dradis-qualys 4.1.0 → 4.4.0

data/lib/qualys/element.rb

@@ -1,4 +1,27 @@
 module Qualys
+
+  def self.cleanup_html(source)
+    result = source.dup
+    result.gsub!(/"/, '"')
+    result.gsub!(/&lt;/, '<')
+    result.gsub!(/&gt;/, '>')
+
+    result.gsub!(/<p>/i, "\n\n")
+    result.gsub!(/<br>/i, "\n")
+    result.gsub!(/          /, "")
+    result.gsub!(/<a href=\"(.*?)\"\s?target=\"_blank\">(.*?)<\/a>/i) { "\"#{$2.strip}\":#{$1.strip}" }
+    result.gsub!(/<pre>(.*?)<\/pre>/im) { |m| "\n\nbc.. #{$1.strip}\n\np.  \n" }
+    result.gsub!(/<b>(.*?)<\/b>/i) { "*#{$1.strip}*" }
+    result.gsub!(/<b>|<\/b>/i, "")
+    result.gsub!(/<i>(.*?)<\/i>/i) { "_#{$1.strip}_" }
+
+    result.gsub!(/<dl>|<\/dl>/i, "\n")
+    result.gsub!(/<dt>(.*?)<\/dt>/i) { "* #{$1.strip}" }
+    result.gsub!(/<dd>(.*?)<\/dd>/i) { "** #{$1.strip}" }
+    result
+  end
+
+
   # This class represents each of the /SCAN/IP/[INFOS|SERVICES|VULNS|PRACTICES]/CAT/[INFO|SERVICE|VULN|PRACTICE]
   # elements in the Qualys XML document.
   #
@@ -25,7 +48,10 @@ module Qualys
         :consequence, :solution, :compliance, :result,
 
         # multiple tags
-        :vendor_reference_list, :cve_id_list, :bugtraq_id_list
+        :vendor_reference_list, :cve_id_list, :bugtraq_id_list,
+
+        # category
+        :qualys_collection
       ]
     end
 
@@ -66,10 +92,10 @@ module Qualys
       return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
 
       # Then we try simple children tags: TITLE, LAST_UPDATE, CVSS_BASE...
-      tag = @xml.xpath("./#{method_name.upcase}").first
+      tag = @xml.at_xpath("./#{method_name.upcase}")
       if tag && !tag.text.blank?
         if tags_with_html_content.include?(method)
-          return cleanup_html(tag.text)
+          return Qualys::cleanup_html(tag.text)
         else
           return tag.text
         end
@@ -77,11 +103,8 @@ module Qualys
         'n/a'
       end
 
-      # Finally the enumerations: vendor_reference_list, cve_id_list, bugtraq_id_list
-      if method_name == 'references'
-        # @xml.xpath("./references/reference").collect{|entry| {:source => entry['source'], :text => entry.text} }
-      elsif method == 'tags'
-        # @xml.xpath("./tags/tag").collect(&:text)
+      if method_name == 'qualys_collection'
+        @xml.name
       else
         # nothing found, the tag is valid but not present in this ReportItem
         return nil
@@ -90,27 +113,6 @@ module Qualys
 
     private
 
-    def cleanup_html(source)
-      result = source.dup
-      result.gsub!(/&quot;/, '"')
-      result.gsub!(/&lt;/, '<')
-      result.gsub!(/&gt;/, '>')
-      
-      result.gsub!(/<p>/i, "\n\n")
-      result.gsub!(/<br>/i, "\n")
-      result.gsub!(/          /, "")
-      result.gsub!(/<a href=\"(.*?)\"\s?target=\"_blank\">(.*?)<\/a>/i) { "\"#{$2.strip}\":#{$1.strip}" }
-      result.gsub!(/<pre>(.*?)<\/pre>/im) { |m| "\n\nbc.. #{$1.strip}\n\np.  \n" }
-      result.gsub!(/<b>(.*?)<\/b>/i) { "*#{$1.strip}*" }
-      result.gsub!(/<b>|<\/b>/i, "")
-      result.gsub!(/<i>(.*?)<\/i>/i) { "_#{$1.strip}_" }
-
-      result.gsub!(/<dl>|<\/dl>/i, "\n")
-      result.gsub!(/<dt>(.*?)<\/dt>/i) { "* #{$1.strip}" }
-      result.gsub!(/<dd>(.*?)<\/dd>/i) { "** #{$1.strip}" }
-      result
-    end
-
     def tags_with_html_content
       [:consequence, :diagnosis, :solution]
     end

data/lib/qualys/was/qid.rb

@@ -0,0 +1,85 @@
+module Qualys::WAS
+  # This class represents each of the WAS_SCAN_REPORT/GLOSSARY/QID_LIST/QID
+  # elements in the Qualys WAS XML document.
+  #
+  # It provides a convenient way to access the information scattered all over
+  # the XML in attributes and nested tags.
+  #
+  # Instead of providing separate methods for each supported property we rely
+  # on Ruby's #method_missing to do most of the work.
+  class QID
+    # Accepts an XML node from Nokogiri::XML.
+    def initialize(xml_node)
+      @xml = xml_node
+    end
+
+    # List of supported tags. They can be attributes, simple descendans or
+    # collections (e.g. <references/>, <tags/>)
+    def supported_tags
+      [
+        # simple tags
+        :category, :cwe, :description, :group, :impact, :owasp, :qid,
+        :severity, :solution, :title, :wasc,
+
+        :cvss_base, :cvss_temporal, :cvss3_base, :cvss3_temporal, :cvss3_vector
+      ]
+    end
+
+    # This allows external callers (and specs) to check for implemented
+    # properties
+    def respond_to?(method, include_private=false)
+      return true if supported_tags.include?(method.to_sym)
+      super
+    end
+
+    # This method is invoked by Ruby when a method that is not defined in this
+    # instance is called.
+    #
+    # In our case we inspect the @method@ parameter and try to find the
+    # attribute, simple descendent or collection that it maps to in the XML
+    # tree.
+    def method_missing(method, *args)
+      # We could remove this check and return nil for any non-recognized tag.
+      # The problem would be that it would make tricky to debug problems with
+      # typos. For instance: <>.potr would return nil instead of raising an
+      # exception
+      unless supported_tags.include?(method)
+        super
+        return
+      end
+
+      process_field_value(method.to_s)
+    end
+
+    def process_field_value(method)
+      tag = @xml.at_xpath("./#{method.upcase}")
+
+      if method.starts_with?('cvss3')
+        process_cvss3_field(method)
+      elsif tag && !tag.text.blank?
+        if tags_with_html_content.include?(method)
+          Qualys.cleanup_html(tag.text)
+        else
+          tag.text
+        end
+      else
+        'n/a'
+      end
+    end
+
+    def process_cvss3_field(method)
+      translations_table = {
+        cvss3_vector: 'CVSS_V3/ATTACK_VECTOR',
+        cvss3_base: 'CVSS_V3/BASE',
+        cvss3_temporal: 'CVSS_V3/TEMPORAL'
+      }
+
+      @xml.xpath("./#{translations_table[method.to_sym]}").text
+    end
+
+    private
+    def tags_with_html_content
+      [:description, :impact, :solution]
+    end
+  end
+end

data/lib/qualys/was/vulnerability.rb

@@ -0,0 +1,68 @@
+module Qualys::WAS
+  # This class represents each of the WAS_SCAN_REPORT/RESULTS/VULNERABILITY_LIST/
+  # VULNERABILITY elements in the Qualys WAS XML document.
+  #
+  # It provides a convenient way to access the information scattered all over
+  # the XML in attributes and nested tags.
+  #
+  # Instead of providing separate methods for each supported property we rely
+  # on Ruby's #method_missing to do most of the work.
+  class Vulnerability
+    # Accepts an XML node from Nokogiri::XML.
+    def initialize(xml_node)
+      @xml = xml_node
+    end
+
+    # List of supported tags. They can be attributes, simple descendans or
+    # collections (e.g. <references/>, <tags/>)
+    def supported_tags
+      [
+        # simple tags
+        :access_paths,  :ajax,  :authentication,  :ignored,  :potential,  :url
+      ]
+    end
+
+    # This allows external callers (and specs) to check for implemented
+    # properties
+    def respond_to?(method, include_private=false)
+      return true if supported_tags.include?(method.to_sym)
+      super
+    end
+
+    # This method is invoked by Ruby when a method that is not defined in this
+    # instance is called.
+    #
+    # In our case we inspect the @method@ parameter and try to find the
+    # attribute, simple descendent or collection that it maps to in the XML
+    # tree.
+    def method_missing(method, *args)
+      # We could remove this check and return nil for any non-recognized tag.
+      # The problem would be that it would make tricky to debug problems with
+      # typos. For instance: <>.potr would return nil instead of raising an
+      # exception
+      unless supported_tags.include?(method)
+        super
+        return
+      end
+
+      method_name = method.to_s
+
+      # Then we try simple children tags: TITLE, LAST_UPDATE, CVSS_BASE...
+      tag = @xml.at_xpath("./#{method_name.upcase}")
+      if tag && !tag.text.blank?
+        if tags_with_html_content.include?(method)
+          return Qualys::cleanup_html(tag.text)
+        else
+          return tag.text
+        end
+      else
+        'n/a'
+      end
+    end
+
+    private
+    def tags_with_html_content
+      []
+    end
+  end
+end

data/lib/tasks/thorfile.rb

@@ -14,8 +14,22 @@ class QualysTasks < Thor
 
     detect_and_set_project_scope
 
-    importer = Dradis::Plugins::Qualys::Importer.new(task_options)
+    importer = Dradis::Plugins::Qualys::Vuln::Importer.new(task_options)
     importer.import(file: file_path)
   end
 
+  desc "upload_was FILE", "upload Qualys WAS XML results"
+  def upload_was(file_path)
+    require 'config/environment'
+
+    unless File.exists?(file_path)
+      $stderr.puts "** the file [#{file_path}] does not exist"
+      exit -1
+    end
+
+    detect_and_set_project_scope
+
+    importer = Dradis::Plugins::Qualys::WAS::Importer.new(task_options)
+    importer.import(file: file_path)
+  end
 end

data/spec/fixtures/files/simple_asset.xml

@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<!DOCTYPE ASSET_DATA_REPORT SYSTEM "https://qualysguard.qg3.apps.qualys.com/asset_data_report.dtd">
+<ASSET_DATA_REPORT>
+  <HEADER>
+    <COMPANY><![CDATA[Security Roots Ltd.]]></COMPANY>
+    <USERNAME>dradispro</USERNAME>
+    <GENERATION_DATETIME>2021-03-19T18:16:17Z</GENERATION_DATETIME>
+    <TEMPLATE><![CDATA[Technical Report]]></TEMPLATE>
+    <TARGET>
+      <USER_ASSET_GROUPS>
+        <ASSET_GROUP_TITLE><![CDATA[ProdManagement]]></ASSET_GROUP_TITLE>
+      </USER_ASSET_GROUPS>
+      <COMBINED_IP_LIST>
+        <RANGE network_id="-100">
+          <START>10.0.0.0</START>
+          <END>10.0.255.255</END>
+        </RANGE>
+        <RANGE network_id="-100">
+          <START>192.168.0.0</START>
+          <END>192.168.255.255</END>
+        </RANGE>
+      </COMBINED_IP_LIST>
+      <ASSET_TAG_LIST>
+        <INCLUDED_TAGS scope="any">
+          <ASSET_TAG><![CDATA[asset-tag]]></ASSET_TAG>
+        </INCLUDED_TAGS>
+      </ASSET_TAG_LIST>
+    </TARGET>
+    <RISK_SCORE_SUMMARY>
+      <TOTAL_VULNERABILITIES>479</TOTAL_VULNERABILITIES>
+      <AVG_SECURITY_RISK>2.5</AVG_SECURITY_RISK>
+      <BUSINESS_RISK>48/100</BUSINESS_RISK>
+    </RISK_SCORE_SUMMARY>
+  </HEADER>
+  <HOST_LIST>
+    <HOST>
+      <IP network_id="0">10.0.0.1</IP>
+      <TRACKING_METHOD>QAGENT</TRACKING_METHOD>
+      <ASSET_TAGS>
+        <ASSET_TAG><![CDATA[Cloud Agent]]></ASSET_TAG>
+      </ASSET_TAGS>
+      <HOST_ID>112859328</HOST_ID>
+      <DNS><![CDATA[ontlpmutil01]]></DNS>
+      <QG_HOSTID><![CDATA[8d7fb998-0512-48c3-bb94-e40ac09ce9d4]]></QG_HOSTID>
+      <OPERATING_SYSTEM><![CDATA[Red Hat Enterprise Linux Server 7.9]]></OPERATING_SYSTEM>
+      <VULN_INFO_LIST>
+        <VULN_INFO>
+          <QID id="qid_11">11</QID>
+          <TYPE>Vuln</TYPE>
+          <SSL>false</SSL>
+          <RESULT format="table"><![CDATA[Package	Installed Version	Required Version
+kernel-debug	3.10.0-957.27.2.el7.x86_64	3.10.0-1160.11.1.el7
+kernel-debug	3.10.0-1160.6.1.el7.x86_64	3.10.0-1160.11.1.el7]]></RESULT>
+          <FIRST_FOUND>2020-12-18T13:11:56Z</FIRST_FOUND>
+          <LAST_FOUND>2021-03-19T13:05:42Z</LAST_FOUND>
+          <TIMES_FOUND>447</TIMES_FOUND>
+          <VULN_STATUS>Active</VULN_STATUS>
+          <CVSS_FINAL>5.5</CVSS_FINAL>
+          <CVSS3_FINAL>6.3</CVSS3_FINAL>
+        </VULN_INFO>
+      </VULN_INFO_LIST>
+    </HOST>
+  </HOST_LIST>
+  <GLOSSARY>
+    <VULN_DETAILS_LIST>
+      <VULN_DETAILS id="qid_11">
+        <QID id="qid_11">11</QID>
+        <TITLE><![CDATA[Hidden RPC Services]]></TITLE>
+        <SEVERITY>2</SEVERITY>
+        <CATEGORY>RPC</CATEGORY>
+        <THREAT><![CDATA[The Portmapper/Rpcbind listens on port 111 and stores an updated list of registered RPC services running on the server (RPC name, version and port number). It acts as a "gateway" for clients wanting to connect to any RPC daemon. 
+<P>
+When the portmapper/rpcbind is removed or firewalled, standard RPC client programs fail to obtain the portmapper list.  However, by sending carefully crafted packets, it's possible to determine which RPC programs are listening on which port. This technique is known as direct RPC scanning. It's used to bypass portmapper/rpcbind in order to find RPC programs running on a port (TCP or UDP ports). On Linux servers, RPC services are typically listening on privileged ports (below 1024), whereas on Solaris, RPC services are on temporary ports (starting with port 32700).]]></THREAT>
+        <IMPACT><![CDATA[Unauthorized users can build a list of RPC services running on the host. If they discover vulnerable RPC services on the host, they then can exploit them.]]></IMPACT>
+        <SOLUTION><![CDATA[Firewalling the portmapper port or removing the portmapper service is not sufficient to prevent unauthorized users from accessing the RPC daemons. You should remove all RPC services that are not strictly required on this host.]]></SOLUTION>
+        <PCI_FLAG>1</PCI_FLAG>
+        <LAST_UPDATE>1999-01-01T08:00:00Z</LAST_UPDATE>
+        <CVSS_SCORE>
+          <CVSS_BASE source="service">5</CVSS_BASE>
+          <CVSS_TEMPORAL>3.6</CVSS_TEMPORAL>
+        </CVSS_SCORE>
+        <CVSS3_SCORE>
+          <CVSS3_BASE>-</CVSS3_BASE>
+          <CVSS3_TEMPORAL>-</CVSS3_TEMPORAL>
+        </CVSS3_SCORE>
+      </VULN_DETAILS>
+    </VULN_DETAILS_LIST>
+  </GLOSSARY>
+  <APPENDICES>
+    <NO_RESULTS>
+      <IP_LIST>
+        <RANGE network_id="-100">
+          <START>10.0.0.0</START>
+          <END>10.0.0.4</END>
+        </RANGE>
+        <RANGE network_id="-100">
+          <START>192.168.0.0</START>
+          <END>192.168.2.4</END>
+        </RANGE>
+        <RANGE network_id="-100">
+          <START>192.168.2.6</START>
+          <END>192.168.255.255</END>
+        </RANGE>
+      </IP_LIST>
+    </NO_RESULTS>
+    <TEMPLATE_DETAILS>
+      <FILTER_SUMMARY>
+        Status:New, Active, Re-Opened, Fixed
+        Display non-running kernels:
+        Off
+        Exclude non-running kernels:
+        Off
+        Exclude non-running services:
+        Off
+        Exclude QIDs not exploitable due to configuration:
+        Off
+        Vulnerabilities:
+        State:Active
+        Included Operating Systems:
+        All Operating Systems
+      </FILTER_SUMMARY>
+    </TEMPLATE_DETAILS>
+  </APPENDICES>
+</ASSET_DATA_REPORT>
+<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the QualysGuard Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2021, Qualys, Inc. //--> 

data/spec/fixtures/files/simple_was.xml

@@ -0,0 +1,134 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<WAS_SCAN_REPORT>
+    <HEADER>
+        <NAME>Scan Report</NAME>
+        <DESCRIPTION>Vulnerabilities of all selected scans are consolidated into one report so that you can view their evolution.</DESCRIPTION>
+        <GENERATION_DATETIME>10 Nov 2021 10:00AM GMT-0500</GENERATION_DATETIME>
+        <COMPANY_INFO>
+            <NAME>Sample Company</NAME>
+            <ADDRESS>Sample Address</ADDRESS>
+            <CITY>Sample City</CITY>
+            <STATE>Sample State</STATE>
+            <COUNTRY>Sample Country</COUNTRY>
+            <ZIP_CODE>00000</ZIP_CODE>
+        </COMPANY_INFO>
+        <USER_INFO>
+            <NAME>Test User</NAME>
+            <USERNAME>test_user</USERNAME>
+            <ROLE>PC User,VM User</ROLE>
+        </USER_INFO>
+    </HEADER>
+    <FILTERS>
+        <FILTER>
+            <NAME>REMEDIATION</NAME>
+            <VALUE>Include patched findings</VALUE>
+        </FILTER>
+        <FILTER>
+            <NAME>REMEDIATION</NAME>
+            <VALUE>Show ignored findings </VALUE>
+        </FILTER>
+    </FILTERS>
+    <TARGET>
+        <SCAN>Test Scan</SCAN>
+    </TARGET>
+    <SUMMARY>
+        <GLOBAL_SUMMARY>
+            <SECURITY_RISK>High</SECURITY_RISK>
+            <VULNERABILITY>31</VULNERABILITY>
+            <SENSITIVE_CONTENT>0</SENSITIVE_CONTENT>
+            <INFORMATION_GATHERED>30</INFORMATION_GATHERED>
+        </GLOBAL_SUMMARY>
+        <SUMMARY_STATS>
+            <SUMMARY_STAT>
+                <SCAN>test Scan</SCAN>
+                <DATE>12 Oct 2021</DATE>
+                <LEVEL5>5</LEVEL5>
+                <LEVEL4>2</LEVEL4>
+                <LEVEL3>9</LEVEL3>
+                <LEVEL2>2</LEVEL2>
+                <LEVEL1>13</LEVEL1>
+                <SENSITIVE_CONTENT>0</SENSITIVE_CONTENT>
+                <INFORMATION_GATHERED>30</INFORMATION_GATHERED>
+            </SUMMARY_STAT>
+        </SUMMARY_STATS>
+    </SUMMARY>
+    <RESULTS>
+        <VULNERABILITY_LIST>
+            <VULNERABILITY>
+                <UNIQUE_ID>test-id</UNIQUE_ID>
+                <ID>1</ID>
+                <DETECTION_ID>1</DETECTION_ID>
+                <QID>6</QID>
+                <URL>http://example.com</URL>
+                <ACCESS_PATH>
+                    <URL>http://example.com</URL>
+                </ACCESS_PATH>
+                <AJAX>false</AJAX>
+                <AUTHENTICATION>Not Required</AUTHENTICATION>
+                <DETECTION_DATE>21 Aug 2021 10:00PM GMT-0500</DETECTION_DATE>
+                <POTENTIAL>false</POTENTIAL>
+                <PAYLOADS>
+                    <PAYLOAD>
+                        <NUM>1</NUM>
+                        <PAYLOAD>N/A</PAYLOAD>
+                        <REQUEST>
+                            <METHOD>GET</METHOD>
+                            <URL>http://example.com</URL>
+                            <HEADERS>
+                                <HEADER>
+                                    <key>Host</key>
+                                    <value><![CDATA[ example.com ]]></value>
+                                </HEADER>
+                                <HEADER>
+                                    <key>User-Agent</key>
+                                    <value>user-agent</value>
+                                </HEADER>
+                                <HEADER>
+                                    <key>Accept</key>
+                                    <value><![CDATA[ */*
+                                </HEADER>
+                            </HEADERS>
+                            <BODY></BODY>
+                        </REQUEST>
+                        <RESPONSE>
+                            <CONTENTS base64="true"></CONTENTS>
+                        </RESPONSE>
+                    </PAYLOAD>
+                </PAYLOADS>
+                <IGNORED>false</IGNORED>
+            </VULNERABILITY>
+        </VULNERABILITY_LIST>
+    </RESULTS>
+    <GLOSSARY>
+        <QID_LIST>
+            <QID>
+                <QID>6</QID>
+                <CATEGORY>Information Gathered</CATEGORY>
+                <SEVERITY>1</SEVERITY>
+                <TITLE>DNS Host Name</TITLE>
+                <GROUP>DIAG</GROUP>
+                <DESCRIPTION>The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.</DESCRIPTION>
+                <IMPACT>N/A</IMPACT>
+                <SOLUTION>N/A</SOLUTION>
+                <CVSS_BASE>4.3</CVSS_BASE>
+                <CVSS_TEMPORAL>3.9</CVSS_TEMPORAL>
+                <CVSS_V3>
+                    <BASE>6.1</BASE>
+                    <TEMPORAL>5.8</TEMPORAL>
+                    <ATTACK_VECTOR>Network</ATTACK_VECTOR>
+                </CVSS_V3>
+            </QID>
+        </QID_LIST>
+    </GLOSSARY>
+    <APPENDIX>
+        <WEBAPP>
+            <ID>1</ID>
+            <NAME>Test</NAME>
+            <URL>http://example.com</URL>
+            <OWNER>Test User</OWNER>
+            <SCOPE>Limit to URL hostname</SCOPE>
+            <CUSTOM_ATTRIBUTES/>
+            <TAGS/>
+        </WEBAPP>
+    </APPENDIX>
+</WAS_SCAN_REPORT>

data/spec/qualys/asset/importer_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+require 'ostruct'
+
+module Dradis::Plugins
+  describe 'Qualys upload plugin' do
+    before(:each) do
+      # Stub template service
+      templates_dir = File.expand_path('../../../../templates', __FILE__)
+      expect_any_instance_of(Dradis::Plugins::TemplateService)
+      .to receive(:default_templates_dir).and_return(templates_dir)
+
+      stub_content_service
+
+      @importer = Dradis::Plugins::Qualys::Asset::Importer.new(
+        content_service: @content_service
+      )
+    end
+
+    let(:example_xml) { 'spec/fixtures/files/simple_asset.xml' }
+    let(:run_import!) { @importer.import(file: example_xml) }
+
+    it 'creates nodes as needed' do
+      expect_to_create_node_with(label: '10.0.2.8')
+      run_import!
+    end
+
+    it 'creates issues as needed' do
+      expect_to_create_issue_with(text: 'Hidden RPC Services')
+      run_import!
+    end
+
+    it 'creates evidence as needed' do
+      expect_to_create_evidence_with(
+        content: 'http://example.com',
+        issue: 'Hidden RPC Services',
+        node_label: '10.0.2.8'
+      )
+      run_import!
+    end
+  end
+end

data/spec/qualys/{importer_spec.rb → vuln/importer_spec.rb}

@@ -5,37 +5,15 @@ module Dradis::Plugins
   describe 'Qualys upload plugin' do
     before(:each) do
       # Stub template service
-      templates_dir = File.expand_path('../../../templates', __FILE__)
+      templates_dir = File.expand_path('../../../../templates', __FILE__)
       expect_any_instance_of(Dradis::Plugins::TemplateService)
       .to receive(:default_templates_dir).and_return(templates_dir)
 
-      # Init services
-      plugin = Dradis::Plugins::Qualys
+      stub_content_service
 
-      @content_service = Dradis::Plugins::ContentService::Base.new(
-        logger: Logger.new(STDOUT),
-        plugin: plugin
-      )
-
-      @importer = Dradis::Plugins::Qualys::Importer.new(
+      @importer = Dradis::Plugins::Qualys::Vuln::Importer.new(
         content_service: @content_service
       )
-
-      # Stub dradis-plugins methods
-      #
-      # They return their argument hashes as objects mimicking
-      # Nodes, Issues, etc
-      allow(@content_service).to receive(:create_node) do |args|
-        obj = OpenStruct.new(args)
-        obj.define_singleton_method(:set_property) { |_, __| }
-        obj
-      end
-      allow(@content_service).to receive(:create_issue) do |args|
-        OpenStruct.new(args)
-      end
-      allow(@content_service).to receive(:create_evidence) do |args|
-        OpenStruct.new(args)
-      end
     end
 
     let(:example_xml) { 'spec/fixtures/files/simple.xml' }
@@ -84,12 +62,12 @@ module Dradis::Plugins
       expect_to_create_issue_with(
         text: "Apache 1.3 HTTP Server Expect Header Cross-Site Scripting"
       )
-      
+
       expect_to_create_issue_with(
           text: "Apache Web Server ETag Header Information Disclosure Weakness",
           text: "OpenBSD has released a \"patch\":ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/008_httpd.patch that fixes this vulnerability. After installing the patch, inode numbers returned from the server are encoded using a private hash to avoid the release of sensitive information.\n\n\n\nCustomers"
       )
-      
+
       run_import!
     end
 
@@ -165,28 +143,5 @@ module Dradis::Plugins
         @importer.import(file: 'spec/fixtures/files/no_result.xml')
       end
     end
-
-
-    def expect_to_create_node_with(label:)
-      expect(@content_service).to receive(:create_node).with(
-        hash_including label: label
-      ).once
-    end
-
-    def expect_to_create_issue_with(text:)
-      expect(@content_service).to receive(:create_issue) do |args|
-        expect(args[:text]).to include text
-        OpenStruct.new(args)
-      end.once
-    end
-
-    def expect_to_create_evidence_with(content:, issue:, node_label:)
-      expect(@content_service).to receive(:create_evidence) do |args|
-        expect(args[:content]).to include content
-        expect(args[:issue].text).to include issue
-        expect(args[:node].label).to eq node_label
-      end.once
-    end
-
   end
 end