RubyGems - ronin-sql - Versions diffs - 0.2.4 → 1.0.0 - Mend

ronin-sql 0.2.4 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (154) hide show

data/.document +4 -0
data/.gitignore +11 -0
data/.rspec +1 -0
data/.yardopts +1 -0
data/COPYING.txt +623 -288
data/{History.txt → ChangeLog.md} +33 -35
data/Gemfile +25 -0
data/README.md +110 -0
data/Rakefile +30 -20
data/bin/ronin-sql +18 -5
data/gemspec.yml +16 -0
data/lib/ronin/formatting/extensions/sql.rb +4 -3
data/lib/ronin/formatting/extensions/sql/string.rb +83 -10
data/lib/ronin/formatting/sql.rb +4 -3
data/lib/ronin/sql.rb +5 -12
data/lib/ronin/{code/sql/create_index.rb → sql/binary_expr.rb} +25 -18
data/lib/ronin/sql/clause.rb +72 -0
data/lib/ronin/sql/clauses.rb +297 -0
data/lib/ronin/sql/emittable.rb +84 -0
data/lib/ronin/sql/emitter.rb +375 -0
data/lib/ronin/sql/field.rb +106 -0
data/lib/ronin/{code/sql/as.rb → sql/fields.rb} +36 -17
data/lib/ronin/{code/sql/binary_expr.rb → sql/function.rb} +27 -27
data/lib/ronin/sql/functions.rb +989 -0
data/lib/ronin/sql/injection.rb +125 -157
data/lib/ronin/{code/sql/default_values_clause.rb → sql/literal.rb} +13 -11
data/lib/ronin/sql/literals.rb +72 -0
data/lib/ronin/sql/operators.rb +332 -0
data/lib/ronin/sql/sql.rb +86 -0
data/lib/ronin/sql/statement.rb +70 -0
data/lib/ronin/sql/statement_list.rb +110 -0
data/lib/ronin/sql/statements.rb +115 -0
data/lib/ronin/{code/sql/desc.rb → sql/unary_expr.rb} +11 -11
data/lib/ronin/sql/version.rb +5 -4
data/ronin-sql.gemspec +61 -0
data/spec/formatting/sql/string_spec.rb +172 -0
data/spec/spec_helper.rb +1 -4
data/spec/sql/binary_expr.rb +5 -0
data/spec/sql/binary_expr_examples.rb +25 -0
data/spec/sql/clause_examples.rb +43 -0
data/spec/sql/clause_spec.rb +31 -0
data/spec/sql/clauses_spec.rb +43 -0
data/spec/sql/emittable_spec.rb +41 -0
data/spec/sql/emitter_spec.rb +472 -0
data/spec/sql/field_spec.rb +103 -0
data/spec/sql/fields_spec.rb +40 -0
data/spec/sql/function_examples.rb +30 -0
data/spec/sql/function_spec.rb +25 -0
data/spec/sql/functions_spec.rb +110 -0
data/spec/sql/injection_spec.rb +233 -0
data/spec/sql/literal_spec.rb +5 -0
data/spec/sql/literals_spec.rb +46 -0
data/spec/sql/operators_spec.rb +44 -0
data/spec/sql/sql_spec.rb +18 -0
data/spec/sql/statement_examples.rb +39 -0
data/spec/sql/statement_list_spec.rb +48 -0
data/spec/sql/statement_sql.rb +38 -0
data/spec/sql/statements_spec.rb +22 -0
data/spec/sql/unary_expr.rb +5 -0
data/spec/sql/unary_expr_examples.rb +20 -0
metadata +116 -217
data.tar.gz.sig +0 -0
data/Manifest.txt +0 -108
data/README.txt +0 -112
data/lib/ronin/code/sql.rb +0 -22
data/lib/ronin/code/sql/add_column_clause.rb +0 -42
data/lib/ronin/code/sql/alter_table.rb +0 -52
data/lib/ronin/code/sql/asc.rb +0 -36
data/lib/ronin/code/sql/between.rb +0 -66
data/lib/ronin/code/sql/clause.rb +0 -35
data/lib/ronin/code/sql/code.rb +0 -35
data/lib/ronin/code/sql/common_dialect.rb +0 -66
data/lib/ronin/code/sql/create.rb +0 -74
data/lib/ronin/code/sql/create_table.rb +0 -44
data/lib/ronin/code/sql/create_view.rb +0 -41
data/lib/ronin/code/sql/delete.rb +0 -52
data/lib/ronin/code/sql/dialect.rb +0 -282
data/lib/ronin/code/sql/drop.rb +0 -55
data/lib/ronin/code/sql/drop_index.rb +0 -41
data/lib/ronin/code/sql/drop_table.rb +0 -41
data/lib/ronin/code/sql/drop_view.rb +0 -41
data/lib/ronin/code/sql/emittable.rb +0 -100
data/lib/ronin/code/sql/exceptions.rb +0 -24
data/lib/ronin/code/sql/exceptions/unknown_clause.rb +0 -29
data/lib/ronin/code/sql/exceptions/unknown_dialect.rb +0 -29
data/lib/ronin/code/sql/exceptions/unknown_statement.rb +0 -29
data/lib/ronin/code/sql/expr.rb +0 -102
data/lib/ronin/code/sql/field.rb +0 -101
data/lib/ronin/code/sql/fields_clause.rb +0 -46
data/lib/ronin/code/sql/from_clause.rb +0 -42
data/lib/ronin/code/sql/function.rb +0 -53
data/lib/ronin/code/sql/group_by_clause.rb +0 -46
data/lib/ronin/code/sql/having_clause.rb +0 -46
data/lib/ronin/code/sql/in.rb +0 -47
data/lib/ronin/code/sql/injected_statement.rb +0 -100
data/lib/ronin/code/sql/injection.rb +0 -203
data/lib/ronin/code/sql/insert.rb +0 -54
data/lib/ronin/code/sql/intersect_clause.rb +0 -42
data/lib/ronin/code/sql/join_clause.rb +0 -123
data/lib/ronin/code/sql/like.rb +0 -73
data/lib/ronin/code/sql/limit_clause.rb +0 -42
data/lib/ronin/code/sql/modifier.rb +0 -48
data/lib/ronin/code/sql/offset_clause.rb +0 -42
data/lib/ronin/code/sql/on_clause.rb +0 -55
data/lib/ronin/code/sql/order_by_clause.rb +0 -42
data/lib/ronin/code/sql/program.rb +0 -225
data/lib/ronin/code/sql/rename_to_clause.rb +0 -42
data/lib/ronin/code/sql/replace.rb +0 -54
data/lib/ronin/code/sql/select.rb +0 -103
data/lib/ronin/code/sql/set_clause.rb +0 -42
data/lib/ronin/code/sql/statement.rb +0 -180
data/lib/ronin/code/sql/token.rb +0 -62
data/lib/ronin/code/sql/unary_expr.rb +0 -47
data/lib/ronin/code/sql/union_all_clause.rb +0 -42
data/lib/ronin/code/sql/union_clause.rb +0 -42
data/lib/ronin/code/sql/update.rb +0 -52
data/lib/ronin/code/sql/values_clause.rb +0 -46
data/lib/ronin/code/sql/where_clause.rb +0 -42
data/lib/ronin/sql/error.rb +0 -26
data/lib/ronin/sql/error/error.rb +0 -62
data/lib/ronin/sql/error/extensions.rb +0 -22
data/lib/ronin/sql/error/extensions/string.rb +0 -77
data/lib/ronin/sql/error/message.rb +0 -62
data/lib/ronin/sql/error/pattern.rb +0 -104
data/lib/ronin/sql/error/patterns.rb +0 -99
data/lib/ronin/sql/extensions.rb +0 -22
data/lib/ronin/sql/extensions/uri.rb +0 -22
data/lib/ronin/sql/extensions/uri/http.rb +0 -107
data/spec/code/sql/common_dialect_spec.rb +0 -205
data/spec/code/sql/create_examples.rb +0 -19
data/spec/code/sql/create_index_spec.rb +0 -25
data/spec/code/sql/create_table_spec.rb +0 -27
data/spec/code/sql/create_view_spec.rb +0 -16
data/spec/code/sql/delete_spec.rb +0 -14
data/spec/code/sql/drop_examples.rb +0 -10
data/spec/code/sql/drop_index_spec.rb +0 -16
data/spec/code/sql/drop_table_spec.rb +0 -16
data/spec/code/sql/drop_view_spec.rb +0 -16
data/spec/code/sql/has_default_values_clause_examples.rb +0 -10
data/spec/code/sql/has_fields_clause_examples.rb +0 -15
data/spec/code/sql/has_from_clause_examples.rb +0 -13
data/spec/code/sql/has_values_clause_examples.rb +0 -15
data/spec/code/sql/has_where_clause_examples.rb +0 -15
data/spec/code/sql/insert_spec.rb +0 -21
data/spec/code/sql/replace_spec.rb +0 -21
data/spec/code/sql/select_spec.rb +0 -105
data/spec/code/sql/update_spec.rb +0 -26
data/spec/helpers/code.rb +0 -14
data/spec/sql/error_spec.rb +0 -24
data/spec/sql/extensions/uri/http_spec.rb +0 -34
data/spec/sql_spec.rb +0 -9
data/tasks/spec.rb +0 -10
data/tasks/yard.rb +0 -13
metadata.gz.sig +0 -0

data/lib/ronin/sql/emittable.rb ADDED Viewed

@@ -0,0 +1,84 @@
+#
+# Ronin SQL - A Ruby DSL for crafting SQL Injections.
+#
+# Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This file is part of Ronin SQL.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+require 'ronin/sql/emitter'
+module Ronin
+  module SQL
+    #
+    # Allows an object to be converted to raw SQL.
+    #
+    module Emittable
+      #
+      # Creates a new emitter.
+      #
+      # @param [Hash] options
+      #   Additional options for {Emitter#initialize}.
+      #
+      def emitter(options={})
+        Emitter.new(options)
+      end
+      #
+      # The default `to_sql` method.
+      #
+      # @param [Hash] options
+      #   Additional options for {#emitter}.
+      #
+      # @option options [:lower, :upper, :random, nil] :case
+      #   Case for keywords.
+      #
+      # @option options [String] :space (' ')
+      #   String to use for white-space.
+      #
+      # @option options [:single, :double] :quotes (:single)
+      #   Type of quotes to use for Strings.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      # @raise [ArgumentError]
+      #   Could not emit an unknown SQL object.
+      #
+      def to_sql(options={})
+        emitter(options).emit(self)
+      end
+      #
+      # @see #to_sql
+      #
+      def to_s
+        to_sql
+      end
+      #
+      # Inspects the object.
+      #
+      # @return [String]
+      #   The inspected object.
+      #
+      def inspect
+        "#<#{self.class}: #{to_sql}>"
+      end
+    end
+  end
+end

data/lib/ronin/sql/emitter.rb ADDED Viewed

@@ -0,0 +1,375 @@
+#
+# Ronin SQL - A Ruby DSL for crafting SQL Injections.
+#
+# Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This file is part of Ronin SQL.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+require 'ronin/formatting/sql'
+module Ronin
+  module SQL
+    #
+    # Generates raw SQL.
+    #
+    class Emitter
+      # The case to use when emitting keywords
+      attr_reader :case
+      # String to use for white-space
+      attr_reader :space
+      # Type of String quotes to use
+      attr_reader :quotes
+      #
+      # Initializes the SQL Emitter.
+      #
+      # @param [Hash] options
+      #   Emitter options.
+      #
+      # @option options [:lower, :upper, :random, nil] :case
+      #   Case for keywords.
+      #
+      # @option options [String] :space (' ')
+      #   String to use for white-space.
+      #
+      # @option options [:single, :double] :quotes (:single)
+      #   Type of quotes to use for Strings.
+      #
+      def initialize(options={})
+        @case  = options[:case]
+        @space = options.fetch(:space,' ')
+        @quotes = options.fetch(:quotes,:single)
+      end
+      #
+      # Emits a SQL keyword.
+      #
+      # @param [Symbol, Array<Symbol>] keyword
+      #   The SQL keyword.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_keyword(keyword)
+        keyword = Array(keyword).join(@space)
+        case @case
+        when :upper  then keyword.upcase
+        when :lower  then keyword.downcase
+        when :random
+          keyword.tap do
+            (keyword.length / 2).times do
+              index = rand(keyword.length)
+              keyword[index] = keyword[index].swapcase
+            end
+          end
+        else
+          keyword
+        end
+      end
+      #
+      # Emits a SQL operator.
+      #
+      # @param [Symbol] op
+      #   The operator symbol.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_operator(op)
+        op = op.to_s
+        case op
+        when /^[a-zA-Z]+$/ then emit_keyword(op)
+        else                    op
+        end
+      end
+      #
+      # Emits the `NULL` value.
+      #
+      # @return ["NULL"]
+      #
+      def emit_null
+        emit_keyword(:NULL)
+      end
+      #
+      # Emits a `false` value.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_false
+        "1=0"
+      end
+      #
+      # Emits a `true` value.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_true
+        "1=1"
+      end
+      #
+      # Emits a SQL Integer.
+      #
+      # @param [Integer] int
+      #   The Integer.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_integer(int)
+        int.to_s
+      end
+      #
+      # Emits a SQL Decimal.
+      #
+      # @param [Float] decimal
+      #   The decimal.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_decimal(decimal)
+        decimal.to_s
+      end
+      #
+      # Emits a SQL String.
+      #
+      # @param [String] string
+      #   The String.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_string(string)
+        string.sql_escape(@quotes)
+      end
+      #
+      # Emits a SQL field.
+      #
+      # @param [Field, Symbol, String] field
+      #   The SQL field.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_field(field)
+        field.to_s
+      end
+      #
+      # Emits a list of elements.
+      #
+      # @param [#map] list
+      #   The list of elements.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_list(list)
+        '(' + list.map { |element| emit(element) }.join(',') + ')'
+      end
+      #
+      # Emits a list of columns and assigned values.
+      #
+      # @param [Hash{Field,Symbol => Object}] values
+      #   The column names and values.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_assignments(values)
+        values.map { |key,value|
+          "#{emit_keyword(key)}=#{emit(value)}"
+        }.join(',')
+      end
+      #
+      # Emits a SQL expression.
+      #
+      # @param [BinaryExpr, UnaryExpr] expr
+      #   The SQL expression.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_expression(expr)
+        op = emit_operator(expr.operator)
+        case expr
+        when BinaryExpr
+          left, right = emit(expr.left), emit(expr.right)
+          left  = "(#{left})"  if expr.left.kind_of?(Statement)
+          right = "(#{right})" if expr.right.kind_of?(Statement)
+          case op
+          when /^\w+$/ then [left, op, right].join(@space)
+          else              "#{left}#{op}#{right}"
+          end
+        when UnaryExpr
+          operand = emit(expr.operand)
+          operand = "(#{operand})" if expr.operand.kind_of?(Statement)
+          case op
+          when /^\w+$/ then [op, operand].join(@space)
+          else              "#{op}#{operand}"
+          end
+        end
+      end
+      #
+      # Emits a SQL function.
+      #
+      # @param [Function] function
+      #   The SQL function.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_function(function)
+        name      = emit_keyword(function.name)
+        arguments = function.arguments.map { |argument| emit(argument) }
+        return "#{name}(#{arguments.join(',')})"
+      end
+      #
+      # Emits a SQL object.
+      #
+      # @param [#to_sql] object
+      #   The SQL object.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      # @raise [ArgumentError]
+      #   Could not emit an unknown SQL object.
+      #
+      def emit(object)
+        case object
+        when NilClass              then emit_null
+        when TrueClass             then emit_true
+        when FalseClass            then emit_false
+        when Integer               then emit_integer(object)
+        when Float                 then emit_decimal(object)
+        when String                then emit_string(object)
+        when Literal               then emit(object.value)
+        when Field, Symbol         then emit_field(object)
+        when Array                 then emit_list(object)
+        when Hash                  then emit_assignments(object)
+        when BinaryExpr, UnaryExpr then emit_expression(object)
+        when Clause                then emit_clause(object)
+        when Statement             then emit_statement(object)
+        when StatementList         then emit_statement_list(object)
+        else
+          if object.respond_to?(:to_sql)
+            object.to_sql
+          else
+            raise(ArgumentError,"cannot emit #{object.class}")
+          end
+        end
+      end
+      #
+      # Emits a SQL Clause.
+      #
+      # @param [Clause] clause
+      #   The SQL Clause.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_clause(clause)
+        sql = emit_keyword(clause.keyword)
+        unless clause.argument.nil?
+          sql << @space << emit(clause.argument)
+        end
+        return sql
+      end
+      #
+      # Emits multiple SQL Clauses.
+      #
+      # @param [Array<Clause>] clauses
+      #   The clauses to emit.
+      #
+      # @return [String]
+      #   The emitted clauses.
+      #
+      def emit_clauses(clauses)
+        clauses.map { |clause| emit_clause(clause) }.join(@space)
+      end
+      #
+      # Emits a SQL Statement.
+      #
+      # @param [Statement] stmt
+      #   The SQL Statement.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_statement(stmt)
+        sql = emit_keyword(stmt.keyword)
+        unless stmt.argument.nil?
+          sql << @space << emit(stmt.argument)
+        end
+        unless stmt.clauses.empty?
+          sql << @space << emit_clauses(stmt.clauses)
+        end
+        return sql
+      end
+      #
+      # Emits a full SQL statement list.
+      #
+      # @param [StatementList] list
+      #   The SQL statement list.
+      #
+      # @return [String]
+      #   The raw SQL.
+      #
+      def emit_statement_list(list)
+        list.statements.map { |stmt|
+          emit_statement(stmt)
+        }.join(";#{@space}")
+      end
+    end
+  end
+end