ronin-sql 0.2.4 → 1.0.0

data/lib/ronin/sql/sql.rb

@@ -0,0 +1,86 @@
+#
+# Ronin SQL - A Ruby DSL for crafting SQL Injections.
+#
+# Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This file is part of Ronin SQL.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+
+require 'ronin/sql/statement_list'
+require 'ronin/sql/injection'
+
+module Ronin
+  module SQL
+
+    #
+    # Creates a new SQL statement list.
+    #
+    # @yield [(statements)]
+    #   If a block is given, it will be evaluated within the statement list.
+    #   If the block accepts an argument, the block will be called with the
+    #   new statement list.
+    #
+    # @yieldparam [StatementList] statements
+    #   The new statement list.
+    #
+    # @return [StatementList]
+    #   The new SQL statement list.
+    #
+    # @example
+    #   sql { select(1,2,3,4,id).from(users) }
+    #   # => #<Ronin::SQL::StatementList: SELECT (1,2,3,4,id) FROM users>
+    #
+    def sql(&block)
+      StatementList.new(&block)
+    end
+
+    #
+    # Creates a new SQL injection (SQLi)
+    #
+    # @param [Hash] options
+    #   Additional injection options.
+    #
+    # @option options [:integer, :decimal, :string, :column] :escape
+    #   The type of element to escape out of.
+    #
+    # @option options [Boolean] :terminate
+    #   Specifies whether to terminate the SQLi with a comment.
+    #
+    # @option options [String, Symbol, Integer] :place_holder
+    #   Place-holder data.
+    #
+    # @yield [(injection)]
+    #   If a block is given, it will be evaluated within the injection.
+    #   If the block accepts an argument, the block will be called with the
+    #   new injection.
+    #
+    # @yieldparam [Injection] injection
+    #   The new injection.
+    #
+    # @return [Injection]
+    #   The new SQL injection.
+    #
+    # @example
+    #   sqli { self.and { 1 == 1 }.select(1,2,3,4,id).from(users) }
+    #   # => #<Ronin::SQL::Injection: 1 AND 1=1; SELECT (1,2,3,4,id) FROM users; SELECT (1,2,3,4,id) FROM users>
+    #
+    def sqli(options={},&block)
+      Injection.new(options,&block)
+    end
+
+  end
+end

data/lib/ronin/sql/statement.rb

@@ -0,0 +1,70 @@
+#
+# Ronin SQL - A Ruby DSL for crafting SQL Injections.
+#
+# Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This file is part of Ronin SQL.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+
+require 'ronin/sql/literals'
+require 'ronin/sql/clause'
+require 'ronin/sql/clauses'
+require 'ronin/sql/operators'
+require 'ronin/sql/emittable'
+
+module Ronin
+  module SQL
+    #
+    # Represents a SQL Statement.
+    #
+    class Statement < Struct.new(:keyword,:argument)
+
+      include Literals
+      include Operators
+      include Clauses
+      include Emittable
+
+      #
+      # Initializes a new SQL statement.
+      #
+      # @param [Symbol, Array<Symbol>] keyword
+      #   Name of the statement.
+      #
+      # @param [Object] argument
+      #   Additional argument for the statement.
+      #
+      # @yield [(statement)]
+      #   If a block is given, it will be called.
+      #
+      # @yieldparam [Statement] statement
+      #   If the block accepts an argument, it will be passed the new statement.
+      #   Otherwise the block will be evaluated within the statement.
+      #
+      def initialize(keyword,argument=nil,&block)
+        super(keyword,argument)
+
+        if block
+          case block.arity
+          when 0 then instance_eval(&block)
+          else        block.call(self)
+          end
+        end
+      end
+
+    end
+  end
+end

data/lib/ronin/sql/statement_list.rb

@@ -0,0 +1,110 @@
+#
+# Ronin SQL - A Ruby DSL for crafting SQL Injections.
+#
+# Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This file is part of Ronin SQL.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+
+require 'ronin/sql/field'
+require 'ronin/sql/fields'
+require 'ronin/sql/unary_expr'
+require 'ronin/sql/binary_expr'
+require 'ronin/sql/functions'
+require 'ronin/sql/statement'
+require 'ronin/sql/statements'
+require 'ronin/sql/emittable'
+
+module Ronin
+  module SQL
+    #
+    # Represents a list of SQL {Statements Statement}.
+    #
+    class StatementList
+
+      include Fields
+      include Functions
+      include Statements
+      include Emittable
+
+      # The list of statements
+      attr_reader :statements
+
+      #
+      # Initializes a new SQL statement list.
+      #
+      # @yield [(statements)]
+      #   If a block is given, it will be evaluated within the statement list.
+      #   If the block accepts an argument, the block will be called with the
+      #   new statement list.
+      #
+      # @yieldparam [StatementList] statements
+      #   The new statement list.
+      #
+      def initialize(&block)
+        @statements = []
+
+        if block
+          case block.arity
+          when 0 then instance_eval(&block)
+          else        block.call(self)
+          end
+        end
+      end
+
+      #
+      # Appends a statement.
+      #
+      # @param [Statement] statement
+      #   The SQL statement.
+      #
+      # @return [self]
+      #
+      def <<(statement)
+        @statements << statement
+        return self
+      end
+
+      #
+      # Appends an arbitrary statement.
+      #
+      # @param [Symbol] keyword
+      #   Name of the statement.
+      #
+      # @param [Object] argument
+      #   Additional argument for the statement.
+      #
+      # @yield [(statement)]
+      #   If a block is given, it will be called.
+      #
+      # @yieldparam [Statement] statement
+      #   If the block accepts an argument, it will be passed the new statement.
+      #   Otherwise the block will be evaluated within the statement.
+      #
+      # @return [Statement]
+      #   The newly created statement.
+      #
+      def statement(keyword,argument=nil,&block)
+        new_statement = super
+
+        self << new_statement
+        return new_statement
+      end
+
+    end
+  end
+end

data/lib/ronin/sql/statements.rb

@@ -0,0 +1,115 @@
+#
+# Ronin SQL - A Ruby DSL for crafting SQL Injections.
+#
+# Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This file is part of Ronin SQL.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+
+module Ronin
+  module SQL
+    #
+    # Methods for creating common SQL {Statement Statements}.
+    #
+    module Statements
+      #
+      # Creates an arbitrary statement.
+      #
+      # @param [Symbol] keyword
+      #   Name of the statement.
+      #
+      # @param [Object] argument
+      #   Additional argument for the statement.
+      #
+      # @yield [(statement)]
+      #   If a block is given, it will be called.
+      #
+      # @yieldparam [Statement] statement
+      #   If the block accepts an argument, it will be passed the new statement.
+      #   Otherwise the block will be evaluated within the statement.
+      #
+      # @return [Statement]
+      #   The new statement.
+      #
+      def statement(keyword,argument=nil,&block)
+        Statement.new(keyword,argument,&block)
+      end
+
+      #
+      # Creates a new `SELECT` statement.
+      #
+      # @param [Array<Field, Symbol>] columns
+      #   The columns to select.
+      #
+      # @return [Statement]
+      #   The new statement.
+      #
+      def select(*columns,&block)
+        statement(:SELECT,columns,&block)
+      end
+
+      #
+      # Creates a new `INSERT` statement.
+      #
+      # @return [Statement]
+      #   The new statement.
+      #
+      def insert(&block)
+        statement(:INSERT,&block)
+      end
+
+      #
+      # Creates a new `UPDATE` statement.
+      #
+      # @param [Field, Symbol] table
+      #   The table to update.
+      #
+      # @return [Statement]
+      #   The new statement.
+      #
+      def update(table,&block)
+        statement(:UPDATE,table,&block)
+      end
+
+      #
+      # Creates a new `DELETE` statement.
+      #
+      # @param [Field, Symbol] table
+      #   The table to delete from.
+      #
+      # @return [Statement]
+      #   The new statement.
+      #
+      def delete(table,&block)
+        statement([:DELETE, :FROM],table,&block)
+      end
+
+      #
+      # Creates a new `DROP TABLE` statement.
+      #
+      # @param [Field, Symbol] table
+      #   The table to drop.
+      #
+      # @return [Statement]
+      #   The new statement.
+      #
+      def drop_table(table,&block)
+        statement([:DROP, :TABLE],table,&block)
+      end
+    end
+  end
+end

data/lib/ronin/{code/sql/desc.rb → sql/unary_expr.rb}

@@ -1,8 +1,9 @@
 #
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
+# Ronin SQL - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This file is part of Ronin SQL.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -19,18 +20,17 @@
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 #
 
-require 'ronin/code/sql/modifier'
+require 'ronin/sql/emittable'
 
 module Ronin
-  module Code
-    module SQL
-      class Asc < Modifier
+  module SQL
+    #
+    # Represents a unary-expression in SQL.
+    #
+    class UnaryExpr < Struct.new(:operator,:operand)
 
-        def initialize(expr)
-          super(expr,'DESC')
-        end
+      include Emittable
 
-      end
     end
   end
 end

data/lib/ronin/sql/version.rb

@@ -1,8 +1,9 @@
 #
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
+# Ronin SQL - A Ruby DSL for crafting SQL Injections.
 #
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2013 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This file is part of Ronin SQL.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -22,6 +23,6 @@
 module Ronin
   module SQL
     # Ronin SQL version
-    VERSION = '0.2.4'
+    VERSION = '1.0.0'
   end
 end

data/ronin-sql.gemspec

@@ -0,0 +1,61 @@
+# encoding: utf-8
+
+require 'yaml'
+
+Gem::Specification.new do |gem|
+  gemspec = YAML.load_file('gemspec.yml')
+
+  gem.name    = gemspec.fetch('name')
+  gem.version = gemspec.fetch('version') do
+                  lib_dir = File.join(File.dirname(__FILE__),'lib')
+                  $LOAD_PATH << lib_dir unless $LOAD_PATH.include?(lib_dir)
+
+                  require 'ronin/sql/version'
+                  Ronin::SQL::VERSION
+                end
+
+  gem.summary     = gemspec['summary']
+  gem.description = gemspec['description']
+  gem.licenses    = Array(gemspec['license'])
+  gem.authors     = Array(gemspec['authors'])
+  gem.email       = gemspec['email']
+  gem.homepage    = gemspec['homepage']
+
+  glob = lambda { |patterns| gem.files & Dir[*patterns] }
+
+  gem.files  = `git ls-files`.split($/)
+  gem.files  = glob[gemspec['files']] if gemspec['files']
+  gem.files += Array(gemspec['generated_files'])
+
+  gem.executables = gemspec.fetch('executables') do
+    glob['bin/*'].map { |path| File.basename(path) }
+  end
+  gem.default_executable = gem.executables.first if Gem::VERSION < '1.7.'
+
+  gem.extensions       = glob[gemspec['extensions'] || 'ext/**/extconf.rb']
+  gem.test_files       = glob[gemspec['test_files'] || '{test/{**/}*_test.rb']
+  gem.extra_rdoc_files = glob[gemspec['extra_doc_files'] || '*.{txt,md}']
+
+  gem.require_paths = Array(gemspec.fetch('require_paths') {
+    %w[ext lib].select { |dir| File.directory?(dir) }
+  })
+
+  gem.requirements              = gemspec['requirements']
+  gem.required_ruby_version     = gemspec['required_ruby_version']
+  gem.required_rubygems_version = gemspec['required_rubygems_version']
+  gem.post_install_message      = gemspec['post_install_message']
+
+  split = lambda { |string| string.split(/,\s*/) }
+
+  if gemspec['dependencies']
+    gemspec['dependencies'].each do |name,versions|
+      gem.add_dependency(name,split[versions])
+    end
+  end
+
+  if gemspec['development_dependencies']
+    gemspec['development_dependencies'].each do |name,versions|
+      gem.add_development_dependency(name,split[versions])
+    end
+  end
+end