do |type|
|
61
|
-
match = ERROR_PATTERNS[type].match(body)
|
62
|
-
|
63
|
-
return Error.new(type,match[0].strip_html) if match
|
64
|
-
end
|
65
|
-
|
66
|
-
return nil
|
67
|
-
end
|
68
|
-
|
69
|
-
#
|
70
|
-
# Returns +true+ if the specified _body_ using the given _options_
|
71
|
-
# contains an SQL error, returns +false+ otherwise.
|
72
|
-
#
|
73
|
-
# _options_ may contain the following keys:
|
74
|
-
# <tt>:types</tt>:: A list of error types to test for. If not specified
|
75
|
-
# all the error patterns in ERROR_PATTERNS will be
|
76
|
-
# tested.
|
77
|
-
#
|
78
|
-
def SQL.has_error?(body,options={})
|
79
|
-
!(SQL.error(body,options).nil?)
|
80
|
-
end
|
81
|
-
|
82
|
-
end
|
83
|
-
end
|