# frozen_string_literal: true
#
# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
#
# ronin-support is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ronin-support is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ronin-support.  If not, see <https://www.gnu.org/licenses/>.
#

module Ronin
  module Support
    class Encoding < ::Encoding
      #
      # Contains methods for encoding/decoding escaping/unescaping SQL data.
      #
      # ## Core-Ext Methods
      #
      # * {String#sql_escape}
      # * {String#sql_unescape}
      # * {String#sql_encode}
      # * {String#sql_decode}
      #
      # @api public
      #
      module SQL
        # The quote styles and their quote characters.
        QUOTE_STYLES = {
          single: "'",
          double: '"',
          tick:   '`'
        }

        #
        # Escapes a String for SQL.
        #
        # @param [String] data
        #   The String to SQL escape.
        #
        # @param [:single, :double, :tick] quotes
        #   Specifies whether to create a single or double quoted string.
        #
        # @return [String]
        #   The SQL escaped string.
        #
        # @raise [ArgumentError]
        #   The quotes argument was neither `:single`, `:double` nor `:tick`.
        #
        def self.escape(data, quotes: :single)
          char = QUOTE_STYLES.fetch(quotes) do
                   raise(ArgumentError,"invalid quoting style #{quotes.inspect}")
                 end

          escaped = data.gsub(char,char * 2)

          return "#{char}#{escaped}#{char}"
        end

        #
        # Unescapes a SQL String.
        #
        # @param [String] data
        #   The SQL string to unescape.
        #
        # @return [String]
        #   The unescaped SQL string value.
        #
        # @raise [ArgumentError]
        #   The String was not quoted with single, double or tick-mark quotes.
        #
        def self.unescape(data)
          char = if    (data[0] == "'" && data[-1] == "'") then "'"
                 elsif (data[0] == '"' && data[-1] == '"') then '"'
                 elsif (data[0] == '`' && data[-1] == '`') then '`'
                 else
                   raise(ArgumentError,"#{data.inspect} is not properly quoted")
                 end

          return data[1..-2].gsub(char * 2,char)
        end

        #
        # Returns the SQL hex-string encoded form of the String.
        #
        # @param [String] data
        #
        # @return [String]
        #
        def self.encode(data)
          return '' if data.empty?

          hex_string = String.new('0x')

          data.each_byte do |b|
            hex_string << ('%.2x' % b)
          end

          return hex_string
        end

        #
        # Returns the SQL decoded form of the String.
        #
        # @param [String] data
        #   The SQL string to decode.
        #
        # @return [String]
        #   The decoded String.
        #
        def self.decode(data)
          if (data =~ /^[0-9a-fA-F]{2,}$/ && data.length.even?)
            raw = String.new

            data.scan(/../) do |hex_char|
              raw << hex_char.to_i(16)
            end

            return raw
          else
            unescape(data)
          end
        end
      end
    end
  end
end

require 'ronin/support/encoding/sql/core_ext'