Added Ronin::Code::SQL::Mixin.

postmodern · postmodern · commit 2acd8449678b · 2023-06-26T17:00:47.000-07:00
diff --git a/lib/ronin/code/sql.rb b/lib/ronin/code/sql.rb
@@ -18,8 +18,7 @@
 # along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/code/sql/statement_list'
-require 'ronin/code/sql/injection'
+require 'ronin/code/sql/mixin'
 
 module Ronin
   module Code
@@ -30,65 +29,7 @@ module Code
     # @see http://en.wikipedia.org/wiki/SQL_injection
     #
     module SQL
-      #
-      # Creates a new SQL statement list.
-      #
-      # @yield [(statements)]
-      #   If a block is given, it will be evaluated within the statement list.
-      #   If the block accepts an argument, the block will be called with the
-      #   new statement list.
-      #
-      # @yieldparam [StatementList] statements
-      #   The new statement list.
-      #
-      # @return [StatementList]
-      #   The new SQL statement list.
-      #
-      # @example
-      #   sql { select(1,2,3,4,id).from(users) }
-      #   # => #<Ronin::Code::SQL::StatementList: SELECT (1,2,3,4,id) FROM users>
-      #
-      # @api public
-      #
-      def sql(&block)
-        StatementList.new(&block)
-      end
-
-      #
-      # Creates a new SQL injection (SQLi)
-      #
-      # @param [Hash{Symbol => Object}] kwargs
-      #   Additional keyword arguments for {Injection#initialize}.
-      #
-      # @option kwargs [:integer, :decimal, :string, :column] :escape
-      #   The type of element to escape out of.
-      #
-      # @option kwargs [Boolean] :terminate
-      #   Specifies whether to terminate the SQLi with a comment.
-      #
-      # @option kwargs [String, Symbol, Integer] :place_holder
-      #   Place-holder data.
-      #
-      # @yield [(injection)]
-      #   If a block is given, it will be evaluated within the injection.
-      #   If the block accepts an argument, the block will be called with the
-      #   new injection.
-      #
-      # @yieldparam [Injection] injection
-      #   The new injection.
-      #
-      # @return [Injection]
-      #   The new SQL injection.
-      #
-      # @example
-      #   sqli { self.and { 1 == 1 }.select(1,2,3,4,id).from(users) }
-      #   # => #<Ronin::Code::SQL::Injection: 1 AND 1=1; SELECT (1,2,3,4,id) FROM users; SELECT (1,2,3,4,id) FROM users>
-      #
-      # @api public
-      #
-      def sqli(**kwargs,&block)
-        Injection.new(**kwargs,&block)
-      end
+      include Mixin
     end
   end
 end
diff --git a/lib/ronin/code/sql/mixin.rb b/lib/ronin/code/sql/mixin.rb
@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+#
+# ronin-code-sql - A Ruby DSL for crafting SQL Injections.
+#
+# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-code-sql is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-code-sql is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-code-sql.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/code/sql/statement_list'
+require 'ronin/code/sql/injection'
+
+module Ronin
+  module Code
+    module SQL
+      #
+      # Adds helper methods for building SQL or SQL injections.
+      #
+      # @since 2.1.0
+      #
+      module Mixin
+        #
+        # Creates a new SQL statement list.
+        #
+        # @yield [(statements)]
+        #   If a block is given, it will be evaluated within the statement list.
+        #   If the block accepts an argument, the block will be called with the
+        #   new statement list.
+        #
+        # @yieldparam [StatementList] statements
+        #   The new statement list.
+        #
+        # @return [StatementList]
+        #   The new SQL statement list.
+        #
+        # @example
+        #   sql { select(1,2,3,4,id).from(users) }
+        #   # => #<Ronin::Code::SQL::StatementList: SELECT (1,2,3,4,id) FROM users>
+        #
+        # @api public
+        #
+        def sql(&block)
+          StatementList.new(&block)
+        end
+
+        #
+        # Creates a new SQL injection (SQLi)
+        #
+        # @param [Hash{Symbol => Object}] kwargs
+        #   Additional keyword arguments for {Injection#initialize}.
+        #
+        # @option kwargs [:integer, :decimal, :string, :column] :escape
+        #   The type of element to escape out of.
+        #
+        # @option kwargs [Boolean] :terminate
+        #   Specifies whether to terminate the SQLi with a comment.
+        #
+        # @option kwargs [String, Symbol, Integer] :place_holder
+        #   Place-holder data.
+        #
+        # @yield [(injection)]
+        #   If a block is given, it will be evaluated within the injection.
+        #   If the block accepts an argument, the block will be called with the
+        #   new injection.
+        #
+        # @yieldparam [Injection] injection
+        #   The new injection.
+        #
+        # @return [Injection]
+        #   The new SQL injection.
+        #
+        # @example
+        #   sqli { self.and { 1 == 1 }.select(1,2,3,4,id).from(users) }
+        #   # => #<Ronin::Code::SQL::Injection: 1 AND 1=1; SELECT (1,2,3,4,id) FROM users; SELECT (1,2,3,4,id) FROM users>
+        #
+        # @api public
+        #
+        def sqli(**kwargs,&block)
+          Injection.new(**kwargs,&block)
+        end
+      end
+    end
+  end
+end
diff --git a/spec/sql/mixin_spec.rb b/spec/sql/mixin_spec.rb
@@ -0,0 +1,25 @@
+require 'spec_helper'
+require 'ronin/code/sql/mixin'
+
+describe Ronin::Code::SQL::Mixin do
+  module TestMixin
+    class TestClass
+      include Ronin::Code::SQL::Mixin
+    end
+  end
+
+  let(:test_class) { TestMixin::TestClass }
+  subject { test_class.new }
+
+  describe "#sql" do
+    it "should return a new SQL::StatementList" do
+      expect(subject.sql).to be_kind_of(Ronin::Code::SQL::StatementList)
+    end
+  end
+
+  describe "#sqli" do
+    it "should return a new SQL::Injection" do
+      expect(subject.sqli).to be_kind_of(Ronin::Code::SQL::Injection)
+    end
+  end
+end
diff --git a/spec/sql_spec.rb b/spec/sql_spec.rb
@@ -2,17 +2,7 @@
 require 'ronin/code/sql'
 
 describe Ronin::Code::SQL do
-  subject { Object.new.extend(described_class) }
-
-  describe "#sql" do
-    it "should return a new SQL::StatementList" do
-      expect(subject.sql).to be_kind_of(Ronin::Code::SQL::StatementList)
-    end
-  end
-
-  describe "#sqli" do
-    it "should return a new SQL::Injection" do
-      expect(subject.sqli).to be_kind_of(Ronin::Code::SQL::Injection)
-    end
+  it "must include SQL::Mixin" do
+    expect(subject).to include(Ronin::Code::SQL::Mixin)
   end
 end
