Class: Ronin::SQL::Injection

Inherits:

StatementList

• Object
• StatementList
• Ronin::SQL::Injection

Includes:

Clauses, Literals

Defined in:

lib/ronin/sql/injection.rb

Overview

Represents a SQL injection (SQLi).

See Also:

• http://en.wikipedia.org/wiki/SQL_injection

Constant Summary

PLACE_HOLDERS =

Default place holder values.

{
  integer: 1,
  decimal: 1.0,
  string:  '1',
  list:    [nil],
  column:  :id
}

Instance Attribute Summary

• #escape ⇒ Object readonly

  The type of element to escape out of.

• #expression ⇒ Object readonly

  The expression that will be injected.

Attributes inherited from StatementList

#statements

Instance Method Summary

• #and {|(expr)| ... } ⇒ self

  Appends an AND expression to the injection.

• #initialize(options = {}) {|(injection)| ... } ⇒ Injection constructor

  Initializes a new SQL injection.

• #or {|(expr)| ... } ⇒ self

  Appends an OR expression to the injection.

• #to_sql(options = {}) ⇒ String

  Converts the SQL injection to SQL.

Methods included from Clauses

#clause, #clauses, #default_values, #from, #full_join, #group_by, #having, #indexed_by, #inner_join, #into, #join, #left_join, #limit, #not_indexed, #offset, #on, #right_join, #set, #top, #union, #union_all, #values, #where

Methods included from Literals

#float, #int, #null, #string

Methods inherited from StatementList

#<<, #statement

Methods included from Emittable

#emitter, #inspect, #to_s

Methods included from Statements

#delete, #drop_table, #insert, #select, #statement, #update

Methods included from Functions

#abs, #acos, #ascii, #asin, #atan, #atan2, #avg, #bin, #bit_and, #bit_count, #bit_length, #bit_or, #ceil, #ceiling, #char, #char_length, #character_length, #concat, #concat_ws, #conv, #cos, #cot, #count, #degrees, #elt, #exp, #export_set, #field, #find_in_set, #floor, #format, #glob, #greatest, #hex, #insert, #instr, #interval, #lcase, #least, #left, #length, #like, #load_file, #locate, #log, #log10, #lower, #lpad, #ltrim, #make_set, #max, #mid, #min, #mod, #oct, #octet_length, #ord, #pi, #position, #pow, #power, #quote, #radians, #rand, #random, #repeat, #replace, #reverse, #right, #round, #rpad, #rtrim, #sign, #sin, #soundex, #space, #sqrt, #std, #stddev, #strcmp, #substring, #substring_index, #sum, #tan, #trim, #truncate, #ucase, #unhex, #upper

Methods included from Fields

#method_missing, #respond_to_missing?, #to_ary

Constructor Details

#initialize(options = {}) {|(injection)| ... } ⇒ Injection

Initializes a new SQL injection.

Parameters:

• options (Hash) (defaults to: {}) —

  Additional injection options.

Options Hash (options):

• :escape (:integer, :decimal, :string, :column) — default: :integer —

  The type of element to escape out of.

• :terminate (Boolean) —

  Specifies whether to terminate the SQLi with a comment.

• :place_holder (String, Symbol, Integer) —

  Place-holder data.

Yields:

• ((injection)) —

  If a block is given, it will be evaluated within the injection. If the block accepts an argument, the block will be called with the new injection.

Yield Parameters:

• injection (Injection) —

  The new injection.

# File 'lib/ronin/sql/injection.rb', line 80

def initialize(options={},&block)
  @escape       = options.fetch(:escape,:integer)

  place_holder = options.fetch(:place_holder) do
    PLACE_HOLDERS.fetch(@escape)
  end

  @expression = InjectionExpr.new(place_holder)

  super(&block)
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class Ronin::SQL::Fields

Instance Attribute Details

#escape ⇒ Object (readonly)

The type of element to escape out of

# File 'lib/ronin/sql/injection.rb', line 52

def escape
  @escape
end

#expression ⇒ Object (readonly)

The expression that will be injected

# File 'lib/ronin/sql/injection.rb', line 55

def expression
  @expression
end

Instance Method Details

#and {|(expr)| ... } ⇒ self

Appends an AND expression to the injection.

Yields:

• ((expr)) —

  The return value of the block will be used as the right-hand side operand. If the block accepts an argument, it will be called with the injection.

Yield Parameters:

• expr (InjectionExpr)

Returns:

• (self)

# File 'lib/ronin/sql/injection.rb', line 104

def and(&block)
  @expression.and(&block)
  return self
end

#or {|(expr)| ... } ⇒ self

Appends an OR expression to the injection.

Yields:

• ((expr)) —

  The return value of the block will be used as the right-hand side operand. If the block accepts an argument, it will be called with the injection expression.

Yield Parameters:

• expr (InjectionExp)

Returns:

• (self)

# File 'lib/ronin/sql/injection.rb', line 121

def or(&block)
  @expression.or(&block)
  return self
end

#to_sql(options = {}) ⇒ String

Converts the SQL injection to SQL.

Parameters:

• options (Hash) (defaults to: {}) —

  Additional options for Emitter#initialize.

Options Hash (options):

• :terminate (Boolean) —

  Specifies whether to terminate the injection with ;--.

Returns:

• (String) —

  The raw SQL.

# File 'lib/ronin/sql/injection.rb', line 138

def to_sql(options={})
  emitter = emitter(options)
  sql     = @expression.to_sql(options)

  unless clauses.empty?
    sql << emitter.space << emitter.emit_clauses(clauses)
  end

  unless statements.empty?
    sql << ';' << emitter.space << emitter.emit_statement_list(self)
  end

  case @escape
  when :string, :list
    if (options[:terminate] || (sql[0,1] != sql[-1,1]))
      # terminate the expression
      sql << ';--'
    else
      sql = sql[0..-2]
    end

    # balance the quotes
    sql = sql[1..-1]
  else
    if options[:terminate]
      # terminate the expression
      sql << ';--'
    end
  end

  return sql
end