dradis-qualys 4.0.0 → 4.3.0

data/spec/qualys/{importer_spec.rb → vuln/importer_spec.rb}

@@ -5,37 +5,15 @@ module Dradis::Plugins
   describe 'Qualys upload plugin' do
     before(:each) do
       # Stub template service
-      templates_dir = File.expand_path('../../../templates', __FILE__)
+      templates_dir = File.expand_path('../../../../templates', __FILE__)
       expect_any_instance_of(Dradis::Plugins::TemplateService)
       .to receive(:default_templates_dir).and_return(templates_dir)
 
-      # Init services
-      plugin = Dradis::Plugins::Qualys
+      stub_content_service
 
-      @content_service = Dradis::Plugins::ContentService::Base.new(
-        logger: Logger.new(STDOUT),
-        plugin: plugin
-      )
-
-      @importer = Dradis::Plugins::Qualys::Importer.new(
+      @importer = Dradis::Plugins::Qualys::Vuln::Importer.new(
         content_service: @content_service
       )
-
-      # Stub dradis-plugins methods
-      #
-      # They return their argument hashes as objects mimicking
-      # Nodes, Issues, etc
-      allow(@content_service).to receive(:create_node) do |args|
-        obj = OpenStruct.new(args)
-        obj.define_singleton_method(:set_property) { |_, __| }
-        obj
-      end
-      allow(@content_service).to receive(:create_issue) do |args|
-        OpenStruct.new(args)
-      end
-      allow(@content_service).to receive(:create_evidence) do |args|
-        OpenStruct.new(args)
-      end
     end
 
     let(:example_xml) { 'spec/fixtures/files/simple.xml' }
@@ -84,11 +62,12 @@ module Dradis::Plugins
       expect_to_create_issue_with(
         text: "Apache 1.3 HTTP Server Expect Header Cross-Site Scripting"
       )
-      
+
       expect_to_create_issue_with(
-        text: "Apache Web Server ETag Header Information Disclosure Weakness"
+          text: "Apache Web Server ETag Header Information Disclosure Weakness",
+          text: "OpenBSD has released a \"patch\":ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch that fixes this vulnerability. After installing the patch, inode numbers returned from the server are encoded using a private hash to avoid the release of sensitive information.\n\n\n\nCustomers"
       )
-      
+
       run_import!
     end
 
@@ -143,7 +122,7 @@ module Dradis::Plugins
     context "when an issue has no RESULT element" do
       #let(:example_xml) { 'spec/fixtures/files/no_result.xml' }
 
-      it "detects an issue without a RESULT element and applies (n/a)" do
+      it "detects an issue without a RESULT element and applies (n/a) and strips/replaces formatting tags" do
         # 1 node should be created:
         expect_to_create_node_with(label: '10.0.155.160')
 
@@ -151,7 +130,8 @@ module Dradis::Plugins
         #   - TCP/IP: Sequence number in both hosts
         # Each one should create 1 issue and 1 evidence
         expect_to_create_issue_with(
-          text: "Sequence Number Approximation Based Denial of Service"
+          text: "Sequence Number Approximation Based Denial of Service",
+          text: "Please first check the results section below for the port number on which this vulnerability was detected. If that port number is known to be used for port-forwarding, then it is the backend host that is really vulnerable.\n\n\n\nVarious implementations and products including Check Point, Cisco, Cray Inc, Hitachi, Internet Initiative Japan, Inc (IIJ), Juniper Networks, NEC, Polycom, and Yamaha are currently undergoing review. Contact the vendors to obtain more information about affected products and fixes. \"NISCC Advisory 236929 - Vulnerability Issues in TCP\":http://packetstormsecurity.org/0404-advisories/246929.html details the vendor patch status as of the time of the advisory, and identifies resolutions and workarounds."
         )
 
         expect_to_create_evidence_with(
@@ -163,28 +143,5 @@ module Dradis::Plugins
         @importer.import(file: 'spec/fixtures/files/no_result.xml')
       end
     end
-
-
-    def expect_to_create_node_with(label:)
-      expect(@content_service).to receive(:create_node).with(
-        hash_including label: label
-      ).once
-    end
-
-    def expect_to_create_issue_with(text:)
-      expect(@content_service).to receive(:create_issue) do |args|
-        expect(args[:text]).to include text
-        OpenStruct.new(args)
-      end.once
-    end
-
-    def expect_to_create_evidence_with(content:, issue:, node_label:)
-      expect(@content_service).to receive(:create_evidence) do |args|
-        expect(args[:content]).to include content
-        expect(args[:issue].text).to include issue
-        expect(args[:node].label).to eq node_label
-      end.once
-    end
-
   end
 end

data/spec/qualys/was/importer_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+require 'ostruct'
+
+module Dradis::Plugins
+  describe 'Qualys upload plugin' do
+    before(:each) do
+      # Stub template service
+      templates_dir = File.expand_path('../../../../templates', __FILE__)
+      expect_any_instance_of(Dradis::Plugins::TemplateService)
+      .to receive(:default_templates_dir).and_return(templates_dir)
+
+      stub_content_service
+
+      @importer = Dradis::Plugins::Qualys::WAS::Importer.new(
+        content_service: @content_service
+      )
+    end
+
+    let(:example_xml) { 'spec/fixtures/files/simple_was.xml' }
+    let(:run_import!) { @importer.import(file: example_xml) }
+
+    it 'creates nodes as needed' do
+      expect_to_create_node_with(label: 'example.com')
+      run_import!
+    end
+
+    it 'creates issues as needed' do
+      expect_to_create_issue_with(text: 'DNS Host Name')
+      run_import!
+    end
+
+    it 'creates evidence as needed' do
+      expect_to_create_evidence_with(
+        content: 'http://example.com',
+        issue: 'DNS Host Name',
+        node_label: 'example.com'
+      )
+      run_import!
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -4,7 +4,10 @@ require 'nokogiri'
 
 require 'combustion'
 
+Dir[Rails.root.join('spec/support/**/*.rb')].each { |f| require f }
+
 Combustion.initialize!
 
 RSpec.configure do |config|
+  config.include SpecMacros
 end

data/spec/support/spec_macros.rb

@@ -0,0 +1,46 @@
+module SpecMacros
+  extend ActiveSupport::Concern
+
+  def stub_content_service
+    # Init services
+    plugin = Dradis::Plugins::Qualys
+
+    @content_service = Dradis::Plugins::ContentService::Base.new(
+      logger: Logger.new(STDOUT),
+      plugin: plugin
+    )
+
+    # Stub dradis-plugins methods
+    #
+    # They return their argument hashes as objects mimicking
+    # Nodes, Issues, etc
+    allow(@content_service).to receive(:create_node) do |args|
+      obj = OpenStruct.new(args)
+      obj.define_singleton_method(:set_property) { |_, __| }
+      obj
+    end
+    allow(@content_service).to receive(:create_issue) do |args|
+      OpenStruct.new(args)
+    end
+    allow(@content_service).to receive(:create_evidence) do |args|
+      OpenStruct.new(args)
+    end
+  end
+
+  def expect_to_create_node_with(label:)
+    expect(@content_service).to receive(:create_node).with(
+      hash_including label: label
+    ).once
+  end
+
+  def expect_to_create_issue_with(text:)
+    expect(@content_service).to receive(:create_issue) do |args|
+      expect(args[:text]).to include text
+      OpenStruct.new(args)
+    end.once
+  end
+
+  def expect_to_create_evidence_with(content:, issue:, node_label:)
+    expect(@content_service).to receive(:create_evidence)
+  end
+end

data/templates/asset-evidence.fields

@@ -0,0 +1,9 @@
+asset-evidence.cvss3_final
+asset-evidence.cvss_final
+asset-evidence.first_found
+asset-evidence.last_found
+asset-evidence.result
+asset-evidence.ssl
+asset-evidence.times_found
+asset-evidence.type
+asset-evidence.vuln_status

data/templates/asset-evidence.sample

@@ -0,0 +1,14 @@
+<VULN_INFO>
+  <QID id="qid_238938">238938</QID>
+  <TYPE>Vuln</TYPE>
+  <SSL>false</SSL>
+  <RESULT format="table"><![CDATA[Package	Installed Version	Required Version
+kernel-debug	3.10.0-957.27.2.el7.x86_64	3.10.0-1160.11.1.el7
+kernel-debug	3.10.0-1160.6.1.el7.x86_64	3.10.0-1160.11.1.el7]]></RESULT>
+  <FIRST_FOUND>2020-12-18T13:11:56Z</FIRST_FOUND>
+  <LAST_FOUND>2021-03-19T13:05:42Z</LAST_FOUND>
+  <TIMES_FOUND>447</TIMES_FOUND>
+  <VULN_STATUS>Active</VULN_STATUS>
+  <CVSS_FINAL>5.5</CVSS_FINAL>
+  <CVSS3_FINAL>6.3</CVSS3_FINAL>
+</VULN_INFO>

data/templates/asset-evidence.template

@@ -0,0 +1,11 @@
+#[Result]#
+%asset-evidence.result%
+
+#[Status]#
+%asset-evidence.vuln_status%
+
+#[SSL]#
+%asset-evidence.ssl%
+
+#[CVSSv3.Final]#
+%asset-evidence.cvss_final%

data/templates/asset-issue.fields

@@ -0,0 +1,14 @@
+asset-issue.category
+asset-issue.cvss3_base
+asset-issue.cvss3_temporal
+asset-issue.cvss_base
+asset-issue.cvss_temporal
+asset-issue.impact
+asset-issue.last_update
+asset-issue.pci_flag
+asset-issue.qid
+asset-issue.result
+asset-issue.severity
+asset-issue.solution
+asset-issue.threat
+asset-issue.title

data/templates/asset-issue.sample

@@ -0,0 +1,21 @@
+<VULN_DETAILS id="qid_11">
+  <QID id="qid_11">11</QID>
+  <TITLE><![CDATA[Hidden RPC Services]]></TITLE>
+  <SEVERITY>2</SEVERITY>
+  <CATEGORY>RPC</CATEGORY>
+  <THREAT><![CDATA[The Portmapper/Rpcbind listens on port 111 and stores an updated list of registered RPC services running on the server (RPC name, version and port number). It acts as a "gateway" for clients wanting to connect to any RPC daemon. 
+<P>
+When the portmapper/rpcbind is removed or firewalled, standard RPC client programs fail to obtain the portmapper list.  However, by sending carefully crafted packets, it's possible to determine which RPC programs are listening on which port. This technique is known as direct RPC scanning. It's used to bypass portmapper/rpcbind in order to find RPC programs running on a port (TCP or UDP ports). On Linux servers, RPC services are typically listening on privileged ports (below 1024), whereas on Solaris, RPC services are on temporary ports (starting with port 32700).]]></THREAT>
+  <IMPACT><![CDATA[Unauthorized users can build a list of RPC services running on the host. If they discover vulnerable RPC services on the host, they then can exploit them.]]></IMPACT>
+  <SOLUTION><![CDATA[Firewalling the portmapper port or removing the portmapper service is not sufficient to prevent unauthorized users from accessing the RPC daemons. You should remove all RPC services that are not strictly required on this host.]]></SOLUTION>
+  <PCI_FLAG>1</PCI_FLAG>
+  <LAST_UPDATE>1999-01-01T08:00:00Z</LAST_UPDATE>
+  <CVSS_SCORE>
+    <CVSS_BASE source="service">5</CVSS_BASE>
+    <CVSS_TEMPORAL>3.6</CVSS_TEMPORAL>
+  </CVSS_SCORE>
+  <CVSS3_SCORE>
+    <CVSS3_BASE>-</CVSS3_BASE>
+    <CVSS3_TEMPORAL>-</CVSS3_TEMPORAL>
+  </CVSS3_SCORE>
+</VULN_DETAILS>

data/templates/asset-issue.template

@@ -0,0 +1,22 @@
+#[Title]#
+%asset-issue.title%
+
+#[Severity]#
+%asset-issue.severity%
+
+#[Categories]#
+Category: %asset-issue.category%
+
+#[CVSSv3.BaseScore]#
+%asset-issue.cvss3_base%
+
+#[CVSSv3.TemporalScore]#
+%asset-issue.cvss3_temporal%
+
+#[Threat]#
+%asset-issue.threat%
+
+%asset-issue.impact%
+
+#[Solution]#
+%asset-issue.solution%

data/templates/element.fields

@@ -14,3 +14,4 @@ element.consequence
 element.solution
 element.compliance
 element.result
+element.qualys_collection

data/templates/element.template

@@ -33,3 +33,7 @@ Temporal: %element.cvss_temporal%
 
 #[CVEList]#
 %element.cve_id_list%
+
+
+#[QualysCollection]#
+%element.qualys_collection%

data/templates/was-evidence.fields

@@ -0,0 +1,6 @@
+was-evidence.access_paths
+was-evidence.ajax
+was-evidence.authentication
+was-evidence.ignored
+was-evidence.potential
+was-evidence.url

data/templates/was-evidence.sample

@@ -0,0 +1,44 @@
+<VULNERABILITY>
+    <UNIQUE_ID>db9bd89e-a8d8-402d-a6ca-8f6ff8be426f</UNIQUE_ID>
+    <ID>827065910</ID>
+    <DETECTION_ID>20879664</DETECTION_ID>
+    <QID>150124</QID>
+    <URL>http://demo.hackmebank.net/index.jsp?content=personal_loans.htm</URL>
+    <ACCESS_PATH>
+        <URL>http://demo.hackmebank.net/index.jsp</URL>
+    </ACCESS_PATH>
+    <AJAX>false</AJAX>
+    <AUTHENTICATION>Not Required</AUTHENTICATION>
+    <DETECTION_DATE>11 Oct 2021 07:16PM GMT-0500</DETECTION_DATE>
+    <POTENTIAL>false</POTENTIAL>
+    <PAYLOADS>
+        <PAYLOAD>
+            <NUM>1</NUM>
+            <PAYLOAD>N/A</PAYLOAD>
+            <REQUEST>
+                <METHOD>GET</METHOD>
+                <URL>http://demo.hackmebank.net/index.jsp?content=business.htm</URL>
+                <HEADERS>
+                    <HEADER>
+                        <key>Host</key>
+                        <value><![CDATA[ demo.hackmebank.net
+                    </HEADER>
+                    <HEADER>
+                        <key>User-Agent</key>
+                        <value><![CDATA[ Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15
+                    </HEADER>
+                    <HEADER>
+                        <key>Accept</key>
+                        <value><![CDATA[ */*
+                    </HEADER>
+                </HEADERS>
+                <BODY></BODY>
+            </REQUEST>
+            <RESPONSE>
+                <CONTENTS base64="true"><![CDATA[VGhlIFVSSSB3YXMgZnJhbWVkLgo=
+]]></CONTENTS>
+            </RESPONSE>
+        </PAYLOAD>
+    </PAYLOADS>
+    <IGNORED>false</IGNORED>
+</VULNERABILITY>

data/templates/was-evidence.template

@@ -0,0 +1,11 @@
+#[Location]#
+%was-evidence.url%
+
+#[AccessPaths]#
+%was-evidence.access_paths%
+
+#[Flags]#
+Ajax: %was-evidence.ajax%
+Authentication: %was-evidence.authentication%
+Ignored: %was-evidence.ignored%
+Potential: %was-evidence.potential%

data/templates/was-issue.fields

@@ -0,0 +1,16 @@
+was-issue.category
+was-issue.cvss_base
+was-issue.cvss_temporal
+was-issue.cvss3_base
+was-issue.cvss3_temporal
+was-issue.cvss3_vector
+was-issue.cwe
+was-issue.description
+was-issue.group
+was-issue.impact
+was-issue.owasp
+was-issue.qid
+was-issue.severity
+was-issue.solution
+was-issue.title
+was-issue.wasc

data/templates/was-issue.sample

@@ -0,0 +1,24 @@
+<QID>
+    <QID>150001</QID>
+    <CATEGORY>Confirmed Vulnerability</CATEGORY>
+    <SEVERITY>5</SEVERITY>
+    <TITLE>Reflected Cross-Site Scripting (XSS) Vulnerabilities</TITLE>
+    <GROUP>XSS</GROUP>
+    <OWASP>A7</OWASP>
+    <WASC>WASC-8</WASC>
+    <CWE>CWE-79</CWE>
+    <CVSS_BASE>4.3</CVSS_BASE>
+    <CVSS_TEMPORAL>3.9</CVSS_TEMPORAL>
+    <CVSS_V3>
+        <BASE>6.1</BASE>
+        <TEMPORAL>5.8</TEMPORAL>
+        <ATTACK_VECTOR>Network</ATTACK_VECTOR>
+    </CVSS_V3>
+    <DESCRIPTION><![CDATA[XSS vulnerabilities occur when the Web application echoes user-supplied data in an HTML response sent to the Web browser. For example, a Web application might include the user's name as part of a welcome message or display a home address when confirming a shipping destination. If the user-supplied data contain characters that are interpreted as part of an HTML element instead of literal text, then an attacker can modify the HTML that is received by the victim's Web browser.
+<P>
+The XSS payload is echoed in HTML document returned by the request. An XSS payload may consist of HTML, JavaScript or other content that will be rendered by the browser. In order to exploit this vulnerability, a malicious user would need to trick a victim into visiting the URL with the XSS payload.]]></DESCRIPTION>
+    <IMPACT>XSS exploits pose a significant threat to a Web application, its users and user data. XSS exploits target the users of a Web application rather than the Web application itself. An exploit can lead to theft of the user's credentials and personal or financial information. Complex exploits and attack scenarios are possible via XSS because it enables an attacker to execute dynamic code. Consequently, any capability or feature available to the Web browser (for example HTML, JavaScript, Flash and Java applets) can be used to as a part of a compromise.</IMPACT>
+    <SOLUTION><![CDATA[Filter all data collected from the client including user-supplied content and browser content such as Referrer and User-Agent headers.
+<P>
+Any data collected from the client and displayed in a Web page should be HTML-encoded to ensure the content is rendered as text instead of an HTML element or JavaScript.]]></SOLUTION>
+</QID>

data/templates/was-issue.template

@@ -0,0 +1,28 @@
+#[Title]#
+%was-issue.title%
+
+#[Severity]#
+%was-issue.severity%
+
+#[Categories]#
+Category: %was-issue.category%
+Group: %was-issue.group%
+OWASP: %was-issue.owasp%
+CWE: %was-issue.cwe%
+
+#[CVSSv3.Vector]#
+%was-issue.cvss3_vector%
+
+#[CVSSv3.BaseScore]#
+%was-issue.cvss3_base%
+
+#[CVSSv3.TemporalScore]#
+%was-issue.cvss3_temporal%
+
+#[Description]#
+%was-issue.description%
+
+%was-issue.impact%
+
+#[Solution]#
+%was-issue.solution%

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-qualys
 version: !ruby/object:Gem::Version
-  version: 4.0.0
+  version: 4.3.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-08-03 00:00:00.000000000 Z
+date: 2022-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -107,6 +107,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - CHANGELOG.md
+- CHANGELOG.template
 - CONTRIBUTING.md
 - Gemfile
 - LICENSE
@@ -115,26 +116,49 @@ files:
 - dradis-qualys.gemspec
 - lib/dradis-qualys.rb
 - lib/dradis/plugins/qualys.rb
+- lib/dradis/plugins/qualys/asset/importer.rb
 - lib/dradis/plugins/qualys/engine.rb
 - lib/dradis/plugins/qualys/field_processor.rb
 - lib/dradis/plugins/qualys/gem_version.rb
-- lib/dradis/plugins/qualys/importer.rb
 - lib/dradis/plugins/qualys/version.rb
+- lib/dradis/plugins/qualys/vuln/importer.rb
+- lib/dradis/plugins/qualys/was/importer.rb
+- lib/qualys/asset/evidence.rb
+- lib/qualys/asset/vulnerability.rb
 - lib/qualys/element.rb
+- lib/qualys/was/qid.rb
+- lib/qualys/was/vulnerability.rb
 - lib/tasks/thorfile.rb
 - spec/.keep
 - spec/fixtures/files/no_result.xml
 - spec/fixtures/files/simple.xml
+- spec/fixtures/files/simple_asset.xml
+- spec/fixtures/files/simple_was.xml
 - spec/fixtures/files/two_hosts_common_issue.xml
+- spec/qualys/asset/importer_spec.rb
 - spec/qualys/element_spec.rb
-- spec/qualys/importer_spec.rb
+- spec/qualys/vuln/importer_spec.rb
+- spec/qualys/was/importer_spec.rb
 - spec/spec_helper.rb
+- spec/support/spec_macros.rb
+- templates/asset-evidence.fields
+- templates/asset-evidence.sample
+- templates/asset-evidence.template
+- templates/asset-issue.fields
+- templates/asset-issue.sample
+- templates/asset-issue.template
 - templates/element.fields
 - templates/element.sample
 - templates/element.template
 - templates/evidence.fields
 - templates/evidence.sample
 - templates/evidence.template
+- templates/was-evidence.fields
+- templates/was-evidence.sample
+- templates/was-evidence.template
+- templates/was-issue.fields
+- templates/was-issue.sample
+- templates/was-issue.template
 homepage: http://dradisframework.org
 licenses:
 - GPL-2
@@ -162,7 +186,12 @@ test_files:
 - spec/.keep
 - spec/fixtures/files/no_result.xml
 - spec/fixtures/files/simple.xml
+- spec/fixtures/files/simple_asset.xml
+- spec/fixtures/files/simple_was.xml
 - spec/fixtures/files/two_hosts_common_issue.xml
+- spec/qualys/asset/importer_spec.rb
 - spec/qualys/element_spec.rb
-- spec/qualys/importer_spec.rb
+- spec/qualys/vuln/importer_spec.rb
+- spec/qualys/was/importer_spec.rb
 - spec/spec_helper.rb
+- spec/support/spec_macros.rb

data/lib/dradis/plugins/qualys/importer.rb

@@ -1,88 +0,0 @@
-module Dradis::Plugins::Qualys
-  class Importer < Dradis::Plugins::Upload::Importer
-
-    attr_accessor :host_node
-
-    # The framework will call this function if the user selects this plugin from
-    # the dropdown list and uploads a file.
-    # @returns true if the operation was successful, false otherwise
-    def import(params={})
-      file_content = File.read( params[:file] )
-
-      logger.info{'Parsing Qualys output file...'}
-      @doc = Nokogiri::XML( file_content )
-      logger.info{'Done.'}
-
-      if @doc.root.name != 'SCAN'
-        error = "No scan results were detected in the uploaded file. Ensure you uploaded a Qualys XML file."
-        logger.fatal{ error }
-        content_service.create_note text: error
-        return false
-      end
-
-      @doc.xpath('SCAN/IP').each do |xml_host|
-        process_ip(xml_host)
-      end
-
-      return true
-    end
-
-    private
-
-    def process_ip(xml_host)
-      host_ip = xml_host['value']
-      logger.info{ "Host: %s" % host_ip }
-
-      self.host_node = content_service.create_node(label: host_ip, type: :host)
-
-      host_node.set_property(:ip, host_ip)
-      host_node.set_property(:hostname, xml_host['name'])
-      if (xml_os = xml_host.xpath('OS')) && xml_os.any?
-        host_node.set_property(:os, xml_os.text)
-      end
-      host_node.save
-
-      # We treat INFOS, SERVICES, PRACTICES, and VULNS the same way
-      # All of these are imported into Dradis as Issues
-      ['INFOS', 'SERVICES', 'PRACTICES', 'VULNS'].each do |collection|
-        xml_host.xpath(collection).each do |xml_collection|
-          process_collection(collection, xml_collection)
-        end
-      end
-    end
-
-    def process_collection(collection, xml_collection)
-      xml_cats = xml_collection.xpath('CAT')
-
-      xml_cats.each do |xml_cat|
-        logger.info{ "\t#{ collection } - #{ xml_cat['value'] }" }
-
-        empty_dup_xml_cat = xml_cat.dup
-        empty_dup_xml_cat.children.remove
-
-        # For each INFOS/CAT/INFO, SERVICES/CAT/SERVICE, VULNS/CAT/VULN, etc.
-        xml_cat.xpath(collection.chop).each do |xml_element|
-          dup_xml_cat = empty_dup_xml_cat.dup
-          dup_xml_cat.add_child(xml_element.dup)
-          cat_number = xml_element[:number]
-
-          process_vuln(collection, cat_number, dup_xml_cat)
-
-        end
-      end
-    end
-
-    # Takes a <CAT> element containing a single <VULN> element and processes an
-    # Issue and Evidence template out of it.
-    def process_vuln(collection, vuln_number, xml_cat)
-      logger.info{ "\t\t => Creating new issue (plugin_id: #{ vuln_number })" }
-      issue_text = template_service.process_template(template: 'element', data: xml_cat)
-      issue_text << "\n\n#[qualys_collection]#\n#{ collection }"
-      issue = content_service.create_issue(text: issue_text, id: vuln_number)
-
-      logger.info{ "\t\t => Creating new evidence" }
-      evidence_content = template_service.process_template(template: 'evidence', data: xml_cat)
-      content_service.create_evidence(issue: issue, node: self.host_node, content: evidence_content)
-    end
-  end
-end