ronin-sql 0.1.1 → 0.2.0

data/lib/ronin/sql.rb

@@ -3,7 +3,7 @@
 # Ronin SQL - A Ronin library providing support for SQL related security
 # tasks.
 #
-# Copyright (c) 2007-2008 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -24,5 +24,10 @@
 require 'ronin/code/sql'
 require 'ronin/sql/extensions'
 require 'ronin/sql/error'
-require 'ronin/sql/sql'
+require 'ronin/sql/injection'
 require 'ronin/sql/version'
+require 'ronin/config'
+
+module Ronin
+  Config.load :sql
+end

data/spec/code/sql/create_examples.rb

@@ -0,0 +1,19 @@
+require 'ronin/code/sql/create'
+
+require 'code/sql/has_fields_clause_examples'
+
+require 'helpers/code'
+
+shared_examples_for "Create" do
+  it_should_behave_like "has a fields clause"
+
+  it "should have a temp option" do
+    @sql.temp
+    @sql.instance_variable_get('@temp').should == true
+  end
+
+  it "should have a if_not_exists option" do
+    @sql.if_not_exists
+    @sql.instance_variable_get('@if_not_exists').should == true
+  end
+end

data/spec/code/sql/create_index_spec.rb

@@ -0,0 +1,25 @@
+require 'ronin/code/sql/create_index'
+
+require 'code/sql/create_examples'
+
+describe CreateIndex do
+  before(:each) do
+    @sql = CreateIndex.new(common_dialect)
+  end
+
+  it_should_behave_like "Create"
+
+  it "should have an on clause" do
+    @sql.on :users, [:name]
+
+    should_have_clause(@sql,:on) do |on|
+      on.table.should == :users
+      on.fields.should == [:name]
+    end
+  end
+
+  it "should have an index option" do
+    @sql.index :users
+    @sql.instance_variable_get('@name').should == :users
+  end
+end

data/spec/code/sql/create_table_spec.rb

@@ -0,0 +1,27 @@
+require 'ronin/code/sql/create_table'
+require 'ronin/code/sql/program'
+
+require 'code/sql/create_examples'
+
+describe CreateTable do
+  before(:each) do
+    @sql = CreateTable.new(common_dialect)
+  end
+
+  it_should_behave_like "Create"
+
+  it "should have a columns clause" do
+    columns = [:id, :name, :users]
+
+    @sql.columns(*columns)
+
+    should_have_clause(@sql,:columns) do |clause|
+      clause.fields.should == columns
+    end
+  end
+
+  it "should have a table option" do
+    @sql.table :users
+    @sql.instance_variable_get('@name').should == :users
+  end
+end

data/spec/code/sql/create_view_spec.rb

@@ -0,0 +1,16 @@
+require 'ronin/code/sql/create_view'
+
+require 'code/sql/create_examples'
+
+describe CreateView do
+  before(:each) do
+    @sql = CreateView.new(common_dialect)
+  end
+
+  it_should_behave_like "Create"
+
+  it "should have a view option" do
+    @sql.view :users
+    @sql.instance_variable_get('@name').should == :users
+  end
+end

data/spec/code/sql/delete_spec.rb

@@ -0,0 +1,14 @@
+require 'ronin/code/sql/delete'
+
+require 'helpers/code'
+require 'code/sql/has_from_clause_examples'
+require 'code/sql/has_where_clause_examples'
+
+describe Delete do
+  before(:each) do
+    @sql = Delete.new(common_dialect)
+  end
+
+  it_should_behave_like "has a from clause"
+  it_should_behave_like "has a where clause"
+end

data/spec/code/sql/drop_examples.rb

@@ -0,0 +1,10 @@
+require 'ronin/code/sql/drop'
+
+require 'helpers/code'
+
+shared_examples_for "Drop" do
+  it "should have an if_exists option" do
+    @sql.if_exists
+    @sql.instance_variable_get('@if_exists').should == true
+  end
+end

data/spec/code/sql/drop_index_spec.rb

@@ -0,0 +1,16 @@
+require 'ronin/code/sql/drop_index'
+
+require 'code/sql/drop_examples'
+
+describe DropIndex do
+  before(:each) do
+    @sql = DropIndex.new(common_dialect)
+  end
+
+  it_should_behave_like "Drop"
+
+  it "should have a table option" do
+    @sql.index :users
+    @sql.instance_variable_get('@name').should == :users
+  end
+end

data/spec/code/sql/drop_table_spec.rb

@@ -0,0 +1,16 @@
+require 'ronin/code/sql/drop_table'
+
+require 'code/sql/drop_examples'
+
+describe DropTable do
+  before(:each) do
+    @sql = DropTable.new(common_dialect)
+  end
+
+  it_should_behave_like "Drop"
+
+  it "should have a table option" do
+    @sql.table :users
+    @sql.instance_variable_get('@name').should == :users
+  end
+end

data/spec/code/sql/drop_view_spec.rb

@@ -0,0 +1,16 @@
+require 'ronin/code/sql/drop_view'
+
+require 'code/sql/drop_examples'
+
+describe DropView do
+  before(:each) do
+    @sql = DropView.new(common_dialect)
+  end
+
+  it_should_behave_like "Drop"
+
+  it "should have a table option" do
+    @sql.view :users
+    @sql.instance_variable_get('@name').should == :users
+  end
+end

data/spec/code/sql/has_default_values_clause_examples.rb

@@ -0,0 +1,10 @@
+require 'ronin/code/sql/default_values_clause'
+
+require 'helpers/code'
+
+shared_examples_for "has a default values clause" do
+  it "should have a default values clause" do
+    @sql.default_values
+    @sql.has_clause?(:default_values).should == true
+  end
+end

data/spec/code/sql/has_fields_clause_examples.rb

@@ -0,0 +1,15 @@
+require 'ronin/code/sql/fields_clause'
+
+require 'helpers/code'
+
+shared_examples_for "has a fields clause" do
+  it "should have a fields clause" do
+    fields = [:id, :name, :users]
+
+    @sql.fields(*fields)
+
+    should_have_clause(@sql,:fields) do |clause|
+      clause.fields.should == fields
+    end
+  end
+end

data/spec/code/sql/has_from_clause_examples.rb

@@ -0,0 +1,13 @@
+require 'ronin/code/sql/from_clause'
+
+require 'helpers/code'
+
+shared_examples_for "has a from clause" do
+  it "should have a from clause" do
+    @sql.from :users
+
+    should_have_clause(@sql,:from) do |from|
+      from.table.should == :users
+    end
+  end
+end

data/spec/code/sql/has_values_clause_examples.rb

@@ -0,0 +1,15 @@
+require 'ronin/code/sql/values_clause'
+
+require 'helpers/code'
+
+shared_examples_for "has a values clause" do
+  it "should have a values clause" do
+    values = [1,'bob','secret']
+
+    @sql.values(*values)
+
+    should_have_clause(@sql,:values) do |clause|
+      clause.values.should == values
+    end
+  end
+end

data/spec/code/sql/has_where_clause_examples.rb

@@ -0,0 +1,15 @@
+require 'ronin/code/sql/where_clause'
+
+require 'helpers/code'
+
+shared_examples_for "has a where clause" do
+  it "should have a where clause" do
+    @sql.instance_eval do
+      where name == 'bob'
+    end
+
+    should_have_clause(@sql,:where) do |clause|
+      clause.expr.should_not be_nil
+    end
+  end
+end

data/spec/code/sql/insert_spec.rb

@@ -0,0 +1,21 @@
+require 'ronin/code/sql/insert'
+
+require 'helpers/code'
+require 'code/sql/has_fields_clause_examples'
+require 'code/sql/has_default_values_clause_examples'
+require 'code/sql/has_values_clause_examples'
+
+describe Insert do
+  before(:each) do
+    @sql = Insert.new(common_dialect)
+  end
+
+  it_should_behave_like "has a fields clause"
+  it_should_behave_like "has a default values clause"
+  it_should_behave_like "has a values clause"
+
+  it "should have a table option" do
+    @sql.table :users
+    @sql.instance_variable_get('@table').should == :users
+  end
+end

data/spec/code/sql/replace_spec.rb

@@ -0,0 +1,21 @@
+require 'ronin/code/sql/replace'
+
+require 'helpers/code'
+require 'code/sql/has_fields_clause_examples'
+require 'code/sql/has_default_values_clause_examples'
+require 'code/sql/has_values_clause_examples'
+
+describe Replace do
+  before(:each) do
+    @sql = Replace.new(common_dialect)
+  end
+
+  it_should_behave_like 'has a fields clause'
+  it_should_behave_like 'has a default values clause'
+  it_should_behave_like 'has a values clause'
+
+  it "should have a table option" do
+    @sql.table :users
+    @sql.instance_variable_get('@table').should == :users
+  end
+end

data/spec/code/sql/select_spec.rb

@@ -0,0 +1,105 @@
+require 'ronin/code/sql/select'
+
+require 'helpers/code'
+require 'code/sql/has_from_clause_examples'
+require 'code/sql/has_where_clause_examples'
+
+describe Select do
+  before(:each) do
+    @sql = Select.new(common_dialect)
+  end
+
+  it_should_behave_like "has a fields clause"
+  it_should_behave_like "has a from clause"
+  it_should_behave_like "has a where clause"
+
+  it "should have a join clause" do
+    @sql.join :users, :inner => true, :left => true
+
+    should_have_clause(@sql,:join) do |join|
+      join.table.should == :users
+      join.side.should == :inner
+      join.direction.should == :left
+    end
+  end
+
+  it "should have a group by clause" do
+    fields = [:name, :age]
+
+    @sql.group_by(*fields)
+
+    should_have_clause(@sql,:group_by) do |group_by|
+      group_by.fields.should == fields
+    end
+  end
+
+  it "should have a having clause" do
+    @sql.instance_eval do
+      having name == 'bob'
+    end
+
+    should_have_clause(@sql,:having) do |clause|
+      clause.expr.should_not be_nil
+    end
+  end
+
+  it "should have a order by clause" do
+    fields = [:name, :age]
+
+    @sql.order_by(*fields)
+
+    should_have_clause(@sql,:order_by) do |clause|
+      clause.fields.should == fields
+    end
+  end
+
+  it "should have a limit clause" do
+    length = 10
+
+    @sql.limit length
+
+    should_have_clause(@sql,:limit) do |clause|
+      clause.value.should == length
+    end
+  end
+
+  it "should have a limit clause" do
+    index = 100
+
+    @sql.offset index
+
+    should_have_clause(@sql,:offset) do |clause|
+      clause.value.should == index
+    end
+  end
+
+  it "should have a union clause" do
+    query = 'SELECT * FROM admins'
+
+    @sql.union query
+
+    should_have_clause(@sql,:union) do |clause|
+      clause.select.should == query
+    end
+  end
+
+  it "should have a union all clause" do
+    query = 'SELECT * FROM admins'
+
+    @sql.union_all query
+
+    should_have_clause(@sql,:union_all) do |clause|
+      clause.select.should == query
+    end
+  end
+
+  it "should have an all rows option" do
+    @sql.all_rows
+    @sql.instance_variable_get('@all_rows').should == true
+  end
+
+  it "should have an distinct rows option" do
+    @sql.distinct_rows
+    @sql.instance_variable_get('@distinct_rows').should == true
+  end
+end

data/spec/code/sql/update_spec.rb

@@ -0,0 +1,26 @@
+require 'ronin/code/sql/update'
+
+require 'helpers/code'
+require 'code/sql/has_where_clause_examples'
+
+describe Update do
+  before(:each) do
+    @sql = Update.new(common_dialect)
+  end
+
+  it_should_behave_like "has a where clause"
+
+  it "should have a set clause" do
+    values = [1, 'bob', 25]
+    @sql.set(*values)
+
+    should_have_clause(@sql,:set) do |clause|
+      clause.values.should == values
+    end
+  end
+
+  it "should have a table option" do
+    @sql.table :users
+    @sql.instance_variable_get('@table').should == :users
+  end
+end

data/spec/helpers/code.rb

@@ -0,0 +1,14 @@
+require 'spec_helper'
+
+require 'ronin/code/sql/common_dialect'
+
+include Code::SQL
+
+def common_dialect
+  Dialect.get(:common).new
+end
+
+def should_have_clause(sql,name,&block)
+  sql.has_clause?(name).should == true
+  block.call(sql.get_clause(name)) if block
+end

data/spec/sql/error_spec.rb

@@ -0,0 +1,24 @@
+require 'ronin/sql/error'
+
+require 'spec_helper'
+
+describe SQL::Error do
+  it "should provide error patterns" do
+    SQL::Error.patterns.should_not be_empty
+  end
+
+  it "should return patterns for specified database types" do
+    patterns = SQL::Error.patterns_for(:mysql, :php)
+
+    patterns[0].should == SQL::Error.patterns[:mysql]
+    patterns[1].should == SQL::Error.patterns[:php]
+  end
+
+  it "should return patterns for a specified SQL dialect" do
+    patterns = SQL::Error.patterns_for_dialect(:common)
+
+    patterns.each do |pattern|
+      pattern.dialect.should == :common
+    end
+  end
+end

data/spec/sql/extensions/string_spec.rb

@@ -0,0 +1,28 @@
+require 'ronin/sql/extensions/string'
+
+require 'spec_helper'
+
+describe String do
+  describe "SQL-hex encoding" do
+    it "should be able to be SQL-hex encoded" do
+      '/etc/passwd'.sql_encode.should == '0x2f6574632f706173737764'
+    end
+
+    it "should return an empty String if empty" do
+      ''.sql_encode.should == ''
+    end
+  end
+
+  describe "SQL-hex decoding" do
+    it "should be able to be SQL-hex decoded" do
+      encoded = '/etc/passwd'.sql_encode
+
+      encoded.should == '0x2f6574632f706173737764'
+      encoded.sql_decode.should == '/etc/passwd'
+    end
+
+    it "should be able to decode SQL comma-escaping" do
+      "'Conan O''Brian'".sql_decode.should == "Conan O'Brian"
+    end
+  end
+end

data/spec/sql_spec.rb

@@ -0,0 +1,9 @@
+require 'ronin/sql/version'
+
+require 'spec_helper'
+
+describe SQL do
+  it "should have a version" do
+    SQL.const_defined?('VERSION').should == true
+  end
+end

data/tasks/spec.rb

@@ -5,3 +5,5 @@ Spec::Rake::SpecTask.new(:spec) do |t|
   t.libs += ['lib', 'spec']
   t.spec_opts = ['--colour', '--format', 'specdoc']
 end
+
+task :default => :spec