RubyGems - ronin-sql - Versions diffs - 0.2.4 → 1.0.0 - Mend

ronin-sql 0.2.4 → 1.0.0

Files changed (154) hide show

data/.document +4 -0
data/.gitignore +11 -0
data/.rspec +1 -0
data/.yardopts +1 -0
data/COPYING.txt +623 -288
data/{History.txt → ChangeLog.md} +33 -35
data/Gemfile +25 -0
data/README.md +110 -0
data/Rakefile +30 -20
data/bin/ronin-sql +18 -5
data/gemspec.yml +16 -0
data/lib/ronin/formatting/extensions/sql.rb +4 -3
data/lib/ronin/formatting/extensions/sql/string.rb +83 -10
data/lib/ronin/formatting/sql.rb +4 -3
data/lib/ronin/sql.rb +5 -12
data/lib/ronin/{code/sql/create_index.rb → sql/binary_expr.rb} +25 -18
data/lib/ronin/sql/clause.rb +72 -0
data/lib/ronin/sql/clauses.rb +297 -0
data/lib/ronin/sql/emittable.rb +84 -0
data/lib/ronin/sql/emitter.rb +375 -0
data/lib/ronin/sql/field.rb +106 -0
data/lib/ronin/{code/sql/as.rb → sql/fields.rb} +36 -17
data/lib/ronin/{code/sql/binary_expr.rb → sql/function.rb} +27 -27
data/lib/ronin/sql/functions.rb +989 -0
data/lib/ronin/sql/injection.rb +125 -157
data/lib/ronin/{code/sql/default_values_clause.rb → sql/literal.rb} +13 -11
data/lib/ronin/sql/literals.rb +72 -0
data/lib/ronin/sql/operators.rb +332 -0
data/lib/ronin/sql/sql.rb +86 -0
data/lib/ronin/sql/statement.rb +70 -0
data/lib/ronin/sql/statement_list.rb +110 -0
data/lib/ronin/sql/statements.rb +115 -0
data/lib/ronin/{code/sql/desc.rb → sql/unary_expr.rb} +11 -11
data/lib/ronin/sql/version.rb +5 -4
data/ronin-sql.gemspec +61 -0
data/spec/formatting/sql/string_spec.rb +172 -0
data/spec/spec_helper.rb +1 -4
data/spec/sql/binary_expr.rb +5 -0
data/spec/sql/binary_expr_examples.rb +25 -0
data/spec/sql/clause_examples.rb +43 -0
data/spec/sql/clause_spec.rb +31 -0
data/spec/sql/clauses_spec.rb +43 -0
data/spec/sql/emittable_spec.rb +41 -0
data/spec/sql/emitter_spec.rb +472 -0
data/spec/sql/field_spec.rb +103 -0
data/spec/sql/fields_spec.rb +40 -0
data/spec/sql/function_examples.rb +30 -0
data/spec/sql/function_spec.rb +25 -0
data/spec/sql/functions_spec.rb +110 -0
data/spec/sql/injection_spec.rb +233 -0
data/spec/sql/literal_spec.rb +5 -0
data/spec/sql/literals_spec.rb +46 -0
data/spec/sql/operators_spec.rb +44 -0
data/spec/sql/sql_spec.rb +18 -0
data/spec/sql/statement_examples.rb +39 -0
data/spec/sql/statement_list_spec.rb +48 -0
data/spec/sql/statement_sql.rb +38 -0
data/spec/sql/statements_spec.rb +22 -0
data/spec/sql/unary_expr.rb +5 -0
data/spec/sql/unary_expr_examples.rb +20 -0
metadata +116 -217
data.tar.gz.sig +0 -0
data/Manifest.txt +0 -108
data/README.txt +0 -112
data/lib/ronin/code/sql.rb +0 -22
data/lib/ronin/code/sql/add_column_clause.rb +0 -42
data/lib/ronin/code/sql/alter_table.rb +0 -52
data/lib/ronin/code/sql/asc.rb +0 -36
data/lib/ronin/code/sql/between.rb +0 -66
data/lib/ronin/code/sql/clause.rb +0 -35
data/lib/ronin/code/sql/code.rb +0 -35
data/lib/ronin/code/sql/common_dialect.rb +0 -66
data/lib/ronin/code/sql/create.rb +0 -74
data/lib/ronin/code/sql/create_table.rb +0 -44
data/lib/ronin/code/sql/create_view.rb +0 -41
data/lib/ronin/code/sql/delete.rb +0 -52
data/lib/ronin/code/sql/dialect.rb +0 -282
data/lib/ronin/code/sql/drop.rb +0 -55
data/lib/ronin/code/sql/drop_index.rb +0 -41
data/lib/ronin/code/sql/drop_table.rb +0 -41
data/lib/ronin/code/sql/drop_view.rb +0 -41
data/lib/ronin/code/sql/emittable.rb +0 -100
data/lib/ronin/code/sql/exceptions.rb +0 -24
data/lib/ronin/code/sql/exceptions/unknown_clause.rb +0 -29
data/lib/ronin/code/sql/exceptions/unknown_dialect.rb +0 -29
data/lib/ronin/code/sql/exceptions/unknown_statement.rb +0 -29
data/lib/ronin/code/sql/expr.rb +0 -102
data/lib/ronin/code/sql/field.rb +0 -101
data/lib/ronin/code/sql/fields_clause.rb +0 -46
data/lib/ronin/code/sql/from_clause.rb +0 -42
data/lib/ronin/code/sql/function.rb +0 -53
data/lib/ronin/code/sql/group_by_clause.rb +0 -46
data/lib/ronin/code/sql/having_clause.rb +0 -46
data/lib/ronin/code/sql/in.rb +0 -47
data/lib/ronin/code/sql/injected_statement.rb +0 -100
data/lib/ronin/code/sql/injection.rb +0 -203
data/lib/ronin/code/sql/insert.rb +0 -54
data/lib/ronin/code/sql/intersect_clause.rb +0 -42
data/lib/ronin/code/sql/join_clause.rb +0 -123
data/lib/ronin/code/sql/like.rb +0 -73
data/lib/ronin/code/sql/limit_clause.rb +0 -42
data/lib/ronin/code/sql/modifier.rb +0 -48
data/lib/ronin/code/sql/offset_clause.rb +0 -42
data/lib/ronin/code/sql/on_clause.rb +0 -55
data/lib/ronin/code/sql/order_by_clause.rb +0 -42
data/lib/ronin/code/sql/program.rb +0 -225
data/lib/ronin/code/sql/rename_to_clause.rb +0 -42
data/lib/ronin/code/sql/replace.rb +0 -54
data/lib/ronin/code/sql/select.rb +0 -103
data/lib/ronin/code/sql/set_clause.rb +0 -42
data/lib/ronin/code/sql/statement.rb +0 -180
data/lib/ronin/code/sql/token.rb +0 -62
data/lib/ronin/code/sql/unary_expr.rb +0 -47
data/lib/ronin/code/sql/union_all_clause.rb +0 -42
data/lib/ronin/code/sql/union_clause.rb +0 -42
data/lib/ronin/code/sql/update.rb +0 -52
data/lib/ronin/code/sql/values_clause.rb +0 -46
data/lib/ronin/code/sql/where_clause.rb +0 -42
data/lib/ronin/sql/error.rb +0 -26
data/lib/ronin/sql/error/error.rb +0 -62
data/lib/ronin/sql/error/extensions.rb +0 -22
data/lib/ronin/sql/error/extensions/string.rb +0 -77
data/lib/ronin/sql/error/message.rb +0 -62
data/lib/ronin/sql/error/pattern.rb +0 -104
data/lib/ronin/sql/error/patterns.rb +0 -99
data/lib/ronin/sql/extensions.rb +0 -22
data/lib/ronin/sql/extensions/uri.rb +0 -22
data/lib/ronin/sql/extensions/uri/http.rb +0 -107
data/spec/code/sql/common_dialect_spec.rb +0 -205
data/spec/code/sql/create_examples.rb +0 -19
data/spec/code/sql/create_index_spec.rb +0 -25
data/spec/code/sql/create_table_spec.rb +0 -27
data/spec/code/sql/create_view_spec.rb +0 -16
data/spec/code/sql/delete_spec.rb +0 -14
data/spec/code/sql/drop_examples.rb +0 -10
data/spec/code/sql/drop_index_spec.rb +0 -16
data/spec/code/sql/drop_table_spec.rb +0 -16
data/spec/code/sql/drop_view_spec.rb +0 -16
data/spec/code/sql/has_default_values_clause_examples.rb +0 -10
data/spec/code/sql/has_fields_clause_examples.rb +0 -15
data/spec/code/sql/has_from_clause_examples.rb +0 -13
data/spec/code/sql/has_values_clause_examples.rb +0 -15
data/spec/code/sql/has_where_clause_examples.rb +0 -15
data/spec/code/sql/insert_spec.rb +0 -21
data/spec/code/sql/replace_spec.rb +0 -21
data/spec/code/sql/select_spec.rb +0 -105
data/spec/code/sql/update_spec.rb +0 -26
data/spec/helpers/code.rb +0 -14
data/spec/sql/error_spec.rb +0 -24
data/spec/sql/extensions/uri/http_spec.rb +0 -34
data/spec/sql_spec.rb +0 -9
data/tasks/spec.rb +0 -10
data/tasks/yard.rb +0 -13
metadata.gz.sig +0 -0

data/lib/ronin/sql/emittable.rb ADDED Viewed

@@ -0,0 +1,84 @@
+#
+# Ronin SQL - A Ruby DSL for crafting SQL Injections.
+#
+# Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This file is part of Ronin SQL.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+require 'ronin/sql/emitter'
+module Ronin
+  module SQL
+    #
+    # Allows an object to be converted to raw SQL.
+    #
+    module Emittable
+      #
+      # Creates a new emitter.
+      #
+      # @param [Hash] options
+      #   Additional options for {Emitter#initialize}.
+      #
+      def emitter(options={})
+        Emitter.new(options)
+      end
+      #
+      # The default `to_sql` method.
+      #
+      # @param [Hash] options
+      #   Additional options for {#emitter}.
+      #
+      # @option options [:lower, :upper, :random, nil] :case
+      #   Case for keywords.
+      #
+      # @option options [String] :space (' ')
+      #   String to use for white-space.
+      #
+      # @option options [:single, :double] :quotes (:single)
+      #   Type of quotes to use for Strings.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      # @raise [ArgumentError]
+      #   Could not emit an unknown SQL object.
+      #
+      def to_sql(options={})
+        emitter(options).emit(self)
+      end
+      #
+      # @see #to_sql
+      #
+      def to_s
+        to_sql
+      end
+      #
+      # Inspects the object.
+      #
+      # @return [String]
+      #   The inspected object.
+      #
+      def inspect
+        "#<#{self.class}: #{to_sql}>"
+      end
+    end
+  end
+end

data/lib/ronin/sql/emitter.rb ADDED Viewed

@@ -0,0 +1,375 @@
+#
+# Ronin SQL - A Ruby DSL for crafting SQL Injections.
+#
+# Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This file is part of Ronin SQL.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+require 'ronin/formatting/sql'
+module Ronin
+  module SQL
+    #
+    # Generates raw SQL.
+    #
+    class Emitter
+      # The case to use when emitting keywords
+      attr_reader :case
+      # String to use for white-space
+      attr_reader :space
+      # Type of String quotes to use
+      attr_reader :quotes
+      #
+      # Initializes the SQL Emitter.
+      #
+      # @param [Hash] options
+      #   Emitter options.
+      #
+      # @option options [:lower, :upper, :random, nil] :case
+      #   Case for keywords.
+      #
+      # @option options [String] :space (' ')
+      #   String to use for white-space.
+      #
+      # @option options [:single, :double] :quotes (:single)
+      #   Type of quotes to use for Strings.
+      #
+      def initialize(options={})
+        @case  = options[:case]
+        @space = options.fetch(:space,' ')
+        @quotes = options.fetch(:quotes,:single)
+      end
+      #
+      # Emits a SQL keyword.
+      #
+      # @param [Symbol, Array<Symbol>] keyword
+      #   The SQL keyword.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_keyword(keyword)
+        keyword = Array(keyword).join(@space)
+        case @case
+        when :upper  then keyword.upcase
+        when :lower  then keyword.downcase
+        when :random
+          keyword.tap do
+            (keyword.length / 2).times do
+              index = rand(keyword.length)
+              keyword[index] = keyword[index].swapcase
+            end
+          end
+        else
+          keyword
+        end
+      end
+      #
+      # Emits a SQL operator.
+      #
+      # @param [Symbol] op
+      #   The operator symbol.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_operator(op)
+        op = op.to_s
+        case op
+        when /^[a-zA-Z]+$/ then emit_keyword(op)
+        else                    op
+        end
+      end
+      #
+      # Emits the `NULL` value.
+      #
+      # @return ["NULL"]
+      #
+      def emit_null
+        emit_keyword(:NULL)
+      end
+      #
+      # Emits a `false` value.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_false
+        "1=0"
+      end
+      #
+      # Emits a `true` value.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_true
+        "1=1"
+      end
+      #
+      # Emits a SQL Integer.
+      #
+      # @param [Integer] int
+      #   The Integer.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_integer(int)
+        int.to_s
+      end
+      #
+      # Emits a SQL Decimal.
+      #
+      # @param [Float] decimal
+      #   The decimal.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_decimal(decimal)
+        decimal.to_s
+      end
+      #
+      # Emits a SQL String.
+      #
+      # @param [String] string
+      #   The String.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_string(string)
+        string.sql_escape(@quotes)
+      end
+      #
+      # Emits a SQL field.
+      #
+      # @param [Field, Symbol, String] field
+      #   The SQL field.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_field(field)
+        field.to_s
+      end
+      #
+      # Emits a list of elements.
+      #
+      # @param [#map] list
+      #   The list of elements.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_list(list)
+        '(' + list.map { |element| emit(element) }.join(',') + ')'
+      end
+      #
+      # Emits a list of columns and assigned values.
+      #
+      # @param [Hash{Field,Symbol => Object}] values
+      #   The column names and values.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_assignments(values)
+        values.map { |key,value|
+          "#{emit_keyword(key)}=#{emit(value)}"
+        }.join(',')
+      end
+      #
+      # Emits a SQL expression.
+      #
+      # @param [BinaryExpr, UnaryExpr] expr
+      #   The SQL expression.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_expression(expr)
+        op = emit_operator(expr.operator)
+        case expr
+        when BinaryExpr
+          left, right = emit(expr.left), emit(expr.right)
+          left  = "(#{left})"  if expr.left.kind_of?(Statement)
+          right = "(#{right})" if expr.right.kind_of?(Statement)
+          case op
+          when /^\w+$/ then [left, op, right].join(@space)
+          else              "#{left}#{op}#{right}"
+          end
+        when UnaryExpr
+          operand = emit(expr.operand)
+          operand = "(#{operand})" if expr.operand.kind_of?(Statement)
+          case op
+          when /^\w+$/ then [op, operand].join(@space)
+          else              "#{op}#{operand}"
+          end
+        end
+      end
+      #
+      # Emits a SQL function.
+      #
+      # @param [Function] function
+      #   The SQL function.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_function(function)
+        name      = emit_keyword(function.name)
+        arguments = function.arguments.map { |argument| emit(argument) }
+        return "#{name}(#{arguments.join(',')})"
+      end
+      #
+      # Emits a SQL object.
+      #
+      # @param [#to_sql] object
+      #   The SQL object.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      # @raise [ArgumentError]
+      #   Could not emit an unknown SQL object.
+      #
+      def emit(object)
+        case object
+        when NilClass              then emit_null
+        when TrueClass             then emit_true
+        when FalseClass            then emit_false
+        when Integer               then emit_integer(object)
+        when Float                 then emit_decimal(object)
+        when String                then emit_string(object)
+        when Literal               then emit(object.value)
+        when Field, Symbol         then emit_field(object)
+        when Array                 then emit_list(object)
+        when Hash                  then emit_assignments(object)
+        when BinaryExpr, UnaryExpr then emit_expression(object)
+        when Clause                then emit_clause(object)
+        when Statement             then emit_statement(object)
+        when StatementList         then emit_statement_list(object)
+        else
+          if object.respond_to?(:to_sql)
+            object.to_sql
+          else
+            raise(ArgumentError,"cannot emit #{object.class}")
+          end
+        end
+      end
+      #
+      # Emits a SQL Clause.
+      #
+      # @param [Clause] clause
+      #   The SQL Clause.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_clause(clause)
+        sql = emit_keyword(clause.keyword)
+        unless clause.argument.nil?
+          sql << @space << emit(clause.argument)
+        end
+        return sql
+      end
+      #
+      # Emits multiple SQL Clauses.
+      #
+      # @param [Array<Clause>] clauses
+      #   The clauses to emit.
+      #
+      # @return [String]
+      #   The emitted clauses.
+      #
+      def emit_clauses(clauses)
+        clauses.map { |clause| emit_clause(clause) }.join(@space)
+      end
+      #
+      # Emits a SQL Statement.
+      #
+      # @param [Statement] stmt
+      #   The SQL Statement.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_statement(stmt)
+        sql = emit_keyword(stmt.keyword)
+        unless stmt.argument.nil?
+          sql << @space << emit(stmt.argument)
+        end
+        unless stmt.clauses.empty?
+          sql << @space << emit_clauses(stmt.clauses)
+        end
+        return sql
+      end
+      #
+      # Emits a full SQL statement list.
+      #
+      # @param [StatementList] list
+      #   The SQL statement list.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_statement_list(list)
+        list.statements.map { |stmt|
+          emit_statement(stmt)
+        }.join(";#{@space}")
+      end
+    end
+  end
+end