ronin-sql 0.2.4 → 1.0.0

data/spec/formatting/sql/string_spec.rb

@@ -0,0 +1,172 @@
+require 'spec_helper'
+require 'ronin/formatting/extensions/sql/string'
+
+describe String do
+  it "should provide the #sql_escape method" do
+    subject.should respond_to(:sql_escape)
+  end
+
+  it "should provide the #sql_encode method" do
+    subject.should respond_to(:sql_encode)
+  end
+
+  it "should provide the #sql_decode method" do
+    subject.should respond_to(:sql_decode)
+  end
+
+  describe "#sql_escape" do
+    subject { "hello" }
+
+    context "with :single" do
+      it "should wrap the String in single-quotes" do
+        subject.sql_escape(:single).should == "'hello'"
+      end
+
+      context "when the String already contains single-quotes" do
+        subject { "O'Brian" }
+
+        it "should escape existing single-quotes" do
+          subject.sql_escape(:single).should == "'O''Brian'"
+        end
+      end
+    end
+
+    context "with :double" do
+      it "should wrap the String in double-quotes" do
+        subject.sql_escape(:double).should == '"hello"'
+      end
+
+      context "when the String already contains double-quotes" do
+        subject { 'the "thing"' }
+
+        it "should escape existing double-quotes" do
+          subject.sql_escape(:double).should == '"the ""thing"""'
+        end
+      end
+    end
+
+    context "with :tick" do
+      it "should wrap the String in tick-mark quotes" do
+        subject.sql_escape(:tick).should == "`hello`"
+      end
+
+      context "when the String already contains tick-marks" do
+        subject { "the `thing`" }
+
+        it "should escape existing tick-mark quotes" do
+          subject.sql_escape(:tick).should == '`the ``thing```'
+        end
+      end
+    end
+
+    context "with no arguments" do
+      it "should default quote to :single" do
+        subject.sql_escape.should == subject.sql_escape(:single)
+      end
+    end
+
+    context "otherwise" do
+      it "should raise an ArgumentError" do
+        lambda { subject.sql_escape(:foo) }.should raise_error(ArgumentError)
+      end
+    end
+  end
+
+  describe "#sql_unescape" do
+    context "when the String is single-quoted" do
+      subject { "'hello'" }
+
+      it "should remove leading and tailing single-quotes" do
+        subject.sql_unescape.should == "hello"
+      end
+
+      context "when the String contains escaped single-quotes" do
+        subject { "'O''Brian'" }
+
+        it "should unescape the single-quotes" do
+          subject.sql_unescape.should == "O'Brian"
+        end
+      end
+    end
+
+    context "when the String is double-quoted" do
+      subject { '"hello"' }
+
+      it "should remove leading and tailing double-quotes" do
+        subject.sql_unescape.should == 'hello'
+      end
+
+      context "when the String contains escaped double-quotes" do
+        subject { '"the ""thing"""' }
+
+        it "should unescape the double-quotes" do
+          subject.sql_unescape.should == 'the "thing"'
+        end
+      end
+    end
+
+    context "when the String is tick-mark quoted" do
+      subject { '`hello`' }
+
+      it "should remove leading and tailing tick-mark quotes" do
+        subject.sql_unescape.should == 'hello'
+      end
+
+      context "when the String contains escaped tick-mark quotes" do
+        subject { '`the ``thing```' }
+
+        it "should unescape the tick-mark quotes" do
+          subject.sql_unescape.should == 'the `thing`'
+        end
+      end
+    end
+
+    context "when the String is not quoted" do
+      subject { "hello" }
+
+      it "should raise an exception" do
+        lambda { subject.sql_unescape }.should raise_error(TypeError)
+      end
+    end
+  end
+
+  describe "#sql_encode" do
+    subject { "/etc/passwd" }
+
+    let(:encoded_string) { '0x2f6574632f706173737764' }
+
+    it "should be able to be SQL-hex encoded" do
+      subject.sql_encode.should == encoded_string
+    end
+
+    it "should return an empty String if empty" do
+      ''.sql_encode.should == ''
+    end
+  end
+
+  describe "#sql_decode" do
+    subject { '2f6574632f706173737764' }
+
+    let(:decoded_string) { '/etc/passwd' }
+
+    it "should be able to be SQL-hex decoded" do
+      subject.sql_decode.should == decoded_string
+    end
+
+    context "with upper-case hexadecimal" do
+      subject { '2F6574632F706173737764' }
+
+      it "should be able to be SQL-hex decoded" do
+        subject.sql_decode.should == decoded_string
+      end
+    end
+
+    context "when the String is a SQL escaped string" do
+      subject { "'Conan O''Brian'" }
+
+      it "should unescape the SQL String" do
+        subject.sql_decode.should == "Conan O'Brian"
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -1,7 +1,4 @@
-require 'rubygems'
-gem 'rspec', '>=1.2.8'
-require 'spec'
-
+require 'rspec'
 require 'ronin/sql/version'
 
 include Ronin

data/spec/sql/binary_expr.rb

@@ -0,0 +1,5 @@
+require 'spec_helper'
+require 'ronin/sql/binary_expr'
+
+describe SQL::BinaryExpr do
+end

data/spec/sql/binary_expr_examples.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+require 'ronin/sql/binary_expr'
+
+shared_examples_for "BinaryExpr" do |method,operator=method|
+  describe "##{method}" do
+    let(:operand) { 1 }
+    let(:expr)    { subject.send(method,operand) }
+
+    it "should be a BinaryExpr" do
+      expr.should be_kind_of(SQL::BinaryExpr)
+    end
+
+    it "should set the left-hand side operand" do
+      expr.left.should == subject
+    end
+
+    it "should have a '#{operator}' operator" do
+      expr.operator.should == operator
+    end
+
+    it "should set the right-hand side operand" do
+      expr.right.should == operand
+    end
+  end
+end

data/spec/sql/clause_examples.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+shared_examples_for "Clause" do |method,keyword,argument_or_block=nil|
+  describe "##{method}" do
+    case argument_or_block
+    when Proc
+      before { subject.send(method,&argument_or_block) }
+    when Array
+      let(:arguments) { argument_or_block }
+
+      before { subject.send(method,*arguments) }
+    when NilClass
+      before { subject.send(method) }
+    else
+      let(:argument) { argument_or_block }
+
+      before { subject.send(method,argument) }
+    end
+
+    it "should add a #{keyword} clause" do
+      clause.keyword.should == keyword
+    end
+
+    case argument_or_block
+    when Proc
+      it "should accept a block" do
+        clause.argument.should_not be_nil
+      end
+    when NilClass
+      it "should not have an argument" do
+        clause.argument.should be_nil
+      end
+    when Array
+      it "should accept an argument" do
+        clause.argument.should == arguments
+      end
+    else
+      it "should accept an argument" do
+        clause.argument.should == argument
+      end
+    end
+  end
+end

data/spec/sql/clause_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+require 'ronin/sql/clause'
+
+describe SQL::Clause do
+  describe "#initialize" do
+    context "when given an argument" do
+      let(:argument) { 1 }
+
+      subject { described_class.new(:CLAUSE,argument) }
+
+      it "should set the argument" do
+        subject.argument.should == argument
+      end
+    end
+
+    context "when given a block" do
+      subject do
+        described_class.new(:CLAUSE) { 1 }
+      end
+
+      it "should use the return value as the argument" do
+        subject.argument.should == 1
+      end
+
+      context "that accepts an argument" do
+        it "should yield itself" do
+        end
+      end
+    end
+  end
+end

data/spec/sql/clauses_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+require 'sql/clause_examples'
+require 'ronin/sql/clause'
+require 'ronin/sql/clauses'
+
+describe SQL::Clauses do
+  subject { Object.new.extend(described_class) }
+
+  let(:clause) { subject.clauses.last }
+  its(:clauses) { should be_empty }
+
+  describe "#clause" do
+    let(:keyword) { :EXEC }
+
+    before { subject.clause(keyword) }
+
+    it "should add an arbitrary clause" do
+      clause.keyword.should == keyword
+    end
+  end
+
+  include_examples "Clause", :from, :FROM, :table
+  include_examples "Clause", :into, :INTO, :table
+  include_examples "Clause", :where, :WHERE, proc { id == 1 }
+  include_examples "Clause", :join, :JOIN, :table
+  include_examples "Clause", :inner_join, [:INNER, :JOIN], :table
+  include_examples "Clause", :left_join, [:LEFT, :JOIN], :table
+  include_examples "Clause", :right_join, [:RIGHT, :JOIN], :table
+  include_examples "Clause", :full_join, [:FULL, :JOIN], :table
+  include_examples "Clause", :on, :ON, proc { id == 1 }
+  include_examples "Clause", :union, :UNION, proc { select(:*).from(:table) }
+  include_examples "Clause", :group_by, [:GROUP, :BY], [:column1, :column2]
+  include_examples "Clause", :having, :HAVING, proc { max(priv) > 100 }
+  include_examples "Clause", :limit, :LIMIT, 100
+  include_examples "Clause", :offset, :OFFSET, 20
+  include_examples "Clause", :top, :TOP, 50
+  include_examples "Clause", :into, :INTO, :table
+  include_examples "Clause", :values, :VALUES, [1,2,3,4]
+  include_examples "Clause", :default_values, [:DEFAULT, :VALUES]
+  include_examples "Clause", :set, :SET, {x: 1, y: 2}
+  include_examples "Clause", :indexed_by, [:INDEXED, :BY], :index_name
+  include_examples "Clause", :not_indexed, [:NOT, :INDEXED]
+end

data/spec/sql/emittable_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+require 'ronin/sql/emittable'
+require 'ronin/sql/literal'
+
+describe SQL::Emittable do
+  subject { SQL::Literal.new('hello') }
+
+  describe "#emitter" do
+    it "should return an SQL::Emitter" do
+      subject.emitter.should be_kind_of(SQL::Emitter)
+    end
+
+    it "should accept Emitter options" do
+      subject.emitter(:case => :lower).case.should == :lower
+    end
+  end
+
+  describe "#to_sql" do
+    it "should emit the object" do
+      subject.to_sql.should == "'hello'"
+    end
+
+    context "when given options" do
+      it "should pass them to #emitter" do
+        subject.to_sql(quotes: :double).should == '"hello"'
+      end
+    end
+  end
+
+  describe "#to_s" do
+    it "should call #to_sql with no arguments" do
+      subject.to_s.should == subject.to_sql
+    end
+  end
+
+  describe "#inspect" do
+    it "should call #to_sql with no arguments" do
+      subject.inspect.should include(subject.to_sql)
+    end
+  end
+end

data/spec/sql/emitter_spec.rb

@@ -0,0 +1,472 @@
+require 'spec_helper'
+require 'ronin/sql/literal'
+require 'ronin/sql/unary_expr'
+require 'ronin/sql/binary_expr'
+require 'ronin/sql/field'
+require 'ronin/sql/statement'
+require 'ronin/sql/statement_list'
+require 'ronin/sql/emitter'
+
+describe SQL::Emitter do
+  describe "#initialize" do
+    context "without options" do
+      its(:space)  { should == ' ' }
+      its(:quotes) { should == :single }
+    end
+  end
+
+  describe "#emit_keyword" do
+    context "when passed an Array of Symbols" do
+      let(:keywords) { [:DROP, :TABLE] }
+
+      it "should join the keywords" do
+        subject.emit_keyword(keywords).should == "DROP TABLE"
+      end
+
+      context "when :space is set" do
+        subject { described_class.new(space: '/**/') }
+
+        it "should join the keywords" do
+          subject.emit_keyword(keywords).should == "DROP/**/TABLE"
+        end
+      end
+    end
+
+    context "when case is :upper" do
+      let(:keyword) { :select }
+
+      subject { described_class.new(case: :upper) }
+
+      it "should upcase the keyword" do
+        subject.emit_keyword(keyword).should == 'SELECT'
+      end
+    end
+
+    context "when case is :lower" do
+      let(:keyword) { :SELECT }
+
+      subject { described_class.new(case: :lower) }
+
+      it "should upcase the keyword" do
+        subject.emit_keyword(keyword).should == 'select'
+      end
+    end
+
+    context "when case is :random" do
+      let(:keyword) { :select }
+
+      subject { described_class.new(case: :random) }
+
+      it "should contain at least one upper-case character" do
+        subject.emit_keyword(keyword).should =~ /[SELECT]/
+      end
+    end
+
+    context "when case is nil" do
+      subject { described_class.new(case: nil) }
+
+      let(:keyword) { 'Select' }
+
+      it "should emit the keyword as is" do
+        subject.emit_keyword(keyword).should == keyword
+      end
+    end
+  end
+
+  describe "#emit_operator" do
+    context "when the operator is upper-case alphabetic text" do
+      subject { described_class.new(case: :lower) }
+
+      it "should emit a keyword" do
+        subject.emit_operator(:AS).should == 'as'
+      end
+    end
+
+    context "otherwise" do
+      it "should emit a String" do
+        subject.emit_operator(:"!=").should == '!='
+      end
+    end
+  end
+
+  describe "#emit_null" do
+    it "should emit the NULL keyword" do
+      subject.emit_null.should == 'NULL'
+    end
+  end
+
+  describe "#emit_false" do
+    it "should emit 1=0" do
+      subject.emit_false.should == '1=0'
+    end
+  end
+
+  describe "#emit_true" do
+    it "should emit 1=1" do
+      subject.emit_true.should == '1=1'
+    end
+  end
+
+  describe "#emit_integer" do
+    it "should emit a String" do
+      subject.emit_integer(10).should == '10'
+    end
+  end
+
+  describe "#emit_decimal" do
+    it "should emit a String" do
+      subject.emit_decimal(2.5).should == '2.5'
+    end
+  end
+
+  describe "#emit_string" do
+    it "should emit a String" do
+      subject.emit_string("O'Brian").should == "'O''Brian'"
+    end
+
+    context "when :quotes is :double" do
+      subject { described_class.new(quotes: :double) }
+
+      it "should double quote Strings" do
+        subject.emit_string("O'Brian").should == "\"O'Brian\""
+      end
+    end
+  end
+
+  describe "#emit_field" do
+    it "should emit a String" do
+      subject.emit_field(:id).should == 'id'
+    end
+  end
+
+  describe "#emit_list" do
+    it "should emit a ',' separated list" do
+      subject.emit_list([1,2,3,'foo']).should == "(1,2,3,'foo')"
+    end
+  end
+
+  describe "#emit_assignments" do
+    let(:values) { {x: 1, y: 2} }
+
+    it "should emit a list of column names and values" do
+      subject.emit_assignments(values).should == 'x=1,y=2'
+    end
+  end
+
+  describe "#emit_expression" do
+    context "when the expression is a BinaryExpr" do
+      context "when the operator is alphabetic" do
+        subject { described_class.new(case: :upper) }
+
+        let(:expr) { SQL::BinaryExpr.new(:id,:is,1) }
+
+        it "should emit the operands and operator as a keyword with spaces" do
+          subject.emit_expression(expr).should == 'id IS 1'
+        end
+      end
+
+      context "when the operator is symbolic" do
+        let(:expr) { SQL::BinaryExpr.new(:id,:"=",1) }
+
+        it "should emit the operands and operator without spaces" do
+          subject.emit_expression(expr).should == 'id=1'
+        end
+      end
+
+      context "when the left-hand operand is a Statement" do
+        let(:expr) do
+          SQL::BinaryExpr.new(SQL::Statement.new(:SELECT,1),:"=",1)
+        end
+
+        it "should wrap the left-hand operand in parenthesis" do
+          subject.emit_expression(expr).should == '(SELECT 1)=1'
+        end
+      end
+
+      context "when the right-hand operand is a Statement" do
+        let(:expr) do
+          SQL::BinaryExpr.new(1,:"=",SQL::Statement.new(:SELECT,1))
+        end
+
+        it "should wrap the left-hand operand in parenthesis" do
+          subject.emit_expression(expr).should == '1=(SELECT 1)'
+        end
+      end
+    end
+
+    context "when the expression is a UnaryExpr" do
+      context "when the operator is upper-case alpha" do
+        let(:expr) { SQL::UnaryExpr.new(:NOT,:admin) }
+
+        it "should emit the operand and operator with spaces" do
+          subject.emit_expression(expr).should == 'NOT admin'
+        end
+      end
+
+      context "when the operator is symbolic" do
+        let(:expr) { SQL::UnaryExpr.new(:"-",1) }
+
+        it "should emit the operand and operator without spaces" do
+          subject.emit_expression(expr).should == '-1'
+        end
+      end
+
+      context "when the operand is a Statement" do
+        let(:expr) do
+          SQL::UnaryExpr.new(:NOT,SQL::Statement.new(:SELECT,1))
+        end
+
+        it "should wrap the operand in parenthesis" do
+          subject.emit_expression(expr).should == 'NOT (SELECT 1)'
+        end
+      end
+    end
+  end
+
+  describe "#emit_function" do
+    let(:func) { SQL::Function.new(:NOW) }
+
+    it "should emit the function name as a keyword" do
+      subject.emit_function(func).should == 'NOW()'
+    end
+
+    context "with arguments" do
+      let(:func) { SQL::Function.new(:MAX,1,2) }
+
+      it "should emit the function arguments" do
+        subject.emit_function(func).should == 'MAX(1,2)'
+      end
+    end
+  end
+
+  describe "#emit" do
+    context "when passed nil" do
+      it "should emit the NULL keyword" do
+        subject.emit(nil).should == 'NULL'
+      end
+    end
+
+    context "when passed true" do
+      it "should emit true" do
+        subject.emit(true).should == '1=1'
+      end
+    end
+
+    context "when passed false" do
+      it "should emit false" do
+        subject.emit(false).should == '1=0'
+      end
+    end
+
+    context "when passed an Integer" do
+      it "should emit an integer" do
+        subject.emit(10).should == '10'
+      end
+    end
+
+    context "when passed a Float" do
+      it "should emit a decimal" do
+        subject.emit(2.5).should == '2.5'
+      end
+    end
+
+    context "when passed a String" do
+      it "should emit a string" do
+        subject.emit("O'Brian").should == "'O''Brian'"
+      end
+    end
+
+    context "when passed a Literal" do
+      let(:literal) { SQL::Literal.new(42) }
+
+      it "should emit the value" do
+        subject.emit(literal).should == '42'
+      end
+    end
+
+    context "when passed a Field" do
+      let(:table)  { SQL::Field.new(:users)    }
+      let(:column) { SQL::Field.new(:id,table) }
+
+      it "should emit a field" do
+        subject.emit(column).should == 'users.id'
+      end
+    end
+
+    context "when passed a Symbol" do
+      it "should emit a field" do
+        subject.emit(:id).should == 'id'
+      end
+    end
+
+    context "when passed an Array" do
+      it "should emit a list" do
+        subject.emit([1,2,3,'foo']).should == "(1,2,3,'foo')"
+      end
+    end
+
+    context "when passed a Hash" do
+      it "should emit a list of assignments" do
+        subject.emit(x: 1, y: 2).should == 'x=1,y=2'
+      end
+    end
+
+    context "when passed a BinaryExpr" do
+      let(:expr) { SQL::BinaryExpr.new(:id,:"=",1) }
+
+      it "should emit an expression" do
+        subject.emit(expr).should == 'id=1'
+      end
+    end
+
+    context "when passed a UnaryExpr" do
+      let(:expr) { SQL::UnaryExpr.new(:NOT,:admin) }
+
+      it "should emit an expression" do
+        subject.emit(expr).should == 'NOT admin'
+      end
+    end
+
+    context "when passed a Statment" do
+      let(:stmt) { SQL::Statement.new(:SELECT,1) }
+
+      it "should emit a statement" do
+        subject.emit(stmt).should == 'SELECT 1'
+      end
+    end
+
+    context "when the object responds to #to_sql" do
+      let(:object) { double(:sql_object) }
+      let(:sql)    { "EXEC sp_configure 'xp_cmdshell', 0;" }
+
+      it "should call #to_sql" do
+        object.stub(:to_sql).and_return(sql)
+
+        subject.emit(object).should == sql
+      end
+    end
+
+    context "otherwise" do
+      let(:object) { Object.new }
+
+      it "should raise an ArgumentError" do
+        lambda {
+          subject.emit(object)
+        }.should raise_error(ArgumentError)
+      end
+    end
+  end
+
+  describe "#emit_clause" do
+    let(:clause) { SQL::Clause.new(:"NOT INDEXED") }
+
+    it "should emit the clause keyword" do
+      subject.emit_clause(clause).should == "NOT INDEXED"
+    end
+
+    context "with an argument" do
+      let(:argument) { 100 }
+      let(:clause)   { SQL::Clause.new(:LIMIT,argument) }
+
+      it "should also emit the clause argument" do
+        subject.emit_clause(clause).should == "LIMIT #{argument}"
+      end
+    end
+
+    context "with custom :space" do
+      subject { described_class.new(space: '/**/') }
+
+      let(:clause)   { SQL::Clause.new(:LIMIT,100) }
+
+      it "should emit the custom white-space deliminater" do
+        subject.emit_clause(clause).should == 'LIMIT/**/100'
+      end
+    end
+  end
+
+  describe "#emit_clauses" do
+    let(:clauses) do
+      [
+        SQL::Clause.new(:LIMIT, 100),
+        SQL::Clause.new(:OFFSET, 10)
+      ]
+    end
+
+    it "should emit multiple clauses" do
+      subject.emit_clauses(clauses).should == 'LIMIT 100 OFFSET 10'
+    end
+
+    context "with custom :space" do
+      subject { described_class.new(space: '/**/') }
+
+      it "should emit the custom white-space deliminater" do
+        subject.emit_clauses(clauses).should == 'LIMIT/**/100/**/OFFSET/**/10'
+      end
+    end
+  end
+
+  describe "#emit_statement" do
+    subject { described_class.new(case: :lower) }
+
+    context "without an argument" do
+      let(:stmt) { SQL::Statement.new(:SELECT) }
+
+      it "should emit the statment keyword" do
+        subject.emit_statement(stmt).should == 'select'
+      end
+    end
+
+    context "with an argument" do
+      let(:stmt) { SQL::Statement.new(:SELECT,1) }
+
+      it "should emit the statment argument" do
+        subject.emit_statement(stmt).should == 'select 1'
+      end
+
+      context "with custom :space" do
+        subject { described_class.new(case: :lower, space: '/**/') }
+
+        it "should emit the custom white-space deliminater" do
+          subject.emit_statement(stmt).should == 'select/**/1'
+        end
+      end
+    end
+
+    context "with clauses" do
+      let(:stmt) { SQL::Statement.new(:SELECT,1).offset(1).limit(100) }
+
+      it "should emit the statment argument" do
+        subject.emit_statement(stmt).should == 'select 1 offset 1 limit 100'
+      end
+
+      context "with custom :space" do
+        subject { described_class.new(case: :lower, space: '/**/') }
+
+        it "should emit the custom white-space deliminater" do
+          subject.emit_statement(stmt).should == 'select/**/1/**/offset/**/1/**/limit/**/100'
+        end
+      end
+    end
+  end
+
+  describe "#emit_statement_list" do
+    let(:stmts) do
+      sql = SQL::StatementList.new
+      sql << SQL::Statement.new(:SELECT, 1)
+      sql << SQL::Statement.new([:DROP, :TABLE], :users)
+      sql
+    end
+
+    it "should emit multiple statements separated by '; '" do
+      subject.emit_statement_list(stmts).should == 'SELECT 1; DROP TABLE users'
+    end
+
+    context "with custom :space" do
+      subject { described_class.new(space: '/**/') }
+
+      it "should emit the custom white-space deliminater" do
+        subject.emit_statement_list(stmts).should == 'SELECT/**/1;/**/DROP/**/TABLE/**/users'
+      end
+    end
+  end
+end