ronin-sql 0.2.2 → 0.2.3

data/History.txt

@@ -1,3 +1,12 @@
+=== 0.2.3 / 2009-07-02
+
+* Use Hoe >= 2.0.0.
+* Require ronin >= 0.2.4.
+* Require ronin-web >= 0.1.3.
+* Use Ronin::Scanners::Scanner to define the scanner for finding
+  Ronin::SQL::Injection objects for URI::HTTP urls.
+* Added more specs.
+
 === 0.2.2 / 2009-01-22
 
 * Depend on the new ronin-web library.

data/Manifest.txt

@@ -63,11 +63,15 @@ lib/ronin/code/sql/union_clause.rb
 lib/ronin/code/sql/update.rb
 lib/ronin/code/sql/values_clause.rb
 lib/ronin/code/sql/where_clause.rb
+lib/ronin/formatting/sql.rb
+lib/ronin/formatting/extensions/sql.rb
+lib/ronin/formatting/extensions/sql/string.rb
 lib/ronin/sql/extensions.rb
-lib/ronin/sql/extensions/string.rb
 lib/ronin/sql/extensions/uri.rb
 lib/ronin/sql/extensions/uri/http.rb
 lib/ronin/sql/error.rb
+lib/ronin/sql/error/extensions.rb
+lib/ronin/sql/error/extensions/string.rb
 lib/ronin/sql/error/message.rb
 lib/ronin/sql/error/pattern.rb
 lib/ronin/sql/error/error.rb
@@ -97,5 +101,6 @@ spec/code/sql/select_spec.rb
 spec/code/sql/update_spec.rb
 spec/code/sql/replace_spec.rb
 spec/code/sql/delete_spec.rb
+spec/code/sql/common_dialect_spec.rb
 spec/sql/error_spec.rb
-spec/sql/extensions/string_spec.rb
+spec/sql/extensions/uri/http_spec.rb

data/README.txt

@@ -45,12 +45,15 @@ of Ronin.
 
 == REQUIREMENTS:
 
-* ronin >= 0.1.2
-* ronin-web >= 0.1.0
+* {ronin}[http://ronin.rubyforge.org/] >= 0.1.2
+* {ronin-web}[http://ronin.rubyforge.org/web/] >= 0.1.0
 
 == INSTALL:
 
-  $ sudo gem install ronin-sql
+  $ sudo gem install --no-rdoc ronin-sql
+
+* Due to a bug in RDoc ronin-sql must be installed with RDoc documentation
+  disabled.
 
 == EXAMPLES:
 

data/Rakefile

@@ -2,16 +2,16 @@
 
 require 'rubygems'
 require 'hoe'
+require 'hoe/signing'
 require './tasks/spec.rb'
-require './lib/ronin/sql/version.rb'
 
-Hoe.new('ronin-sql', Ronin::SQL::VERSION) do |p|
-  p.rubyforge_name = 'ronin'
-  p.developer('Postmodern','postmodern.mod3@gmail.com')
-  p.remote_rdoc_dir = 'docs/ronin-sql'
-  p.extra_deps = [
-    ['ronin', '>=0.1.4'],
-    ['ronin-web', '>=0.1.0']
+Hoe.spec('ronin-sql') do
+  self.rubyforge_name = 'ronin'
+  self.developer('Postmodern','postmodern.mod3@gmail.com')
+  self.remote_rdoc_dir = 'docs/ronin-sql'
+  self.extra_deps = [
+    ['ronin', '>=0.2.4'],
+    ['ronin-web', '>=0.1.3']
   ]
 end
 

data/lib/ronin/code/sql/alter_table.rb

@@ -33,15 +33,15 @@ module Ronin
         clause :rename_to, RenameToClause
         clause :add_column, AddColumnClause
 
-        def initialize(options={},&block)
-          @table = options[:table]
+        def initialize(dialect,table=nil,options={},&block)
+          @table = table
 
-          super(options,&block)
+          super(dialect,options,&block)
         end
 
-        def table(name)
-          @table = name
-          return self
+        def table(name=nil)
+          @table = name if name
+          return @table
         end
 
         def emit

data/lib/ronin/code/sql/common_dialect.rb

@@ -50,7 +50,7 @@ module Ronin
 
         aggregators :avg, :count, :group_concat, :min, :max, :sum, :total
 
-        statement :create_type, CreateTable
+        statement :create_table, CreateTable
         statement :create_index, CreateIndex
         statement :create_view, CreateView
         statement :alter_table, AlterTable

data/lib/ronin/code/sql/create.rb

@@ -40,16 +40,24 @@ module Ronin
           super(dialect,options,&block)
         end
 
-        def temp
+        def temp!
           @temp = true
           return self
         end
 
-        def if_not_exists
+        def temp?
+          @temp == true
+        end
+
+        def if_not_exists!
           @if_not_exists = true
           return self
         end
 
+        def if_not_exists?
+          @if_not_exists == true
+        end
+
         def emit
           tokens = emit_token('CREATE')
           tokens += emit_token('TEMP') if @temp

data/lib/ronin/code/sql/create_index.rb

@@ -35,9 +35,9 @@ module Ronin
           super(dialect,'INDEX',index,options,&block)
         end
 
-        def index(name)
-          @name = name
-          return self
+        def index(name=nil)
+          @name = name if name
+          return @name
         end
 
       end

data/lib/ronin/code/sql/create_table.rb

@@ -35,9 +35,9 @@ module Ronin
           super(dialect,'TABLE',table,options,&block)
         end
 
-        def table(name)
-          @name = name
-          return self
+        def table(name=nil)
+          @name = name if name
+          return @name
         end
 
       end

data/lib/ronin/code/sql/create_view.rb

@@ -32,9 +32,9 @@ module Ronin
           super(dialect,'VIEW',view,options,&block)
         end
 
-        def view(name)
-          @name = name
-          return self
+        def view(name=nil)
+          @name = name if name
+          return @name
         end
 
       end

data/lib/ronin/code/sql/delete.rb

@@ -33,12 +33,17 @@ module Ronin
         clause :from, FromClause
         clause :where, WhereClause
 
-        def initialize(dialect,options={},&block)
-          @table = options[:table]
+        def initialize(dialect,table=nil,options={},&block)
+          @table = table
 
           super(dialect,options,&block)
         end
 
+        def table(name=nil)
+          @table = name if name
+          return @table
+        end
+
         def emit
           emit_token('DELETE FROM') + emit_value(@table)
         end

data/lib/ronin/code/sql/dialect.rb

@@ -212,7 +212,9 @@ module Ronin
           type_name = name.upcase
           supports_length = options[:length]
 
-          class_def(name) do |length|
+          class_def(name) do |*arguments|
+            length = arguments.first
+
             if (supports_length && length)
               Token.new("#{type_name}(#{length})")
             else

data/lib/ronin/code/sql/drop_index.rb

@@ -32,9 +32,9 @@ module Ronin
           super(dialect,'INDEX',index,options,&block)
         end
 
-        def index(name)
-          @name = name
-          return self
+        def index(name=nil)
+          @name = name if name
+          return @name
         end
 
       end

data/lib/ronin/code/sql/drop_table.rb

@@ -32,9 +32,9 @@ module Ronin
           super(dialect,'TABLE',table,options,&block)
         end
 
-        def table(name)
-          @name = name
-          return self
+        def table(name=nil)
+          @name = name if name
+          return @name
         end
 
       end

data/lib/ronin/code/sql/drop_view.rb

@@ -32,9 +32,9 @@ module Ronin
           super(dialect,'VIEW',view,options,&block)
         end
 
-        def view(name)
-          @name = name
-          return self
+        def view(name=nil)
+          @name = name if name
+          return @name
         end
 
       end

data/lib/ronin/code/sql/insert.rb

@@ -35,15 +35,15 @@ module Ronin
         clause :default_values, DefaultValuesClause
         clause :values, ValuesClause
 
-        def initialize(dialect,options={},&block)
-          @table = options[:table]
+        def initialize(dialect,table=nil,options={},&block)
+          @table = table
 
           super(dialect,options,&block)
         end
 
-        def table(name)
-          @table = name
-          return value
+        def table(name=nil)
+          @table = name if name
+          return @table
         end
 
         def emit

data/lib/ronin/code/sql/program.rb

@@ -23,7 +23,8 @@
 
 require 'ronin/code/sql/dialect'
 require 'ronin/code/sql/common_dialect'
-require 'ronin/chars/char_set'
+
+require 'chars/char_set'
 
 module Ronin
   module Code

data/lib/ronin/code/sql/select.rb

@@ -52,11 +52,16 @@ module Ronin
         clause :union_all, UnionAllClause
 
         def initialize(dialect,options={},&block)
-          @distinct_rows = options[:distinct_rows]
-          @all_rows = options[:all_rows]
-
           super(dialect,options)
 
+          if options[:distinct_rows]
+            self.distinct_rows!
+          end
+
+          if options[:all_rows]
+            self.all_rows!
+          end
+
           unless options[:fields]
             fields(all)
           end
@@ -64,16 +69,24 @@ module Ronin
           instance_eval(&block) if block
         end
 
-        def all_rows
+        def all_rows!
           @all_rows = true
           return self
         end
 
-        def distinct_rows
+        def all_rows?
+          @all_rows == true
+        end
+
+        def distinct_rows!
           @distinct_rows = true
           return self
         end
 
+        def distinct_rows?
+          @distinct_rows == true
+        end
+
         def emit
           tokens = emit_token('SELECT')
 

data/lib/ronin/code/sql/update.rb

@@ -39,9 +39,9 @@ module Ronin
           super(dialect,options,&block)
         end
 
-        def table(value)
-          @table = value
-          return self
+        def table(name=nil)
+          @table = name if name
+          return @table
         end
 
         def emit

data/lib/ronin/formatting/extensions/sql/string.rb

@@ -0,0 +1,69 @@
+#
+#--
+# Ronin SQL - A Ronin library providing support for SQL related security
+# tasks.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+class String
+
+  #
+  # Returns the SQL hex-string encoded form of the String.
+  #
+  #   "/etc/passwd".sql_encode
+  #   # => "0x2f6574632f706173737764"
+  #
+  def sql_encode
+    return '' if empty?
+
+    hex_string = '0x'
+
+    each_byte do |b|
+      hex_string << ('%.2x' % b)
+    end
+
+    return hex_string
+  end
+
+  #
+  # Returns the SQL decoded form of the String.
+  #
+  #   "'Conan O''Brian'".sql_decode
+  #   # => "Conan O'Brian"
+  #
+  #  "0x2f6574632f706173737764".sql_decode
+  #  # => "/etc/passwd"
+  #
+  def sql_decode
+    if ((self[0...2] == '0x') && (length % 2 == 0))
+      raw = ''
+
+      self[2..-1].scan(/[0-9a-fA-F]{2}/).each do |hex_char|
+        raw << hex_char.hex.chr
+      end
+
+      return raw
+    elsif (self[0..0] == "'" && self[-1..-1] == "'")
+      self[1..-2].gsub(/\\'/,"'").gsub(/''/,"'")
+    else
+      return self
+    end
+  end
+
+end

data/lib/ronin/formatting/extensions/sql.rb

@@ -0,0 +1,24 @@
+#
+#--
+# Ronin SQL - A Ronin library providing support for SQL related security
+# tasks.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/formatting/extensions/sql/string'

data/lib/ronin/formatting/sql.rb

@@ -0,0 +1,24 @@
+#
+#--
+# Ronin SQL - A Ronin library providing support for SQL related security
+# tasks.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/formatting/extensions/sql'

data/lib/ronin/sql/{extensions → error/extensions}/string.rb

@@ -62,11 +62,11 @@ class String
   #
   def sql_error?(options={})
     if options[:dialect]
-      patterns = Error.patterns_for_dialect(options[:dialect])
+      patterns = Ronin::SQL::Error.patterns_for_dialect(options[:dialect])
     elsif options[:types]
-      patterns = Error.patterns_for(*options[:types])
+      patterns = Ronin::SQL::Error.patterns_for(*options[:types])
     else
-      patterns = Error.patterns.values
+      patterns = Ronin::SQL::Error.patterns.values
     end
 
     patterns.each do |pattern|
@@ -76,47 +76,4 @@ class String
     return false
   end
 
-  #
-  # Returns the SQL hex-string encoded form of the String.
-  #
-  #   "/etc/passwd".sql_encode
-  #   # => "0x2f6574632f706173737764"
-  #
-  def sql_encode
-    return '' if empty?
-
-    hex_string = '0x'
-
-    each_byte do |b|
-      hex_string << ('%.2x' % b)
-    end
-
-    return hex_string
-  end
-
-  #
-  # Returns the SQL decoded form of the String.
-  #
-  #   "'Conan O''Brian'".sql_decode
-  #   # => "Conan O'Brian"
-  #
-  #  "0x2f6574632f706173737764".sql_decode
-  #  # => "/etc/passwd"
-  #
-  def sql_decode
-    if ((self[0...2] == '0x') && (length % 2 == 0))
-      raw = ''
-
-      self[2..-1].scan(/[0-9a-fA-F]{2}/).each do |hex_char|
-        raw << hex_char.hex.chr
-      end
-
-      return raw
-    elsif (self[0..0] == "'" && self[-1..-1] == "'")
-      self[1..-2].gsub(/\\'/,"'").gsub(/''/,"'")
-    else
-      return self
-    end
-  end
-
 end

data/lib/ronin/sql/error/extensions.rb

@@ -0,0 +1,24 @@
+#
+#--
+# Ronin SQL - A Ronin library providing support for SQL related security
+# tasks.
+#
+# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/sql/error/extensions/string'

data/lib/ronin/sql/error/patterns.rb

@@ -28,6 +28,7 @@ module Ronin
     module Error
       Error.pattern :ms_sql do |p|
         p.dialect = :ms
+        p.recognize /Microsoft SQL Native Client/
         p.recognize /Microsoft OLE DB Provider for SQL Server/
         p.recognize /Microsoft OLE DB Provider for ODBC Drivers.*\[Microsoft\]\[ODBC SQL Server Driver\]/
       end

data/lib/ronin/sql/error.rb

@@ -25,3 +25,4 @@ require 'ronin/sql/error/message'
 require 'ronin/sql/error/pattern'
 require 'ronin/sql/error/error'
 require 'ronin/sql/error/patterns'
+require 'ronin/sql/error/extensions'

data/lib/ronin/sql/extensions/uri/http.rb

@@ -22,12 +22,14 @@
 #
 
 require 'ronin/sql/injection'
+require 'ronin/scanners/scanner'
 require 'ronin/extensions/uri/http'
-require 'ronin/chars'
 
 module URI
   class HTTP < Generic
 
+    include Ronin::Scanners::Scanner
+
     #
     # Tests the +query_params+ of the HTTP URL with the given _options_ for
     # SQL errors.
@@ -39,9 +41,9 @@ module URI
       errors = {}
 
       return each_query_param do |param,value|
-        error = SQL::Injection.new(self,param).error(options)
+        mesg = Ronin::SQL::Injection.new(self,param).error(options)
 
-        errors[param] = error if error
+        errors[param] = mesg if mesg
       end
 
       return errors
@@ -66,10 +68,8 @@ module URI
     # Tests the +query_params+ of the HTTP URL with the given _options_ for
     # blind SQL injections.
     #
-    def sql_injections(options={})
-      injectable = []
-
-      each_query_param do |param,value|
+    scanner(:sqli) do |url,results,options|
+      url.each_query_param do |param,value|
         integer_tests = [
           {:escape => value},
           {:escape => value, :close_parenthesis => true}
@@ -80,7 +80,7 @@ module URI
           {:escape => value, :close_string => true, :close_parenthesis => true}
         ]
 
-        if (value && Chars.numeric =~ value)
+        if (value && value =~ /^[0-9]+$/)
           # if the param value is numeric, we should try escaping a
           # numeric value first.
           tests = integer_tests + string_tests
@@ -91,34 +91,19 @@ module URI
         end
 
         tests.each do |test|
-          inj = Ronin::SQL::Injection.new(self,param,options.merge(test))
+          inj = Ronin::SQL::Injection.new(url,param,options.merge(test))
 
           if inj.vulnerable?(options)
-            injectable << inj
+            results.call(inj)
             break
           end
         end
       end
-
-      return injectable
-    end
-
-    #
-    # Returns the first vulnerable SQL injection object found in the
-    # HTTP URL.
-    #
-    def sql_injection(options={})
-      sql_injections(options).first
     end
 
-    #
-    # Returns +true+ if any of the +query_params+ of the HTTP URL are
-    # vulnerable to blind SQL injection using the given _options_, returns
-    # +false+ otherwise.
-    #
-    def has_sql_injections?(options={})
-      !(sql_injections(options).empty?)
-    end
+    alias sql_injections sqli_scan
+    alias sql_injection first_sqli
+    alias has_sql_injections? has_sqli?
 
   end
 end

data/lib/ronin/sql/extensions.rb

@@ -21,5 +21,4 @@
 #++
 #
 
-require 'ronin/sql/extensions/string'
 require 'ronin/sql/extensions/uri'

data/lib/ronin/sql/injection.rb

@@ -28,12 +28,14 @@ require 'ronin/extensions/uri'
 require 'ronin/web/extensions/nokogiri'
 require 'ronin/web/spider'
 
+require 'parameters'
 require 'nokogiri'
 
 module Ronin
   module SQL
     class Injection
 
+      include Parameters
       include Sessions::HTTP
 
       # The URL to inject upon

data/lib/ronin/sql/version.rb

@@ -24,6 +24,6 @@
 module Ronin
   module SQL
     # Ronin SQL version
-    VERSION = '0.2.2'
+    VERSION = '0.2.3'
   end
 end

data/lib/ronin/sql.rb

@@ -21,7 +21,6 @@
 #++
 #
 
-require 'ronin/code/sql'
 require 'ronin/sql/extensions'
 require 'ronin/sql/error'
 require 'ronin/sql/injection'

data/spec/code/sql/common_dialect_spec.rb

@@ -0,0 +1,205 @@
+require 'ronin/code/sql/common_dialect'
+
+require 'spec_helper'
+
+describe Code::SQL::CommonDialect do
+  before(:all) do
+    @dialect = Code::SQL::CommonDialect.new
+  end
+
+  it "should provide the 'yes' primitive" do
+    token = @dialect.yes
+
+    token.class.should == Code::SQL::Token
+    token.to_s.should == 'yes'
+  end
+
+  it "should provide the 'no' primitive" do
+    token = @dialect.no
+
+    token.class.should == Code::SQL::Token
+    token.to_s.should == 'no'
+  end
+
+  it "should provide the 'on' primitive" do
+    token = @dialect.on
+
+    token.class.should == Code::SQL::Token
+    token.to_s.should == 'on'
+  end
+
+  it "should provide the 'off' primitive" do
+    token = @dialect.off
+
+    token.class.should == Code::SQL::Token
+    token.to_s.should == 'off'
+  end
+
+  it "should provide the 'null' primitive" do
+    token = @dialect.null
+
+    token.class.should == Code::SQL::Token
+    token.to_s.should == 'null'
+  end
+
+  it "should provide the 'int' data-type" do
+    token = @dialect.int
+
+    token.class.should == Code::SQL::Token
+    token.to_s.should == 'INT'
+  end
+
+  it "should provide the 'varchar' data-type" do
+    token = @dialect.varchar
+
+    token.class.should == Code::SQL::Token
+    token.to_s.should == 'VARCHAR'
+  end
+
+  it "should provide the 'varchar' data-type with specific length" do
+    token = @dialect.varchar(15)
+
+    token.class.should == Code::SQL::Token
+    token.to_s.should == 'VARCHAR(15)'
+  end
+
+  it "should provide the 'text' data-type" do
+    token = @dialect.text
+
+    token.class.should == Code::SQL::Token
+    token.to_s.should == 'TEXT'
+  end
+
+  it "should provide the 'record' data-type" do
+    token = @dialect.record
+
+    token.class.should == Code::SQL::Token
+    token.to_s.should == 'RECORD'
+  end
+
+  it "should provide the 'avg' function" do
+    func = @dialect.avg(:salary)
+
+    func.name.should == :avg
+    func.fields.should == [:salary]
+  end
+
+  it "should provide the 'count' function" do
+    func = @dialect.count(:id)
+
+    func.name.should == :count
+    func.fields.should == [:id]
+  end
+
+  it "should provide the 'group_concat' function" do
+    func = @dialect.group_concat(:id)
+
+    func.name.should == :group_concat
+    func.fields.should == [:id]
+  end
+
+  it "should provide the 'min' function" do
+    func = @dialect.min(:salary)
+
+    func.name.should == :min
+    func.fields.should == [:salary]
+  end
+
+  it "should provide the 'max' function" do
+    func = @dialect.max(:salary)
+
+    func.name.should == :max
+    func.fields.should == [:salary]
+  end
+
+  it "should provide the 'sum' function" do
+    func = @dialect.sum(:salary)
+
+    func.name.should == :sum
+    func.fields.should == [:salary]
+  end
+
+  it "should provide the 'total' function" do
+    func = @dialect.total(:salary)
+
+    func.name.should == :total
+    func.fields.should == [:salary]
+  end
+
+  it "should provide the 'create table' statement" do
+    stmt = @dialect.create_table(:users)
+
+    stmt.class.should == Code::SQL::CreateTable
+    stmt.table.should == :users
+  end
+
+  it "should provide the 'create index' statement" do
+    stmt = @dialect.create_index(:users_index)
+
+    stmt.class.should == Code::SQL::CreateIndex
+    stmt.index.should == :users_index
+  end
+
+  it "should provide the 'create view' statement" do
+    stmt = @dialect.create_view(:users_view)
+
+    stmt.class.should == Code::SQL::CreateView
+    stmt.view.should == :users_view
+  end
+
+  it "should provide the 'alter table' statement" do
+    stmt = @dialect.alter_table(:users)
+
+    stmt.class.should == Code::SQL::AlterTable
+    stmt.table.should == :users
+  end
+
+  it "should provide the 'insert' statement" do
+    stmt = @dialect.insert(:users)
+
+    stmt.class.should == Code::SQL::Insert
+    stmt.table.should == :users
+  end
+
+  it "should provide the 'select' statement" do
+    stmt = @dialect.select(:from => :users)
+
+    stmt.class.should == Code::SQL::Select
+    stmt.from.table.should == :users
+  end
+
+  it "should provide the 'update' statement" do
+    stmt = @dialect.update(:users)
+
+    stmt.class.should == Code::SQL::Update
+    stmt.table.should == :users
+  end
+
+  it "should provide the 'delete' statement" do
+    stmt = @dialect.delete(:users)
+
+    stmt.class.should == Code::SQL::Delete
+    stmt.table.should == :users
+  end
+
+  it "should provide the 'drop table' statement" do
+    stmt = @dialect.drop_table(:users)
+
+    stmt.class.should == Code::SQL::DropTable
+    stmt.table.should == :users
+  end
+
+  it "should provide the 'drop index' statement" do
+    stmt = @dialect.drop_index(:users_index)
+
+    stmt.class.should == Code::SQL::DropIndex
+    stmt.index.should == :users_index
+  end
+
+  it "should provide the 'drop view' statement" do
+    stmt = @dialect.drop_view(:users_view)
+
+    stmt.class.should == Code::SQL::DropView
+    stmt.view.should == :users_view
+  end
+end

data/spec/code/sql/create_examples.rb

@@ -8,12 +8,12 @@ shared_examples_for "Create" do
   it_should_behave_like "has a fields clause"
 
   it "should have a temp option" do
-    @sql.temp
-    @sql.instance_variable_get('@temp').should == true
+    @sql.temp!
+    @sql.should be_temp
   end
 
   it "should have a if_not_exists option" do
-    @sql.if_not_exists
-    @sql.instance_variable_get('@if_not_exists').should == true
+    @sql.if_not_exists!
+    @sql.should be_if_not_exists
   end
 end

data/spec/code/sql/select_spec.rb

@@ -94,12 +94,12 @@ describe Select do
   end
 
   it "should have an all rows option" do
-    @sql.all_rows
-    @sql.instance_variable_get('@all_rows').should == true
+    @sql.all_rows!
+    @sql.should be_all_rows
   end
 
   it "should have an distinct rows option" do
-    @sql.distinct_rows
-    @sql.instance_variable_get('@distinct_rows').should == true
+    @sql.distinct_rows!
+    @sql.should be_distinct_rows
   end
 end

data/spec/spec_helper.rb

@@ -1,5 +1,7 @@
 require 'rubygems'
-gem 'rspec', '>=1.1.3'
+gem 'rspec', '>=1.1.12'
 require 'spec'
 
+require 'ronin/sql/version'
+
 include Ronin

data/spec/sql/extensions/uri/http_spec.rb

@@ -0,0 +1,34 @@
+require 'ronin/sql/extensions/uri/http'
+
+require 'spec_helper'
+
+describe URI::HTTP do
+  before(:all) do
+    @url = URI('http://testasp.acunetix.com/showthread.asp?id=2')
+  end
+
+  it "should determine which query params have SQL errors" do
+    @url.sql_errors.should == {'id' => '2'}
+  end
+
+  it "should find all SQL injections" do
+    injections = @url.sql_injections
+    injection = injections.first
+
+    injections.length.should == 1
+
+    injection.param.should == 'id'
+    injection.sql_options[:escape].should == '2'
+  end
+
+  it "should find the first working SQL injection" do
+    injection = @url.sql_injection
+
+    injection.param.should == 'id'
+    injection.sql_options[:escape].should == '2'
+  end
+
+  it "should determine if a URL is vulnerable to SQL injection" do
+    @url.has_sql_injections?.should == true
+  end
+end

data.tar.gz.sig

@@ -0,0 +1 @@
+Ȩ�f�^U��78�pF��Xg��lȘ&��"�[���"�����h���t�5oa~@x���Q�F�l�x��&�ͻó*��5>�Y�_:䭕����p��o�0xe4�U����(�d��T����4й��� �a�ɱ��Kd�1�D�k\0�^��c� �W�"��:`��^e�,�ی���c[�����*W)��8l|���J��E-,�Kt�n__W5��c���s�����u@	�M)���1c�#6��`��

metadata

@@ -1,15 +1,36 @@
 --- !ruby/object:Gem::Specification 
 name: ronin-sql
 version: !ruby/object:Gem::Version 
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors: 
 - Postmodern
 autorequire: 
 bindir: bin
-cert_chain: []
+cert_chain: 
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDQDCCAiigAwIBAgIBADANBgkqhkiG9w0BAQUFADBGMRgwFgYDVQQDDA9wb3N0
+  bW9kZXJuLm1vZDMxFTATBgoJkiaJk/IsZAEZFgVnbWFpbDETMBEGCgmSJomT8ixk
+  ARkWA2NvbTAeFw0wOTA2MDMwNDU5MDNaFw0xMDA2MDMwNDU5MDNaMEYxGDAWBgNV
+  BAMMD3Bvc3Rtb2Rlcm4ubW9kMzEVMBMGCgmSJomT8ixkARkWBWdtYWlsMRMwEQYK
+  CZImiZPyLGQBGRYDY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+  1wvANkTDHFgVih5XLjuTwTZjgBq1lBGybXJiH6Id1lY2JOMqM5FB1DDHVvvij94i
+  mJabN0zkzu6VKWC70y0IwOxY7CPokr0eFdK/D0y7mCq1P8QITv76i2YqAl0eYqIt
+  W+IhIkANQ7E6uMZIZcdnfadC6lPAtlKkqtd9crvRbFgr6e3kyflmohbRnTEJHoRd
+  7SHHsybE6DSn7oTDs6XBTNrNIn5VfZA0z01eeos/+zBm1zKJOK2+/7xtLLDuDU9G
+  +Rd+ltUBbvxUrMNZmDG29pnmN2xTRH+Q8HxD2AxlvM5SRpK6OeZaHV7PaCCAVZ4L
+  T9BFl1sfMvRlABeGEkSyuQIDAQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE
+  sDAdBgNVHQ4EFgQUKwsd+PqEYmBvyaTyoL+uRuk+PhEwDQYJKoZIhvcNAQEFBQAD
+  ggEBAB4TvHsrlbcXcKg6gX5BIb9tI+zGkpzo0Z7jnxMEcNO7NGGwmzafDBI/xZYv
+  xkRH3/HXbGGYDOi6Q6gWt5GujSx0bOImDtYTJTH8jnzN92HzEK5WdScm1QpZKF1e
+  cezArMbxbSPaosxTCtG6LQTkE28lFQsmFZ5xzouugS4h5+LVJiVMmiP+l3EfkjFa
+  GOURU+rNEMPWo8MCWivGW7jes6BMzWHcW7DQ0scNVmIcCIgdyMmpscuAEOSeghy9
+  /fFs57Ey2OXBL55nDOyvN/ZQ2Vab05UH4t+GCxjAPeirzL/29FBtePT6VD44c38j
+  pDj+ws7QjtH/Qcrr1l9jfN0ehDs=
+  -----END CERTIFICATE-----
 
-date: 2009-01-22 00:00:00 -08:00
+date: 2009-07-08 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -20,7 +41,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 0.1.4
+        version: 0.2.4
     version: 
 - !ruby/object:Gem::Dependency 
   name: ronin-web
@@ -30,7 +51,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 0.1.0
+        version: 0.1.3
     version: 
 - !ruby/object:Gem::Dependency 
   name: hoe
@@ -40,9 +61,15 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.8.3
+        version: 2.3.2
     version: 
-description: Ronin SQL is a Ruby library for Ronin that provids support for SQL related security tasks.  Ronin is a Ruby platform designed for information security and data exploration tasks. Ronin allows for the rapid development and distribution of code over many of the common Source-Code-Management (SCM) systems.
+description: |-
+  Ronin SQL is a Ruby library for Ronin that provids support for SQL related
+  security tasks.
+  
+  Ronin is a Ruby platform designed for information security and data
+  exploration tasks. Ronin allows for the rapid development and distribution
+  of code over many of the common Source-Code-Management (SCM) systems.
 email: 
 - postmodern.mod3@gmail.com
 executables: []
@@ -119,11 +146,15 @@ files:
 - lib/ronin/code/sql/update.rb
 - lib/ronin/code/sql/values_clause.rb
 - lib/ronin/code/sql/where_clause.rb
+- lib/ronin/formatting/sql.rb
+- lib/ronin/formatting/extensions/sql.rb
+- lib/ronin/formatting/extensions/sql/string.rb
 - lib/ronin/sql/extensions.rb
-- lib/ronin/sql/extensions/string.rb
 - lib/ronin/sql/extensions/uri.rb
 - lib/ronin/sql/extensions/uri/http.rb
 - lib/ronin/sql/error.rb
+- lib/ronin/sql/error/extensions.rb
+- lib/ronin/sql/error/extensions/string.rb
 - lib/ronin/sql/error/message.rb
 - lib/ronin/sql/error/pattern.rb
 - lib/ronin/sql/error/error.rb
@@ -153,10 +184,13 @@ files:
 - spec/code/sql/update_spec.rb
 - spec/code/sql/replace_spec.rb
 - spec/code/sql/delete_spec.rb
+- spec/code/sql/common_dialect_spec.rb
 - spec/sql/error_spec.rb
-- spec/sql/extensions/string_spec.rb
+- spec/sql/extensions/uri/http_spec.rb
 has_rdoc: true
 homepage: http://ronin.rubyforge.org/sql/
+licenses: []
+
 post_install_message: 
 rdoc_options: 
 - --main
@@ -178,9 +212,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: ronin
-rubygems_version: 1.3.1
+rubygems_version: 1.3.4
 signing_key: 
-specification_version: 2
+specification_version: 3
 summary: Ronin SQL is a Ruby library for Ronin that provids support for SQL related security tasks
 test_files: []
 

metadata.gz.sig

@@ -0,0 +1,4 @@
+�Z���d�L�u�dT�H�1�QP�A��U���]��E�w߸K��&a�t����AL��@�{�`����v�~�”Y{`	���$9i��\$�C�S�'������O�/�۔ka�e�\U3��&O�E��p�X���L�a_�����Q��>�l*=��������
��E����c��`�T/$���1�:
+OB&��S*���_T>�.�
+�&���eX����v�k����2KC�6'_��e�
+��

data/spec/sql/extensions/string_spec.rb

@@ -1,28 +0,0 @@
-require 'ronin/sql/extensions/string'
-
-require 'spec_helper'
-
-describe String do
-  describe "SQL-hex encoding" do
-    it "should be able to be SQL-hex encoded" do
-      '/etc/passwd'.sql_encode.should == '0x2f6574632f706173737764'
-    end
-
-    it "should return an empty String if empty" do
-      ''.sql_encode.should == ''
-    end
-  end
-
-  describe "SQL-hex decoding" do
-    it "should be able to be SQL-hex decoded" do
-      encoded = '/etc/passwd'.sql_encode
-
-      encoded.should == '0x2f6574632f706173737764'
-      encoded.sql_decode.should == '/etc/passwd'
-    end
-
-    it "should be able to decode SQL comma-escaping" do
-      "'Conan O''Brian'".sql_decode.should == "Conan O'Brian"
-    end
-  end
-end