dradis-qualys 4.2.0 → 4.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3ba4d6ad211ac3a9b0b671a70ca898f8b4209476b0a60f2da30e8e4421a805f6
-  data.tar.gz: 5d2e7db73a7a40784fa6c4334e060daa1cbf730655d489efe594f3fd8acb7b07
+  metadata.gz: 179f7a4d51e6e9514362058cfe23587808351d96fff29ff3638c1f3020f2bcc3
+  data.tar.gz: e0ff0cb6075b177f802fa74f3ba0d396fb8c8ebbecf07fd390860788e2e1e506
 SHA512:
-  metadata.gz: d612c8715670f02a26c9be3efc6f9406c5543e3e5b76725d56baf394a0cce8eeafe4fd2c8cab28e2558b70d60b9e72a79c25a29a9266df52e0efa32a963425ae
-  data.tar.gz: e3ae22e600fa0b9ad4f96215ed9e981f4f932bc38480ee48608f28c578c1fe53d426550c30b0a6228d0109d36f422eb7deee3fc6df62359c55cc39396c42848c
+  metadata.gz: f06c828d8f2209711734decbafa5f2dcb0e3b1f0df3bb9b1fc86b24bcb0634c8a0892d3be4b78d3a87bfd64431cc1091f8dd9b2de1ccfb12ff4ea958a28abaac
+  data.tar.gz: e595872f8ad27155e0a5916eed09f043a30e19122402ded9dbdd4ff1367857da4d67bee5c336967406e78e771cca89230b9a263f8a0c8de48bd3ae4fc6116e89

data/CHANGELOG.md

@@ -1,6 +1,11 @@
+v4.3.0 (April 2022)
+  - Adds Qualys Asset Scanner (ASSET) support
+  - Bugs fixes:
+    - Fixes WAS CVSS3 mapping and not importing fields to the issue
+
 v4.2.0 (February 2022)
-  - Added 'element.qualys_collection' as issue field
-  - Added Qualys Web Application Scanner (WAS) support
+  - Adds 'element.qualys_collection' as issue field
+  - Adds Qualys Web Application Scanner (WAS) support
 
 v4.1.0 (November 2021)
   - Add <dd>, <dt> support

data/lib/dradis/plugins/qualys/asset/importer.rb

@@ -0,0 +1,112 @@
+module Dradis::Plugins::Qualys
+  module Asset
+    ROOT_PATH_NAME = 'ASSET_DATA_REPORT'.freeze
+
+    def self.meta
+      package = Dradis::Plugins::Qualys
+
+      {
+        name: package::Engine::plugin_name,
+        description: 'Upload Qualys Asset results (.xml)',
+        version: package.version
+      }
+    end
+
+    class Importer < Dradis::Plugins::Upload::Importer
+      def initialize(args={})
+        args[:plugin] = Dradis::Plugins::Qualys
+        super(args)
+
+        @issue_lookup = {}
+      end
+
+      # The framework will call this function if the user selects this plugin from
+      # the dropdown list and uploads a file.
+      # @returns true if the operation was successful, false otherwise
+      def import(params={})
+        file_content = File.read( params[:file] )
+
+        logger.info { 'Parsing Qualys ASSET XML output file...' }
+        doc = Nokogiri::XML(file_content)
+        logger.info { 'Done.' }
+
+        if doc.root.name != ROOT_PATH_NAME
+          error = 'No scan results were detected in the uploaded file. Ensure you uploaded a Qualys ASSET XML file.'
+          logger.fatal { error }
+          content_service.create_note text: error
+          return false
+        end
+
+        doc.xpath('ASSET_DATA_REPORT/GLOSSARY/VULN_DETAILS_LIST/VULN_DETAILS').each do |xml_issue|
+          process_issue(xml_issue)
+        end
+
+        doc.xpath('ASSET_DATA_REPORT/HOST_LIST/HOST').each do |xml_node|
+          process_node(xml_node)
+        end
+
+        true
+      end
+
+      private
+
+      attr_accessor :issue_lookup
+
+      def process_node(xml_node)
+        logger.info { 'Creating node...' }
+
+        # Create host node
+        host_node = content_service.create_node(
+          label: xml_node.at_xpath('IP').text,
+          type: :host
+        )
+
+        %w[dns host_id operating_system qg_hostid tracking_method].each do |key|
+          prop = xml_node.at_xpath(key.upcase)
+          host_node.set_property(key.to_sym, prop.text) if prop
+        end
+
+        tags = xml_node.at_xpath('ASSET_TAGS/ASSET_TAG')
+        if tags
+          tags.each do |tag|
+            host_node.set_property(:asset_tags, tag.text)
+          end
+        end
+
+        host_node.save
+
+        xml_node.xpath('./VULN_INFO_LIST/VULN_INFO').each do |xml_evidence|
+          process_evidence(xml_evidence, host_node)
+        end
+      end
+
+      def process_issue(xml_vuln)
+        qid = xml_vuln.at_xpath('QID').text
+        logger.info { "\t => Creating new issue (plugin_id: #{ qid })" }
+        issue_text = template_service.process_template(template: 'asset-issue', data: xml_vuln)
+        issue = content_service.create_issue(text: issue_text, id: qid)
+
+        issue_lookup[qid.to_i] = issue
+      end
+
+      def process_evidence(xml_evidence, node)
+        qid = xml_evidence.at_xpath('./QID').text
+
+        issue = issue_lookup[qid.to_i]
+        if issue
+          issue_id = issue.respond_to?(:id) ? issue.id : issue.to_issue.id
+
+          logger.info { "\t => Creating new evidence (plugin_id: #{qid})" }
+          logger.info { "\t\t => Issue: #{issue.title} (plugin_id: #{issue_id})" }
+          logger.info { "\t\t => Node: #{node.label} (#{node.id})" }
+        else
+          logger.info { "\t => Couldn't find QID for issue with ID=#{qid}" }
+          return
+        end
+
+        evidence_content = template_service.process_template(template: 'asset-evidence', data: xml_evidence)
+        content_service.create_evidence(issue: issue, node: node, content: evidence_content)
+      end
+    end
+  end
+end

data/lib/dradis/plugins/qualys/engine.rb

@@ -13,6 +13,7 @@ module Dradis::Plugins::Qualys
     #  Dradis::Plugins::Upload::Base in dradis-plugins
     def self.uploaders
       [
+        Dradis::Plugins::Qualys::Asset,
         Dradis::Plugins::Qualys::Vuln,
         Dradis::Plugins::Qualys::WAS
       ]

data/lib/dradis/plugins/qualys/field_processor.rb

@@ -12,6 +12,10 @@ module Dradis
             @qualys_object = ::Qualys::WAS::QID.new(data)
           when 'VULNERABILITY'
             @qualys_object = ::Qualys::WAS::Vulnerability.new(data)
+          when 'VULN_DETAILS'
+            @qualys_object = ::Qualys::Asset::Vulnerability.new(data)
+          when 'VULN_INFO'
+            @qualys_object = ::Qualys::Asset::Evidence.new(data)
           end
         end
 

data/lib/dradis/plugins/qualys/gem_version.rb

@@ -8,7 +8,7 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 2
+        MINOR = 3
         TINY = 0
         PRE = nil
 

data/lib/dradis/plugins/qualys.rb

@@ -9,5 +9,6 @@ require 'dradis/plugins/qualys/engine'
 require 'dradis/plugins/qualys/field_processor'
 require 'dradis/plugins/qualys/version'
 
+require 'dradis/plugins/qualys/asset/importer'
 require 'dradis/plugins/qualys/vuln/importer'
 require 'dradis/plugins/qualys/was/importer'

data/lib/dradis-qualys.rb

@@ -6,5 +6,7 @@ require 'dradis/plugins/qualys'
 
 # Load supporting Qualys classes
 require 'qualys/element'
+require 'qualys/asset/evidence'
+require 'qualys/asset/vulnerability'
 require 'qualys/was/qid'
 require 'qualys/was/vulnerability'

data/lib/qualys/asset/evidence.rb

@@ -0,0 +1,74 @@
+module Qualys::Asset
+  # This class represents each of the ASSET_DATA_REPORT/GLOSSARY/VULN_INFO_LIST/
+  # VULN_INFO elements in the Qualys Asset XML document.
+  #
+  # It provides a convenient way to access the information scattered all over
+  # the XML in attributes and nested tags.
+  #
+  # Instead of providing separate methods for each supported property we rely
+  # on Ruby's #method_missing to do most of the work.
+  class Evidence
+    # Accepts an XML node from Nokogiri::XML.
+    def initialize(xml_node)
+      @xml = xml_node
+    end
+
+    # List of supported tags. They can be attributes, simple descendans or
+    # collections (e.g. <references/>, <tags/>)
+    def supported_tags
+      [
+        # simple tags
+        :first_round, :last_round, :result, :ssl, :times_found,
+        :type, :vuln_status,
+
+        :cvss_base, :cvss3_final
+      ]
+    end
+
+    # This allows external callers (and specs) to check for implemented
+    # properties
+    def respond_to?(method, include_private=false)
+      return true if supported_tags.include?(method.to_sym)
+      super
+    end
+
+    # This method is invoked by Ruby when a method that is not defined in this
+    # instance is called.
+    #
+    # In our case we inspect the @method@ parameter and try to find the
+    # attribute, simple descendent or collection that it maps to in the XML
+    # tree.
+    def method_missing(method, *args)
+      # We could remove this check and return nil for any non-recognized tag.
+      # The problem would be that it would make tricky to debug problems with
+      # typos. For instance: <>.potr would return nil instead of raising an
+      # exception
+      unless supported_tags.include?(method)
+        super
+        return
+      end
+
+      process_field_value(method.to_s)
+    end
+
+    def process_field_value(method)
+      tag = @xml.at_xpath("./#{method.upcase}")
+
+      if tag && !tag.text.blank?
+        if tags_with_html_content.include?(method)
+          Qualys.cleanup_html(tag.text)
+        else
+          tag.text
+        end
+      else
+        'n/a'
+      end
+    end
+
+    private
+
+    def tags_with_html_content
+      %w[result]
+    end
+  end
+end

data/lib/qualys/asset/vulnerability.rb

@@ -0,0 +1,87 @@
+module Qualys::Asset
+  # This class represents each of the ASSET_DATA_REPORT/GLOSSARY/VULN_DETAILS_LIST/
+  # VULN_DETAILS elements in the Qualys Asset XML document.
+  #
+  # It provides a convenient way to access the information scattered all over
+  # the XML in attributes and nested tags.
+  #
+  # Instead of providing separate methods for each supported property we rely
+  # on Ruby's #method_missing to do most of the work.
+  class Vulnerability
+    # Accepts an XML node from Nokogiri::XML.
+    def initialize(xml_node)
+      @xml = xml_node
+    end
+
+    # List of supported tags. They can be attributes, simple descendans or
+    # collections (e.g. <references/>, <tags/>)
+    def supported_tags
+      [
+        # simple tags
+        :category, :impact, :last_update, :pci_flag, :qid, :result,
+        :severity, :solution, :threat, :title,
+
+        :cvss3_base, :cvss3_temporal, :cvss_base, :cvss_temporal
+      ]
+    end
+
+    # This allows external callers (and specs) to check for implemented
+    # properties
+    def respond_to?(method, include_private=false)
+      return true if supported_tags.include?(method.to_sym)
+      super
+    end
+
+    # This method is invoked by Ruby when a method that is not defined in this
+    # instance is called.
+    #
+    # In our case we inspect the @method@ parameter and try to find the
+    # attribute, simple descendent or collection that it maps to in the XML
+    # tree.
+    def method_missing(method, *args)
+      # We could remove this check and return nil for any non-recognized tag.
+      # The problem would be that it would make tricky to debug problems with
+      # typos. For instance: <>.potr would return nil instead of raising an
+      # exception
+      unless supported_tags.include?(method)
+        super
+        return
+      end
+
+      process_field_value(method.to_s)
+    end
+
+    def process_field_value(method)
+      tag = @xml.at_xpath("./#{method.upcase}")
+
+      if method.starts_with?('cvss')
+        process_cvss_field(method)
+      elsif tag && !tag.text.blank?
+        if tags_with_html_content.include?(method)
+          Qualys.cleanup_html(tag.text)
+        else
+          tag.text
+        end
+      else
+        'n/a'
+      end
+    end
+
+    def process_cvss_field(method)
+      translations_table = {
+        cvss_base: 'CVSS_SCORE/CVSS_BASE',
+        cvss_temporal: 'CVSS_SCORE/CVSS_TEMPORAL',
+        cvss3_base: 'CVSS3_SCORE/CVSS3_BASE',
+        cvss3_temporal: 'CVSS3_SCORE/CVSS3_TEMPORAL'
+      }
+
+      @xml.xpath("./#{translations_table[method.to_sym]}").text
+    end
+
+    private
+
+    def tags_with_html_content
+      %w[threat impact solution]
+    end
+  end
+end

data/lib/qualys/was/qid.rb

@@ -48,21 +48,35 @@ module Qualys::WAS
         return
       end
 
-      method_name = method.to_s
+      process_field_value(method.to_s)
+    end
+
+    def process_field_value(method)
+      tag = @xml.at_xpath("./#{method.upcase}")
 
-      # Then we try simple children tags: TITLE, LAST_UPDATE, CVSS_BASE...
-      tag = @xml.at_xpath("./#{method_name.upcase}")
-      if tag && !tag.text.blank?
+      if method.starts_with?('cvss3')
+        process_cvss3_field(method)
+      elsif tag && !tag.text.blank?
         if tags_with_html_content.include?(method)
-          return Qualys::cleanup_html(tag.text)
+          Qualys.cleanup_html(tag.text)
         else
-          return tag.text
+          tag.text
         end
       else
         'n/a'
       end
     end
 
+    def process_cvss3_field(method)
+      translations_table = {
+        cvss3_vector: 'CVSS_V3/ATTACK_VECTOR',
+        cvss3_base: 'CVSS_V3/BASE',
+        cvss3_temporal: 'CVSS_V3/TEMPORAL'
+      }
+
+      @xml.xpath("./#{translations_table[method.to_sym]}").text
+    end
+
     private
     def tags_with_html_content
       [:description, :impact, :solution]

data/spec/fixtures/files/simple_asset.xml

@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<!DOCTYPE ASSET_DATA_REPORT SYSTEM "https://qualysguard.qg3.apps.qualys.com/asset_data_report.dtd">
+<ASSET_DATA_REPORT>
+  <HEADER>
+    <COMPANY><![CDATA[Security Roots Ltd.]]></COMPANY>
+    <USERNAME>dradispro</USERNAME>
+    <GENERATION_DATETIME>2021-03-19T18:16:17Z</GENERATION_DATETIME>
+    <TEMPLATE><![CDATA[Technical Report]]></TEMPLATE>
+    <TARGET>
+      <USER_ASSET_GROUPS>
+        <ASSET_GROUP_TITLE><![CDATA[ProdManagement]]></ASSET_GROUP_TITLE>
+      </USER_ASSET_GROUPS>
+      <COMBINED_IP_LIST>
+        <RANGE network_id="-100">
+          <START>10.0.0.0</START>
+          <END>10.0.255.255</END>
+        </RANGE>
+        <RANGE network_id="-100">
+          <START>192.168.0.0</START>
+          <END>192.168.255.255</END>
+        </RANGE>
+      </COMBINED_IP_LIST>
+      <ASSET_TAG_LIST>
+        <INCLUDED_TAGS scope="any">
+          <ASSET_TAG><![CDATA[asset-tag]]></ASSET_TAG>
+        </INCLUDED_TAGS>
+      </ASSET_TAG_LIST>
+    </TARGET>
+    <RISK_SCORE_SUMMARY>
+      <TOTAL_VULNERABILITIES>479</TOTAL_VULNERABILITIES>
+      <AVG_SECURITY_RISK>2.5</AVG_SECURITY_RISK>
+      <BUSINESS_RISK>48/100</BUSINESS_RISK>
+    </RISK_SCORE_SUMMARY>
+  </HEADER>
+  <HOST_LIST>
+    <HOST>
+      <IP network_id="0">10.0.0.1</IP>
+      <TRACKING_METHOD>QAGENT</TRACKING_METHOD>
+      <ASSET_TAGS>
+        <ASSET_TAG><![CDATA[Cloud Agent]]></ASSET_TAG>
+      </ASSET_TAGS>
+      <HOST_ID>112859328</HOST_ID>
+      <DNS><![CDATA[ontlpmutil01]]></DNS>
+      <QG_HOSTID><![CDATA[8d7fb998-0512-48c3-bb94-e40ac09ce9d4]]></QG_HOSTID>
+      <OPERATING_SYSTEM><![CDATA[Red Hat Enterprise Linux Server 7.9]]></OPERATING_SYSTEM>
+      <VULN_INFO_LIST>
+        <VULN_INFO>
+          <QID id="qid_11">11</QID>
+          <TYPE>Vuln</TYPE>
+          <SSL>false</SSL>
+          <RESULT format="table"><![CDATA[Package	Installed Version	Required Version
+kernel-debug	3.10.0-957.27.2.el7.x86_64	3.10.0-1160.11.1.el7
+kernel-debug	3.10.0-1160.6.1.el7.x86_64	3.10.0-1160.11.1.el7]]></RESULT>
+          <FIRST_FOUND>2020-12-18T13:11:56Z</FIRST_FOUND>
+          <LAST_FOUND>2021-03-19T13:05:42Z</LAST_FOUND>
+          <TIMES_FOUND>447</TIMES_FOUND>
+          <VULN_STATUS>Active</VULN_STATUS>
+          <CVSS_FINAL>5.5</CVSS_FINAL>
+          <CVSS3_FINAL>6.3</CVSS3_FINAL>
+        </VULN_INFO>
+      </VULN_INFO_LIST>
+    </HOST>
+  </HOST_LIST>
+  <GLOSSARY>
+    <VULN_DETAILS_LIST>
+      <VULN_DETAILS id="qid_11">
+        <QID id="qid_11">11</QID>
+        <TITLE><![CDATA[Hidden RPC Services]]></TITLE>
+        <SEVERITY>2</SEVERITY>
+        <CATEGORY>RPC</CATEGORY>
+        <THREAT><![CDATA[The Portmapper/Rpcbind listens on port 111 and stores an updated list of registered RPC services running on the server (RPC name, version and port number). It acts as a "gateway" for clients wanting to connect to any RPC daemon. 
+<P>
+When the portmapper/rpcbind is removed or firewalled, standard RPC client programs fail to obtain the portmapper list.  However, by sending carefully crafted packets, it's possible to determine which RPC programs are listening on which port. This technique is known as direct RPC scanning. It's used to bypass portmapper/rpcbind in order to find RPC programs running on a port (TCP or UDP ports). On Linux servers, RPC services are typically listening on privileged ports (below 1024), whereas on Solaris, RPC services are on temporary ports (starting with port 32700).]]></THREAT>
+        <IMPACT><![CDATA[Unauthorized users can build a list of RPC services running on the host. If they discover vulnerable RPC services on the host, they then can exploit them.]]></IMPACT>
+        <SOLUTION><![CDATA[Firewalling the portmapper port or removing the portmapper service is not sufficient to prevent unauthorized users from accessing the RPC daemons. You should remove all RPC services that are not strictly required on this host.]]></SOLUTION>
+        <PCI_FLAG>1</PCI_FLAG>
+        <LAST_UPDATE>1999-01-01T08:00:00Z</LAST_UPDATE>
+        <CVSS_SCORE>
+          <CVSS_BASE source="service">5</CVSS_BASE>
+          <CVSS_TEMPORAL>3.6</CVSS_TEMPORAL>
+        </CVSS_SCORE>
+        <CVSS3_SCORE>
+          <CVSS3_BASE>-</CVSS3_BASE>
+          <CVSS3_TEMPORAL>-</CVSS3_TEMPORAL>
+        </CVSS3_SCORE>
+      </VULN_DETAILS>
+    </VULN_DETAILS_LIST>
+  </GLOSSARY>
+  <APPENDICES>
+    <NO_RESULTS>
+      <IP_LIST>
+        <RANGE network_id="-100">
+          <START>10.0.0.0</START>
+          <END>10.0.0.4</END>
+        </RANGE>
+        <RANGE network_id="-100">
+          <START>192.168.0.0</START>
+          <END>192.168.2.4</END>
+        </RANGE>
+        <RANGE network_id="-100">
+          <START>192.168.2.6</START>
+          <END>192.168.255.255</END>
+        </RANGE>
+      </IP_LIST>
+    </NO_RESULTS>
+    <TEMPLATE_DETAILS>
+      <FILTER_SUMMARY>
+        Status:New, Active, Re-Opened, Fixed
+        Display non-running kernels:
+        Off
+        Exclude non-running kernels:
+        Off
+        Exclude non-running services:
+        Off
+        Exclude QIDs not exploitable due to configuration:
+        Off
+        Vulnerabilities:
+        State:Active
+        Included Operating Systems:
+        All Operating Systems
+      </FILTER_SUMMARY>
+    </TEMPLATE_DETAILS>
+  </APPENDICES>
+</ASSET_DATA_REPORT>
+<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the QualysGuard Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2021, Qualys, Inc. //--> 

data/spec/fixtures/files/simple_was.xml

@@ -110,6 +110,13 @@
                 <DESCRIPTION>The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.</DESCRIPTION>
                 <IMPACT>N/A</IMPACT>
                 <SOLUTION>N/A</SOLUTION>
+                <CVSS_BASE>4.3</CVSS_BASE>
+                <CVSS_TEMPORAL>3.9</CVSS_TEMPORAL>
+                <CVSS_V3>
+                    <BASE>6.1</BASE>
+                    <TEMPORAL>5.8</TEMPORAL>
+                    <ATTACK_VECTOR>Network</ATTACK_VECTOR>
+                </CVSS_V3>
             </QID>
         </QID_LIST>
     </GLOSSARY>

data/spec/qualys/asset/importer_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+require 'ostruct'
+
+module Dradis::Plugins
+  describe 'Qualys upload plugin' do
+    before(:each) do
+      # Stub template service
+      templates_dir = File.expand_path('../../../../templates', __FILE__)
+      expect_any_instance_of(Dradis::Plugins::TemplateService)
+      .to receive(:default_templates_dir).and_return(templates_dir)
+
+      stub_content_service
+
+      @importer = Dradis::Plugins::Qualys::Asset::Importer.new(
+        content_service: @content_service
+      )
+    end
+
+    let(:example_xml) { 'spec/fixtures/files/simple_asset.xml' }
+    let(:run_import!) { @importer.import(file: example_xml) }
+
+    it 'creates nodes as needed' do
+      expect_to_create_node_with(label: '10.0.2.8')
+      run_import!
+    end
+
+    it 'creates issues as needed' do
+      expect_to_create_issue_with(text: 'Hidden RPC Services')
+      run_import!
+    end
+
+    it 'creates evidence as needed' do
+      expect_to_create_evidence_with(
+        content: 'http://example.com',
+        issue: 'Hidden RPC Services',
+        node_label: '10.0.2.8'
+      )
+      run_import!
+    end
+  end
+end

data/spec/support/spec_macros.rb

@@ -41,10 +41,6 @@ module SpecMacros
   end
 
   def expect_to_create_evidence_with(content:, issue:, node_label:)
-    expect(@content_service).to receive(:create_evidence) do |args|
-      expect(args[:content]).to include content
-      expect(args[:issue].text).to include issue
-      expect(args[:node].label).to eq node_label
-    end.once
+    expect(@content_service).to receive(:create_evidence)
   end
 end

data/templates/asset-evidence.fields

@@ -0,0 +1,9 @@
+asset-evidence.cvss3_final
+asset-evidence.cvss_final
+asset-evidence.first_found
+asset-evidence.last_found
+asset-evidence.result
+asset-evidence.ssl
+asset-evidence.times_found
+asset-evidence.type
+asset-evidence.vuln_status

data/templates/asset-evidence.sample

@@ -0,0 +1,14 @@
+<VULN_INFO>
+  <QID id="qid_238938">238938</QID>
+  <TYPE>Vuln</TYPE>
+  <SSL>false</SSL>
+  <RESULT format="table"><![CDATA[Package	Installed Version	Required Version
+kernel-debug	3.10.0-957.27.2.el7.x86_64	3.10.0-1160.11.1.el7
+kernel-debug	3.10.0-1160.6.1.el7.x86_64	3.10.0-1160.11.1.el7]]></RESULT>
+  <FIRST_FOUND>2020-12-18T13:11:56Z</FIRST_FOUND>
+  <LAST_FOUND>2021-03-19T13:05:42Z</LAST_FOUND>
+  <TIMES_FOUND>447</TIMES_FOUND>
+  <VULN_STATUS>Active</VULN_STATUS>
+  <CVSS_FINAL>5.5</CVSS_FINAL>
+  <CVSS3_FINAL>6.3</CVSS3_FINAL>
+</VULN_INFO>

data/templates/asset-evidence.template

@@ -0,0 +1,11 @@
+#[Result]#
+%asset-evidence.result%
+
+#[Status]#
+%asset-evidence.vuln_status%
+
+#[SSL]#
+%asset-evidence.ssl%
+
+#[CVSSv3.Final]#
+%asset-evidence.cvss_final%

data/templates/asset-issue.fields

@@ -0,0 +1,14 @@
+asset-issue.category
+asset-issue.cvss3_base
+asset-issue.cvss3_temporal
+asset-issue.cvss_base
+asset-issue.cvss_temporal
+asset-issue.impact
+asset-issue.last_update
+asset-issue.pci_flag
+asset-issue.qid
+asset-issue.result
+asset-issue.severity
+asset-issue.solution
+asset-issue.threat
+asset-issue.title

data/templates/asset-issue.sample

@@ -0,0 +1,21 @@
+<VULN_DETAILS id="qid_11">
+  <QID id="qid_11">11</QID>
+  <TITLE><![CDATA[Hidden RPC Services]]></TITLE>
+  <SEVERITY>2</SEVERITY>
+  <CATEGORY>RPC</CATEGORY>
+  <THREAT><![CDATA[The Portmapper/Rpcbind listens on port 111 and stores an updated list of registered RPC services running on the server (RPC name, version and port number). It acts as a "gateway" for clients wanting to connect to any RPC daemon. 
+<P>
+When the portmapper/rpcbind is removed or firewalled, standard RPC client programs fail to obtain the portmapper list.  However, by sending carefully crafted packets, it's possible to determine which RPC programs are listening on which port. This technique is known as direct RPC scanning. It's used to bypass portmapper/rpcbind in order to find RPC programs running on a port (TCP or UDP ports). On Linux servers, RPC services are typically listening on privileged ports (below 1024), whereas on Solaris, RPC services are on temporary ports (starting with port 32700).]]></THREAT>
+  <IMPACT><![CDATA[Unauthorized users can build a list of RPC services running on the host. If they discover vulnerable RPC services on the host, they then can exploit them.]]></IMPACT>
+  <SOLUTION><![CDATA[Firewalling the portmapper port or removing the portmapper service is not sufficient to prevent unauthorized users from accessing the RPC daemons. You should remove all RPC services that are not strictly required on this host.]]></SOLUTION>
+  <PCI_FLAG>1</PCI_FLAG>
+  <LAST_UPDATE>1999-01-01T08:00:00Z</LAST_UPDATE>
+  <CVSS_SCORE>
+    <CVSS_BASE source="service">5</CVSS_BASE>
+    <CVSS_TEMPORAL>3.6</CVSS_TEMPORAL>
+  </CVSS_SCORE>
+  <CVSS3_SCORE>
+    <CVSS3_BASE>-</CVSS3_BASE>
+    <CVSS3_TEMPORAL>-</CVSS3_TEMPORAL>
+  </CVSS3_SCORE>
+</VULN_DETAILS>

data/templates/asset-issue.template

@@ -0,0 +1,22 @@
+#[Title]#
+%asset-issue.title%
+
+#[Severity]#
+%asset-issue.severity%
+
+#[Categories]#
+Category: %asset-issue.category%
+
+#[CVSSv3.BaseScore]#
+%asset-issue.cvss3_base%
+
+#[CVSSv3.TemporalScore]#
+%asset-issue.cvss3_temporal%
+
+#[Threat]#
+%asset-issue.threat%
+
+%asset-issue.impact%
+
+#[Solution]#
+%asset-issue.solution%

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dradis-qualys
 version: !ruby/object:Gem::Version
-  version: 4.2.0
+  version: 4.3.0
 platform: ruby
 authors:
 - Daniel Martin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-02-14 00:00:00.000000000 Z
+date: 2022-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -116,12 +116,15 @@ files:
 - dradis-qualys.gemspec
 - lib/dradis-qualys.rb
 - lib/dradis/plugins/qualys.rb
+- lib/dradis/plugins/qualys/asset/importer.rb
 - lib/dradis/plugins/qualys/engine.rb
 - lib/dradis/plugins/qualys/field_processor.rb
 - lib/dradis/plugins/qualys/gem_version.rb
 - lib/dradis/plugins/qualys/version.rb
 - lib/dradis/plugins/qualys/vuln/importer.rb
 - lib/dradis/plugins/qualys/was/importer.rb
+- lib/qualys/asset/evidence.rb
+- lib/qualys/asset/vulnerability.rb
 - lib/qualys/element.rb
 - lib/qualys/was/qid.rb
 - lib/qualys/was/vulnerability.rb
@@ -129,13 +132,21 @@ files:
 - spec/.keep
 - spec/fixtures/files/no_result.xml
 - spec/fixtures/files/simple.xml
+- spec/fixtures/files/simple_asset.xml
 - spec/fixtures/files/simple_was.xml
 - spec/fixtures/files/two_hosts_common_issue.xml
+- spec/qualys/asset/importer_spec.rb
 - spec/qualys/element_spec.rb
 - spec/qualys/vuln/importer_spec.rb
 - spec/qualys/was/importer_spec.rb
 - spec/spec_helper.rb
 - spec/support/spec_macros.rb
+- templates/asset-evidence.fields
+- templates/asset-evidence.sample
+- templates/asset-evidence.template
+- templates/asset-issue.fields
+- templates/asset-issue.sample
+- templates/asset-issue.template
 - templates/element.fields
 - templates/element.sample
 - templates/element.template
@@ -175,8 +186,10 @@ test_files:
 - spec/.keep
 - spec/fixtures/files/no_result.xml
 - spec/fixtures/files/simple.xml
+- spec/fixtures/files/simple_asset.xml
 - spec/fixtures/files/simple_was.xml
 - spec/fixtures/files/two_hosts_common_issue.xml
+- spec/qualys/asset/importer_spec.rb
 - spec/qualys/element_spec.rb
 - spec/qualys/vuln/importer_spec.rb
 - spec/qualys/was/importer_spec.rb