dradis-nexpose 4.15.0 → 4.16.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 741c488c76cb9554ce3b2a61997374262453a38e3256cad93c1885602d872bca
-  data.tar.gz: c896b751650744b60e8ddfeae40c4cba4277901d404e95bdb594674024227038
+  metadata.gz: 0dd759ff5965a397c6dc53aa7fe958a472377df1e4b88598c084ef710bbf7325
+  data.tar.gz: cc1caab7f91bf7a934b940bda4773ea0af137218320c26fe4b33e89bfe212499
 SHA512:
-  metadata.gz: 93068f684c000bcf4cb4f5944b38dd3e57ae7152c7c9f046b8db9e65c46a76323f5b399feffa47474cb62af5da17e26746af419c4a9eacd824437d5f6d0cae0e
-  data.tar.gz: e812c05c84e2b12e36fdb858eadd2daf02bd87b5c69cf5cc7b4cbaa9cbc8fe7eb213e12d58c8518a0c631fcb08bb0ff78973cdbd264d8f741021a84817adee8c
+  metadata.gz: 11ab68a5ada00fd69fc77b7f41b3e08441dc7e0ac9fdbad90ff006b62a307fd6a4a44d05d534e954c88391ce63ec5fc28b4682e4e6e4f4c488f7a489192c0e6f
+  data.tar.gz: f610891a766cdb60ac5f1eccb90bfc497b2ee087f3c5ef3bd52037a11e342118c4ea62938ce3e7170409682c7a78302ecbbf06fe6d2450dde8a12584a6544ceb

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+v4.16.0 (May 2025)
+  - Format UnorderedList/OrderedList to textile
+
 v4.15.0 (December 2024)
   - No changes
 

data/lib/dradis/plugins/nexpose/gem_version.rb

@@ -8,7 +8,7 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 15
+        MINOR = 16
         TINY = 0
         PRE = nil
 

data/lib/dradis/plugins/nexpose/xml_formatter.rb

@@ -0,0 +1,81 @@
+module Dradis::Plugins::Nexpose
+  class XmlFormatter
+    def format_html_content(source)
+      result = format_list(source)
+
+      cleanup_html(result)
+    end
+
+    def cleanup_html(source)
+      result = source.to_s
+      result.gsub!(/<ContainerBlockElement>(.*?)<\/ContainerBlockElement>/m) { |m| "#{ $1 }" }
+      result.gsub!(/<Paragraph preformat=\"true\">(\s*)<Paragraph preformat=\"true\">(.*?)<\/Paragraph>(\s*)<\/Paragraph>/mi) do
+        text = $2
+        text[/\n/] ? "\nbc.. #{ text }\n\np. " : "@#{text}@"
+      end
+      result.gsub!(/<Paragraph preformat=\"true\">(.*?)<\/Paragraph>/mi) do
+        text = $1
+        text[/\n/] ? "\nbc.. #{ text }\n\np. " : "@#{text}@"
+      end
+      result.gsub!(/<Paragraph>(.*?)<\/Paragraph>/m) { |m| "#{ $1 }\n" }
+      result.gsub!(/<Paragraph>|<\/Paragraph>/, '')
+      result.gsub!(/          /, '')
+      result.gsub!(/   /, '')
+      result.gsub!(/\t\t/, '')
+      result.gsub!(/<URLLink(.*)LinkURL=\"(.*?)\"(.*?)>(.*?)<\/URLLink>/im) { "\"#{$4.strip}\":#{$2.strip} " }
+      result.gsub!(/<URLLink LinkTitle=\"(.*?)\"(.*?)LinkURL=\"(.*?)\"\/>/i) { "\"#{$1.strip}\":#{$3.strip} " }
+      result.gsub!(/<URLLink LinkURL=\"(.*?)\"(.*?)LinkTitle=\"(.*?)\"\/>/i) { "\"#{$3.strip}\":#{$1.strip} " }
+      result.gsub!(/&gt;/, '>')
+      result.gsub!(/&lt;/, '<')
+      result
+    end
+
+    def cleanup_nested(source)
+      result = source.to_s
+      result.gsub!(/<references>/, '')
+      result.gsub!(/<\/references>/, '')
+      result.gsub!(/<reference source=\"(.*?)\">(.*?)<\/reference>/i) { "#{$1.strip}: #{$2.strip}\n" }
+      result.gsub!(/<tags>/, '')
+      result.gsub!(/<\/tags>/, '')
+      result.gsub!(/<tag>(.*?)<\/tag>/) { "#{$1}\n" }
+      result.gsub!(/        /, '')
+      result
+    end
+
+   private
+
+    def format_list(source)
+      if source.xpath('./UnorderedList | ./OrderedList').any?
+        format_nexpose_list(source)
+      else
+        source
+      end
+    end
+
+    def format_nexpose_list(xml, depth = 1)
+      xml.xpath('./UnorderedList | ./OrderedList').map do |list|
+        list_item_element = list.name == 'UnorderedList' ? '*' : '#'
+
+        list.xpath('./ListItem').map do |list_item|
+          paragraphs = list_item.xpath('./Paragraph')
+
+          list_item_text =
+            if paragraphs.any?
+              paragraphs.map do |paragraph|
+                # <Paragraph> nodes can either have more lists or just text
+                if paragraph.xpath('./UnorderedList | ./OrderedList').any?
+                  format_nexpose_list(paragraph, depth + 1)
+                else
+                  cleanup_html(paragraph.to_s).chomp
+                end
+              end.join("\n")
+            else
+              list_item.text
+            end
+
+          ''.ljust(depth, list_item_element) + ' ' + list_item_text
+        end.join("\n")
+      end.join("\n")
+    end
+  end
+end

data/lib/dradis/plugins/nexpose.rb

@@ -11,3 +11,4 @@ require 'dradis/plugins/nexpose/full/importer'
 require 'dradis/plugins/nexpose/mapping'
 require 'dradis/plugins/nexpose/simple/importer'
 require 'dradis/plugins/nexpose/version'
+require 'dradis/plugins/nexpose/xml_formatter'

data/lib/nexpose/vulnerability.rb

@@ -20,7 +20,7 @@ module Nexpose
     def supported_tags
       [
         # attributes
-        :added, :cvss_score, :cvss_vector, :modified, :nexpose_id, :pci_severity, 
+        :added, :cvss_score, :cvss_vector, :modified, :nexpose_id, :pci_severity,
         :published, :risk_score, :severity, :title,
 
         # simple tags
@@ -34,10 +34,9 @@ module Nexpose
       ]
     end
 
-
     # This allows external callers (and specs) to check for implemented
     # properties
-    def respond_to?(method, include_private=false)
+    def respond_to?(method, include_private = false)
       return true if supported_tags.include?(method.to_sym)
       super
     end
@@ -49,7 +48,6 @@ module Nexpose
     # attribute, simple descendent or collection that it maps to in the XML
     # tree.
     def method_missing(method, *args)
-
       # We could remove this check and return nil for any non-recognized tag.
       # The problem would be that it would make tricky to debug problems with
       # typos. For instance: <>.potr would return nil instead of raising an
@@ -62,11 +60,11 @@ module Nexpose
       # First we try the attributes. In Ruby we use snake_case, but in XML
       # CamelCase is used for some attributes
       translations_table = {
-        :nexpose_id => 'id',
-        :pci_severity => 'pciSeverity',
-        :risk_score => 'riskScore',
-        :cvss_score => 'cvssScore',
-        :cvss_vector =>'cvssVector'
+        nexpose_id: 'id',
+        pci_severity: 'pciSeverity',
+        risk_score: 'riskScore',
+        cvss_score: 'cvssScore',
+        cvss_vector: 'cvssVector'
       }
 
       method_name = translations_table.fetch(method, method.to_s)
@@ -78,13 +76,14 @@ module Nexpose
       nest = @xml.xpath("./#{method_name}").first
 
       # We need to clean up tags that have HTML content in them
+      formatter = Dradis::Plugins::Nexpose::XmlFormatter.new
       if tags_with_html_content.include?(method)
-        result = cleanup_html(tag)
+        result = formatter.format_html_content(tag)
         result = add_bc_to_ssl_cipher_list(result) if SSL_CIPHER_VULN_IDS.include?(@xml.attributes['id'].value)
         return result
       # And we need to clean up the tags with nested content in them
       elsif tags_with_nested_content.include?(method)
-        return cleanup_nested(nest)
+        return formatter.cleanup_nested(nest)
       else
         return tag
       end
@@ -96,7 +95,7 @@ module Nexpose
         return @xml.xpath("//test[@id='#{vuln_id}']/Paragraph").
           text.split("\n").
           collect(&:strip).
-          reject{|line| line.empty?}.join("\n")
+          reject { |line| line.empty? }.join("\n")
       end
 
       nil
@@ -106,46 +105,7 @@ module Nexpose
 
     def add_bc_to_ssl_cipher_list(source)
       result = source.to_s
-      result.gsub!(/\n(.*?)!(.*?)/){"\nbc. #{ $1 }!#{ $2 }\n"}
-      result
-    end
-
-    def cleanup_html(source)
-      result = source.to_s
-      result.gsub!(/<ContainerBlockElement>(.*?)<\/ContainerBlockElement>/m){|m| "#{ $1 }"}
-      result.gsub!(/<Paragraph preformat=\"true\">(\s*)<Paragraph preformat=\"true\">(.*?)<\/Paragraph>(\s*)<\/Paragraph>/mi) do
-        text = $2
-        text[/\n/] ? "\nbc.. #{ text }\n\np. " : "@#{text}@"
-      end
-      result.gsub!(/<Paragraph preformat=\"true\">(.*?)<\/Paragraph>/mi) do
-        text = $1
-        text[/\n/] ? "\nbc.. #{ text }\n\np. " : "@#{text}@"
-      end
-      result.gsub!(/<Paragraph>(.*?)<\/Paragraph>/m){|m| "#{ $1 }\n"}
-      result.gsub!(/<Paragraph>|<\/Paragraph>/, '')
-      result.gsub!(/<UnorderedList(.*?)>(.*?)<\/UnorderedList>/m){|m| "#{ $2 }"}
-      result.gsub!(/<OrderedList(.*?)>(.*?)<\/OrderedList>/m){|m| "#{ $2 }"}
-      result.gsub!(/<ListItem>|<\/ListItem>/, '')
-      result.gsub!(/          /, '')
-      result.gsub!(/   /, '')
-      result.gsub!(/\t\t/, '')
-      result.gsub!(/<URLLink(.*)LinkURL=\"(.*?)\"(.*?)>(.*?)<\/URLLink>/im) { "\"#{$4.strip}\":#{$2.strip} " }
-      result.gsub!(/<URLLink LinkTitle=\"(.*?)\"(.*?)LinkURL=\"(.*?)\"\/>/i) { "\"#{$1.strip}\":#{$3.strip} " }
-      result.gsub!(/<URLLink LinkURL=\"(.*?)\"(.*?)LinkTitle=\"(.*?)\"\/>/i) { "\"#{$3.strip}\":#{$1.strip} " }
-      result.gsub!(/&gt;/, '>')
-      result.gsub!(/&lt;/, '<')
-      result
-    end
-
-    def cleanup_nested(source)
-      result = source.to_s
-      result.gsub!(/<references>/, '')
-      result.gsub!(/<\/references>/, '')
-      result.gsub!(/<reference source=\"(.*?)\">(.*?)<\/reference>/i) {"#{$1.strip}: #{$2.strip}\n"}
-      result.gsub!(/<tags>/, '')
-      result.gsub!(/<\/tags>/, '')
-      result.gsub!(/<tag>(.*?)<\/tag>/) {"#{$1}\n"}
-      result.gsub!(/        /, '')
+      result.gsub!(/\n(.*?)!(.*?)/) { "\nbc. #{ $1 }!#{ $2 }\n" }
       result
     end
 
@@ -156,6 +116,5 @@ module Nexpose
     def tags_with_nested_content
       [:references, :tags]
     end
-
   end
 end

data/spec/fixtures/files/full.xml

@@ -127,11 +127,27 @@
         <ContainerBlockElement>
           <UnorderedList>
             <ListItem>
+              <Paragraph>Microsoft Windows</Paragraph>
               <Paragraph>
-                <Paragraph>You can remove inode information from the ETag header by adding the following directive to your Apache config:</Paragraph>
-                <Paragraph preformat="true">FileETag MTime Size</Paragraph>
+                <OrderedList>
+                  <ListItem>Open the Windows Control Panel.</ListItem>
+                  <ListItem>Select &quot;Administrative Tools&quot;.</ListItem>
+                  </OrderedList>
               </Paragraph>
             </ListItem>
+            <ListItem>
+              <Paragraph>Microsoft Windows</Paragraph>
+              <Paragraph>
+                <OrderedList>
+                  <ListItem>Open the &quot;Performance and Maintenance&quot; control panel.</ListItem>
+                  <ListItem>Select &quot;Administrative Tools&quot;.</ListItem>
+                  <ListItem>Restart the system for the changes to take effect.</ListItem></OrderedList></Paragraph></ListItem>
+            <ListItem>
+              <Paragraph>Microsoft Windows</Paragraph>
+              <Paragraph>
+                <OrderedList>
+                  <ListItem>Open the &quot;Administrative Tools&quot; control panel.</ListItem>
+                  <ListItem>Restart the system for the changes to take effect.</ListItem></OrderedList></Paragraph></ListItem>
             <ListItem>
               <Paragraph>OpenBSD</Paragraph>
               <Paragraph>Download and apply the patch from:

data/spec/fixtures/files/lists.xml

@@ -0,0 +1,26 @@
+<ContainerBlockElement>
+  <UnorderedList>
+    <ListItem>
+      <Paragraph>Microsoft Windows</Paragraph>
+      <Paragraph>
+        <OrderedList>
+          <ListItem>Open the Windows Control Panel.</ListItem>
+          <ListItem>Select &quot;Administrative Tools&quot;.</ListItem>
+          </OrderedList>
+      </Paragraph>
+    </ListItem>
+    <ListItem>
+      <Paragraph>Microsoft Windows</Paragraph>
+      <Paragraph>
+        <OrderedList>
+          <ListItem>Open the &quot;Performance and Maintenance&quot; control panel.</ListItem>
+          <ListItem>Select &quot;Administrative Tools&quot;.</ListItem>
+          <ListItem>Restart the system for the changes to take effect.</ListItem></OrderedList></Paragraph></ListItem>
+    <ListItem>
+      <Paragraph>Microsoft Windows</Paragraph>
+      <Paragraph>
+        <OrderedList>
+          <ListItem>Open the &quot;Administrative Tools&quot; control panel.</ListItem>
+          <ListItem>Restart the system for the changes to take effect.</ListItem></OrderedList></Paragraph></ListItem>
+  </UnorderedList>
+</ContainerBlockElement>

data/spec/nexpose_upload_spec.rb

@@ -54,5 +54,157 @@ describe 'Nexpose upload plugin' do
         expect(@result).to include('n/a')
       end
     end
+
+    describe 'Importer: Full' do
+      it 'creates nodes, issues, notes and an evidences as needed' do
+        expect(@content_service).to receive(:create_node).with(hash_including label: 'Nexpose Scan Summary').once
+        expect(@content_service).to receive(:create_note) do |args|
+          expect(args[:text]).to include("#[Title]#\nUSDA_Internal (4)")
+          expect(args[:node].label).to eq('Nexpose Scan Summary')
+        end.once
+
+        expect(@content_service).to receive(:create_node) do |args|
+          expect(args[:label]).to eq('1.1.1.1')
+          expect(args[:type]).to eq(:host)
+          create(:node, args.except(:type))
+        end
+
+        expect(@content_service).to receive(:create_note) do |args|
+          expect(args[:text]).to include("#[Title]#\n1.1.1.1")
+          expect(args[:node].label).to eq('1.1.1.1')
+        end.once
+
+        expect(@content_service).to receive(:create_note) do |args|
+          expect(args[:text]).to include("#[Title]#\nService name: NTP")
+          expect(args[:node].label).to eq('1.1.1.1')
+        end.once
+
+        expect(@content_service).to receive(:create_note) do |args|
+          expect(args[:text]).to include("#[Title]#\nService name: SNMP")
+          expect(args[:node].label).to eq('1.1.1.1')
+        end.once
+
+        expect(@content_service).to receive(:create_issue) do |args|
+          expect(args[:text]).to include("#[Title]#\nApache HTTPD: error responses can expose cookies (CVE-2012-0053)")
+          expect(args[:id]).to eq('ntp-clock-variables-disclosure')
+          OpenStruct.new(args)
+        end.once
+
+        expect(@content_service).to receive(:create_issue) do |args|
+          expect(args[:text]).to include("#[Title]#\nApache HTTPD: ETag Inode Information Leakage (CVE-2003-1418)")
+          expect(args[:id]).to eq('test-02')
+          OpenStruct.new(args)
+        end.once
+
+        expect(@content_service).to receive(:create_evidence) do |args|
+          expect(args[:content]).to include("#[ID]#\nntp-clock-variables-disclosure\n\n")
+          expect(args[:issue].id).to eq('ntp-clock-variables-disclosure')
+          expect(args[:node].label).to eq('1.1.1.1')
+        end.once
+
+        expect(@content_service).to receive(:create_evidence) do |args|
+          expect(args[:content]).to include("#[ID]#\ntest-02\n\n")
+          expect(args[:issue].id).to eq('test-02')
+          expect(args[:node].label).to eq('1.1.1.1')
+        end.once
+
+        @importer.import(file: @fixtures_dir + '/full.xml')
+
+        expect(Node.find_by(label: '1.1.1.1').properties[:os]).to eq('IOS')
+      end
+
+      it 'wraps ciphers inside ssl issues in code blocks' do
+        expect(@content_service).to receive(:create_issue) do |args|
+          expect(args[:text]).to include('bc. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256')
+          OpenStruct.new(args)
+        end.once
+
+        @importer.import(file: @fixtures_dir + '/ssl.xml')
+      end
+
+      # Regression test for github.com/dradis/dradis-nexpose/issues/1
+      it 'populates solutions regardless of if they are wrapped in paragraphs or lists' do
+        expect(@content_service).to receive(:create_issue) do |args|
+          expect(args[:text]).to include("#[Solution]#\n\nApache HTTPD >= 2.0 and < 2.0.65")
+          OpenStruct.new(args)
+        end.once
+
+        expect(@content_service).to receive(:create_issue) do |args|
+          expect(args[:text]).to include("#[Solution]#\n")
+          expect(args[:text]).to include('You can remove inode information from the ETag header')
+          OpenStruct.new(args)
+        end.once
+
+        @importer.import(file: @fixtures_dir + '/full.xml')
+      end
+
+      it 'populates tests regardless of if they contain paragraphs or containerblockelements' do
+        expect(@content_service).to receive(:create_evidence) do |args|
+          expect(args[:content]).to include("#[Content]#\nThe following NTP variables")
+          OpenStruct.new(args)
+        end.once
+
+        expect(@content_service).to receive(:create_evidence) do |args|
+          expect(args[:content]).to include("#[Content]#\nVulnerable URL:")
+          OpenStruct.new(args)
+        end.once
+
+        @importer.import(file: @fixtures_dir + '/full.xml')
+      end
+
+      it 'transforms html entities (&lt; and &gt;)' do
+        expect(@content_service).to receive(:create_issue) do |args|
+          expect(args[:text]).to include("#[Solution]#\n\nApache HTTPD >= 2.0 and < 2.0.65")
+          OpenStruct.new(args)
+        end
+
+        @importer.import(file: @fixtures_dir + '/full.xml')
+      end
+
+      it 'formats the list to textile lists' do
+        expect(@content_service).to receive(:create_issue) do |args|
+          expect(args[:text]).to include("#[Title]#\nApache HTTPD: error responses can expose cookies (CVE-2012-0053)")
+          OpenStruct.new(args)
+        end.once
+
+        expect(@content_service).to receive(:create_issue) do |args|
+          expect(args[:text]).to include('* Microsoft Windows')
+          expect(args[:text]).to include('## Open the Windows Control Panel.')
+          expect(args[:text]).to include('## Select "Administrative Tools".')
+          OpenStruct.new(args)
+        end.once
+
+        @importer.import(file: @fixtures_dir + '/full.xml')
+      end
+    end
+
+    describe 'Importer: Full with duplicate nodes' do
+      it 'creates evidence for each instance of the node' do
+        expect(@content_service).to receive(:create_node).with(hash_including label: 'Nexpose Scan Summary').once
+        expect(@content_service).to receive(:create_node) do |args|
+          expect(args[:label]).to eq('1.1.1.1')
+          expect(args[:type]).to eq(:host)
+          create(:node, args.except(:type))
+        end
+
+        expect(@content_service).to receive(:create_evidence) do |args|
+          expect(args[:content]).to include("#[ID]#\nntp-clock-variables-disclosure\n\n")
+          expect(args[:issue].id).to eq('ntp-clock-variables-disclosure')
+          expect(args[:node].label).to eq('1.1.1.1')
+        end.twice
+
+        @importer.import(file: @fixtures_dir + '/full_with_duplicate_node.xml')
+      end
+    end
+  end
+
+  it 'parses the fingerprints field' do
+    doc = Nokogiri::XML(File.read(@fixtures_dir + '/full.xml'))
+
+    ts = Dradis::Plugins::TemplateService.new(plugin: Dradis::Plugins::Nexpose)
+    ts.set_template(template: 'full_node', content: "#[Fingerprints]#\n%node.fingerprints%\n")
+    result = ts.process_template(data: doc.at_xpath('//nodes/node'), template: 'full_node')
+
+    expect(result).to include('IOS')
   end
 end

data/spec/xml_formatter_spec.rb

@@ -0,0 +1,23 @@
+# Run the spec by running the command: rspec spec/xml_formatter_spec.rb"
+
+require 'spec_helper'
+
+describe Dradis::Plugins::Nexpose::XmlFormatter do
+  let(:source) { File.read(File.expand_path('../fixtures/files/lists.xml', __FILE__)) }
+
+  it 'parses the <UnorderedList> and <OrderedList> elements' do
+    xml = Nokogiri::XML(source).at_xpath('./ContainerBlockElement')
+    expect(Dradis::Plugins::Nexpose::XmlFormatter.new.format_html_content(xml)).to eq(
+      "* Microsoft Windows\n"\
+      "## Open the Windows Control Panel.\n"\
+      "## Select \"Administrative Tools\".\n"\
+      "* Microsoft Windows\n"\
+      "## Open the \"Performance and Maintenance\" control panel.\n"\
+      "## Select \"Administrative Tools\".\n"\
+      "## Restart the system for the changes to take effect.\n"\
+      "* Microsoft Windows\n"\
+      "## Open the \"Administrative Tools\" control panel.\n"\
+      '## Restart the system for the changes to take effect.'
+    )
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-nexpose
 version: !ruby/object:Gem::Version
-  version: 4.15.0
+  version: 4.16.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-20 00:00:00.000000000 Z
+date: 2025-05-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -122,6 +122,7 @@ files:
 - lib/dradis/plugins/nexpose/mapping.rb
 - lib/dradis/plugins/nexpose/simple/importer.rb
 - lib/dradis/plugins/nexpose/version.rb
+- lib/dradis/plugins/nexpose/xml_formatter.rb
 - lib/nexpose/endpoint.rb
 - lib/nexpose/node.rb
 - lib/nexpose/scan.rb
@@ -131,12 +132,14 @@ files:
 - lib/tasks/thorfile.rb
 - spec/fixtures/files/full.xml
 - spec/fixtures/files/full_with_duplicate_node.xml
+- spec/fixtures/files/lists.xml
 - spec/fixtures/files/simple.xml
 - spec/fixtures/files/ssl.xml
 - spec/nexpose/full/importer_spec.rb
 - spec/nexpose/simple/importer_spec.rb
 - spec/nexpose_upload_spec.rb
 - spec/spec_helper.rb
+- spec/xml_formatter_spec.rb
 - templates/full_evidence.sample
 - templates/full_node.sample
 - templates/full_scan.sample
@@ -169,9 +172,11 @@ summary: Nexpose add-on for the Dradis Framework.
 test_files:
 - spec/fixtures/files/full.xml
 - spec/fixtures/files/full_with_duplicate_node.xml
+- spec/fixtures/files/lists.xml
 - spec/fixtures/files/simple.xml
 - spec/fixtures/files/ssl.xml
 - spec/nexpose/full/importer_spec.rb
 - spec/nexpose/simple/importer_spec.rb
 - spec/nexpose_upload_spec.rb
 - spec/spec_helper.rb
+- spec/xml_formatter_spec.rb