ronin-sql 0.2.4 → 1.0.0

data/lib/ronin/code/sql/injection.rb

@@ -1,203 +0,0 @@
-#
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#
-
-require 'ronin/code/sql/program'
-require 'ronin/code/sql/injected_statement'
-require 'ronin/formatting/text'
-
-module Ronin
-  module Code
-    module SQL
-      class Injection < Program
-
-        # Comment-Obfustication
-        attr_accessor :comment_evasion
-
-        # Swapcase-Obfusciation
-        attr_accessor :case_evasion
-
-        # Data to escape a previous expression with
-        attr_accessor :escape
-
-        # Specifies whether or not to close an open string
-        attr_accessor :close_string
-
-        # Specifies whether or not to close an open parenthesis
-        attr_accessor :close_parens
-
-        # Specifies whether or not to end a previous statement
-        attr_accessor :end_statement
-
-        def initialize(options={},&block)
-          if options.has_key?(:comment_evasion)
-            @comment_evasion = options[:comment_evasion]
-          else
-            @comment_evasion = false
-          end
-
-          if options.has_key?(:case_evasion)
-            @case_evasion = options[:case_evasion]
-          else
-            @case_evasion = false
-          end
-
-          @escape = options[:escape]
-
-          if options.has_key?(:close_string)
-            @close_string = options[:close_string]
-          else
-            @close_string = false
-          end
-
-          if options.has_key?(:close_parens)
-            @close_parens = options[:close_parens]
-          else
-            @close_parens = false
-          end
-
-          if options.has_key?(:end_statement)
-            @end_statement = options[:end_statement]
-          else
-            @end_statement = false
-          end
-
-          super(options) do
-            @expression = InjectedStatement.new(@dialect)
-          end
-
-          instance_eval(&block) if block
-        end
-
-        #
-        # Returns the expression that will be injected into the effected 
-        # statement. If a _block_ is given, it will be evaluated within
-        # the expression.
-        #
-        def expression(&block)
-          @expression.instance_eval(&block) if block
-          return @expression
-        end
-
-        def sql(&block)
-          @dialect.instance_eval(&block) if block
-        end
-
-        def compile
-          injection = super.rstrip
-
-          comment = lambda { [injection, '--'].join(space_token) }
-
-          if (@close_parens && @close_string)
-            if injection =~ /'\s*\)$/
-              return injection.gsub(/'\s*\)$/,'')
-            else
-              return comment.call
-            end
-          end
-
-          if @close_string
-            if injection[-1..-1] == "'"
-              return injection.chop
-            else
-              return comment.call
-            end
-          end
-
-          return injection
-        end
-
-        alias to_s compile
-
-        protected
-
-        def space_token
-          if @comment_evasion
-            return '/**/'
-          else
-            return super
-          end
-        end
-
-        def format_token(token)
-          token = super(token)
-
-          if @case_evasion
-            token = token.random_case
-          end
-
-          return token
-        end
-
-        def each_string(&block)
-          escape_value = ''
-
-          if @close_string
-            # format the escape string, since we are escaping out of a
-            # string
-            escape_value << format(@escape) if @escape
-          else
-            # do not format the escape string when we are not escaping
-            # out of a string
-            escape_value << @escape.to_s if @escape
-          end
-
-          if @close_string
-            if escape_value[0..0] == "'"
-              escape_value = escape_value[1..-1]
-            else
-              escape_value << "'"
-            end
-          end
-           
-          escape_value << ')' if @close_parens
-
-          block.call(escape_value) unless escape_value.empty?
-
-          return super(&block)
-        end
-
-        def each_token(&block)
-          if @expression
-            @expression.emit.each(&block)
-
-            block.call(Token.separator)
-          elsif @end_statement
-            block.call(Token.separator)
-          end
-
-          return super(&block)
-        end
-
-        #
-        # Relays missed method calls to the injected expression.
-        #
-        def method_missing(name,*arguments,&block)
-          if @expression.public_methods(false).include?(name.to_s)
-            return @expression.send(name,*arguments,&block)
-          end
-
-          return super(name,*arguments,&block)
-        end
-
-      end
-    end
-  end
-end

data/lib/ronin/code/sql/insert.rb

@@ -1,54 +0,0 @@
-#
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#
-
-require 'ronin/code/sql/statement'
-require 'ronin/code/sql/fields_clause'
-require 'ronin/code/sql/values_clause'
-require 'ronin/code/sql/default_values_clause'
-
-module Ronin
-  module Code
-    module SQL
-      class Insert < Statement
-
-        clause :fields, FieldsClause
-        clause :default_values, DefaultValuesClause
-        clause :values, ValuesClause
-
-        def initialize(dialect,table=nil,options={},&block)
-          @table = table
-
-          super(dialect,options,&block)
-        end
-
-        def table(name=nil)
-          @table = name if name
-          return @table
-        end
-
-        def emit
-          emit_token('INSERT INTO') + emit_value(@table) + super
-        end
-
-      end
-    end
-  end
-end

data/lib/ronin/code/sql/intersect_clause.rb

@@ -1,42 +0,0 @@
-#
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#
-
-require 'ronin/code/sql/clause'
-
-module Ronin
-  module Code
-    module SQL
-      class IntersectClause < Clause
-
-        attr_accessor :select
-
-        def initialize(select)
-          @select = select
-        end
-
-        def emit
-          emit_token('INTERSECT') + @select.emit
-        end
-
-      end
-    end
-  end
-end

data/lib/ronin/code/sql/join_clause.rb

@@ -1,123 +0,0 @@
-#
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#
-
-require 'ronin/code/sql/clause'
-
-module Ronin
-  module Code
-    module SQL
-      class JoinClause < Clause
-
-        # Table to join with
-        attr_accessor :table
-
-        # Whether the join is natural or not
-        attr_accessor :natural
-
-        # Direction of the join
-        attr_accessor :direction
-
-        # Side of the join
-        attr_accessor :side
-
-        def initialize(table,options={})
-          @table = table
-          @natural = options[:natural]
-
-          if options[:left]
-            @direction = :left
-          elsif options[:right]
-            @direction = :right
-          elsif options[:full]
-            @direction = :full
-          end
-
-          if options[:inner]
-            @side = :inner
-          elsif options[:outer]
-            @side = :outer
-          elsif options[:cross]
-            @side = :cross
-          end
-        end
-
-        def left
-          @direction = :left
-          return self
-        end
-
-        def right
-          @direction = :right
-          return self
-        end
-
-        def full
-          @direction = :full
-          return self
-        end
-
-        def inner
-          @side = :inner
-          return self
-        end
-
-        def outer
-          @side = :outer
-          return self
-        end
-
-        def cross
-          @side = :cross
-          return self
-        end
-
-        def emit
-          tokens = []
-
-          tokens += emit_token('NATURAL') if @natural
-
-          case @direction
-          when :left, 'left'
-            tokens += emit_token('LEFT')
-          when :right, 'right'
-            tokens += emit_token('RIGHT')
-          when :full, 'full'
-            tokens += emit_token('FULL')
-          end
-
-          case @side
-          when :inner, 'inner'
-            tokens += emit_token('INNER')
-          when :outer, 'outer'
-            tokens += emit_token('OUTER')
-          when :cross, 'cross'
-            tokens += emit_token('CROSS')
-          end
-
-          tokens += emit_token('JOIN')
-          
-          return tokens + emit_value(@table)
-        end
-
-      end
-    end
-  end
-end

data/lib/ronin/code/sql/like.rb

@@ -1,73 +0,0 @@
-#
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#
-
-require 'ronin/code/sql/expr'
-
-module Ronin
-  module Code
-    module SQL
-      class Like < Expr
-
-        # Operator
-        attr_reader :op
-
-        # Left-hand side
-        attr_reader :left
-
-        # Right-hand side
-        attr_reader :right
-
-        def initialize(op,left,right,escape=nil)
-          @op = op
-          @left = left
-          @right = right
-          @escape = escape
-          @negated = false
-        end
-
-        def escape(str)
-          @escape = str
-        end
-
-        def not!
-          @negated = true
-        end
-
-        def emit
-          tokens = emit_value(@left)
-
-          tokens += emit_token('NOT') if @negated
-
-          tokens += emit_token(@op)
-          tokens += emit_value(@right)
-
-          if @escape
-            tokens += emit_token('ESCAPE')
-            tokens << @escape.to_s[0..0]
-          end
-
-          return tokens
-        end
-
-      end
-    end
-  end
-end