nexpose 0.0.98 → 0.1.0

data/lib/nexpose/error.rb

@@ -1,21 +1,21 @@
-module Nexpose
-	class APIError < ::RuntimeError
-		attr_accessor :req, :reason
-
-		def initialize(req, reason = '')
-			@req = req
-			@reason = reason
-		end
-
-		def to_s
-			"NexposeAPI: #{@reason}"
-		end
-	end
-
-	class AuthenticationFailed < APIError
-		def initialize(req)
-			@req = req
-			@reason = "Login Failed"
-		end
-	end
-end
+module Nexpose
+  class APIError < ::RuntimeError
+    attr_accessor :req, :reason
+
+    def initialize(req, reason = '')
+      @req = req
+      @reason = reason
+    end
+
+    def to_s
+      "NexposeAPI: #{@reason}"
+    end
+  end
+
+  class AuthenticationFailed < APIError
+    def initialize(req)
+      @req = req
+      @reason = "Login Failed"
+    end
+  end
+end

data/lib/nexpose/manage.rb

@@ -0,0 +1,83 @@
+# General management and diagnostic functions.
+module Nexpose
+  module NexposeAPI
+    include XMLUtils
+
+    # Execute an arbitrary console command that is supplied as text via the
+    # supplied parameter. Console commands are documented in the
+    # administrator's guide. If you use a command that is not listed in the 
+    # administrator's guide, the application will return the XMLResponse.
+    def console_command(cmd_string)
+      xml = make_xml('ConsoleCommandRequest', {})
+      cmd = REXML::Element.new('Command')
+      cmd.text = cmd_string
+      xml << cmd
+
+      r = execute(xml)
+      if (r.success)
+        res = ''
+        r.res.elements.each('//Output') do |out|
+          out.text.to_s
+        end
+      else
+        false
+      end
+    end
+
+    # Obtain system data, such as total RAM, free RAM, total disk space,
+    # free disk space, CPU speed, number of CPU cores, and other vital
+    # information.
+    def system_information
+      r = execute(make_xml('SystemInformationRequest', {}))
+
+      if (r.success)
+        res = {}
+        r.res.elements.each("//Statistic") do |stat|
+          res[stat.attributes['name'].to_s] = stat.text.to_s
+        end
+        res
+      else
+        false
+      end
+    end
+
+    # Induce the application to retrieve required updates and restart
+    # if necessary.
+    def start_update
+      execute(make_xml('StartUpdateRequest', {})).success
+    end
+
+    # Restart the application.
+    # 
+    # There is no response to a RestartRequest. When the application
+    # shuts down as part of the restart process, it terminates any active
+    # connections. Therefore, the application cannot issue a response when it
+    # restarts.
+    def restart
+      execute(make_xml('RestartRequest', {})).success
+    end
+
+    # --
+    # TODO This is not yet implemented correctly.
+    #
+    # Output diagnostic information into log files, zip the files, and encrypt
+    # the archive with a PGP public key that is provided as a parameter for the
+    # API call. Then, either e-mail this archive to an address that is
+    # specified as an API parameter, or upload the archive using HTTP or HTTPS
+    # to a URL that is specified as an API parameter.
+    #
+    # If you do not specify a key, the SendLogRequest uses a default key.
+    #
+    # @param protocol should be one of: smtp, http, https.
+    # ++
+    def send_log(key_id, protocol, transport)
+      xml = make_xml('ConsoleCommandRequest', {'keyid' => key_id})
+      tpt = REXML::Element.new('Transport')
+      tpt.add_attribute('protocol', protocol)
+      tpt.text = transport
+      xml << tpt
+
+      # execute(xml)
+    end
+  end
+end

data/lib/nexpose/misc.rb

@@ -1,122 +1,85 @@
-module Nexpose
-	module NexposeAPI
-		include XMLUtils
-
-		def device_delete(param)
-			r = execute(make_xml('DeviceDeleteRequest', {'device-id' => param}))
-			r.success
-		end
-
-		def asset_group_delete(connection, id, debug = false)
-			r = execute(make_xml('AssetGroupDeleteRequest', {'group-id' => param}))
-			r.success
-		end
-
-		#-------------------------------------------------------------------------
-		# Returns all asset group information
-		#-------------------------------------------------------------------------
-		def asset_groups_listing()
-			r = execute(make_xml('AssetGroupListingRequest'))
-
-			if r.success
-				res = []
-				r.res.elements.each('//AssetGroupSummary') do |group|
-					res << {
-						:asset_group_id => group.attributes['id'].to_i,
-						:name => group.attributes['name'].to_s,
-						:description => group.attributes['description'].to_s,
-						:risk_score => group.attributes['riskscore'].to_f,
-					}
-				end
-				res
-			else
-				false
-			end
-		end
-
-		#-------------------------------------------------------------------------
-		# Returns an asset group configuration information for a specific group ID
-		#-------------------------------------------------------------------------
-		def asset_group_config(group_id)
-			r = execute(make_xml('AssetGroupConfigRequest', {'group-id' => group_id}))
-
-			if r.success
-				res = []
-				r.res.elements.each('//Devices/device') do |device_info|
-					res << {
-						:device_id => device_info.attributes['id'].to_i,
-						:site_id => device_info.attributes['site-id'].to_i,
-						:address => device_info.attributes['address'].to_s,
-						:riskfactor => device_info.attributes['riskfactor'].to_f,
-					}
-				end
-				res
-			else
-				false
-			end
-		end
-
-		#
-		# Lists all the users for the NSC along with the user details.
-		#
-		def list_users
-			r = execute(make_xml('UserListingRequest'))
-			if r.success
-				res = []
-				r.res.elements.each('//UserSummary') do |user_summary|
-					res << {
-						:auth_source => user_summary.attributes['authSource'],
-						:auth_module => user_summary.attributes['authModule'],
-						:user_name => user_summary.attributes['userName'],
-						:full_name => user_summary.attributes['fullName'],
-						:email => user_summary.attributes['email'],
-						:is_admin => user_summary.attributes['isAdmin'].to_s.chomp.eql?('1'),
-						:is_disabled => user_summary.attributes['disabled'].to_s.chomp.eql?('1'),
-						:site_count => user_summary.attributes['siteCount'],
-						:group_count => user_summary.attributes['groupCount']
-					}
-				end
-				res
-			else
-				false
-			end
-		end
-
-
-		def console_command(cmd_string)
-			xml = make_xml('ConsoleCommandRequest', {})
-			cmd = REXML::Element.new('Command')
-			cmd.text = cmd_string
-			xml << cmd
-
-			r = execute(xml)
-
-			if (r.success)
-				res = ""
-				r.res.elements.each("//Output") do |out|
-					res << out.text.to_s
-				end
-
-				res
-			else
-				false
-			end
-		end
-
-		def system_information
-			r = execute(make_xml('SystemInformationRequest', {}))
-
-			if (r.success)
-				res = {}
-				r.res.elements.each("//Statistic") do |stat|
-					res[stat.attributes['name'].to_s] = stat.text.to_s
-				end
-
-				res
-			else
-				false
-			end
-		end
-
-	end
-end
+module Nexpose
+  module NexposeAPI
+    include XMLUtils
+
+    def device_delete(param)
+      r = execute(make_xml('DeviceDeleteRequest', {'device-id' => param}))
+      r.success
+    end
+
+    def asset_group_delete(connection, id, debug = false)
+      r = execute(make_xml('AssetGroupDeleteRequest', {'group-id' => param}))
+      r.success
+    end
+
+    #-------------------------------------------------------------------------
+    # Returns all asset group information
+    #-------------------------------------------------------------------------
+    def asset_groups_listing()
+      r = execute(make_xml('AssetGroupListingRequest'))
+
+      if r.success
+        res = []
+        r.res.elements.each('//AssetGroupSummary') do |group|
+          res << {
+            :asset_group_id => group.attributes['id'].to_i,
+            :name => group.attributes['name'].to_s,
+            :description => group.attributes['description'].to_s,
+            :risk_score => group.attributes['riskscore'].to_f,
+          }
+        end
+        res
+      else
+        false
+      end
+    end
+
+    #-------------------------------------------------------------------------
+    # Returns an asset group configuration information for a specific group ID
+    #-------------------------------------------------------------------------
+    def asset_group_config(group_id)
+      r = execute(make_xml('AssetGroupConfigRequest', {'group-id' => group_id}))
+
+      if r.success
+        res = []
+        r.res.elements.each('//Devices/device') do |device_info|
+          res << {
+            :device_id => device_info.attributes['id'].to_i,
+            :site_id => device_info.attributes['site-id'].to_i,
+            :address => device_info.attributes['address'].to_s,
+            :riskfactor => device_info.attributes['riskfactor'].to_f,
+          }
+        end
+        res
+      else
+        false
+      end
+    end
+
+    #
+    # Lists all the users for the NSC along with the user details.
+    #
+    def list_users
+      r = execute(make_xml('UserListingRequest'))
+      if r.success
+        res = []
+        r.res.elements.each('//UserSummary') do |user_summary|
+          res << {
+            :auth_source => user_summary.attributes['authSource'],
+            :auth_module => user_summary.attributes['authModule'],
+            :user_name => user_summary.attributes['userName'],
+            :full_name => user_summary.attributes['fullName'],
+            :email => user_summary.attributes['email'],
+            :is_admin => user_summary.attributes['isAdmin'].to_s.chomp.eql?('1'),
+            :is_disabled => user_summary.attributes['disabled'].to_s.chomp.eql?('1'),
+            :site_count => user_summary.attributes['siteCount'],
+            :group_count => user_summary.attributes['groupCount']
+          }
+        end
+        res
+      else
+        false
+      end
+    end
+  end
+end

data/lib/nexpose/report.rb

@@ -1,603 +1,783 @@
-# -*- coding: utf-8 -*-
-module Nexpose
-	module NexposeAPI
-		include XMLUtils
-
-		#
-		#
-		#
-		def report_generate(param)
-			r = execute(make_xml('ReportGenerateRequest', {'report-id' => param}))
-			r.success
-		end
-
-		#
-		#
-		#
-		def report_last(param)
-			r = execute(make_xml('ReportHistoryRequest', {'reportcfg-id' => param}))
-			res = nil
-			if (r.success)
-				stk = []
-				r.res.elements.each("//ReportSummary") do |rep|
-					stk << [rep.attributes['id'].to_i, rep.attributes['report-URI']]
-				end
-				if (stk.length > 0)
-					stk.sort! { |a, b| b[0] <=> a[0] }
-					res = stk[0][1]
-				end
-			end
-			res
-		end
-
-		#
-		#
-		#
-		def report_history(param)
-			execute(make_xml('ReportHistoryRequest', {'reportcfg-id' => param}))
-		end
-
-		#
-		#
-		#
-		def report_config_delete(param)
-			r = execute(make_xml('ReportDeleteRequest', {'reportcfg-id' => param}))
-			r.success
-		end
-
-		#
-		#
-		#
-		def report_delete(param)
-			r = execute(make_xml('ReportDeleteRequest', {'report-id' => param}))
-			r.success
-		end
-
-		#
-		#
-		#
-		def report_template_listing
-			r = execute(make_xml('ReportTemplateListingRequest', {}))
-
-			if (r.success)
-				res = []
-				r.res.elements.each("//ReportTemplateSummary") do |template|
-					desc = ''
-					template.elements.each("//description") do |ent|
-						desc = ent.text
-					end
-
-					res << {
-						:template_id => template.attributes['id'].to_s,
-						:name => template.attributes['name'].to_s,
-						:description => desc.to_s
-					}
-				end
-				res
-			else
-				false
-			end
-    end
-	end
-
-	# === Description
-	# Object that represents the summary of a Report Configuration.
-	#
-	class ReportConfigSummary
-		# The Report Configuration ID
-		attr_reader :id
-		# A unique name for the Report
-		attr_reader :name
-		# The report format
-		attr_reader :format
-		# The date of the last report generation
-		attr_reader :last_generated_on
-		# Relative URI of the last generated report
-		attr_reader :last_generated_uri
-
-		# Constructor
-		# ReportConfigSummary(id, name, format, last_generated_on, last_generated_uri)
-		def initialize(id, name, format, last_generated_on, last_generated_uri)
-
-			@id = id
-			@name = name
-			@format = format
-			@last_generated_on = last_generated_on
-			@last_generated_uri = last_generated_uri
-
-		end
-	end
-
-	# === Description
-	# Object that represents the schedule on which to automatically generate new reports.
-	class ReportHistory
-
-		# true if an error condition exists; false otherwise
-		attr_reader :error
-		# Error message string
-		attr_reader :error_msg
-		# The last XML request sent by this object
-		attr_reader :request_xml
-		# The last XML response received by this object
-		attr_reader :response_xml
-		# The NSC Connection associated with this object
-		attr_reader :connection
-		# The report definition (report config) ID
-		# Report definition ID
-		attr_reader :config_id
-		# Array (ReportSummary*)
-		attr_reader :report_summaries
-
-
-		def initialize(connection, config_id)
-
-			@error = false
-			@connection = connection
-			@config_id = config_id
-			@report_summaries = []
-
-			reportHistory_request = APIRequest.new('<ReportHistoryRequest session-id="' + "#{connection.session_id}" + '" reportcfg-id="' + "#{@config_id}" + '"/>', @connection.url)
-			reportHistory_request.execute()
-			@response_xml = reportHistory_request.response_xml
-			@request_xml = reportHistory_request.request_xml
-
-		end
-
-		def xml_parse(response)
-			response = REXML::Document.new(response.to_s)
-			status = response.root.attributes['success']
-			if (status == '1')
-				response.elements.each('ReportHistoryResponse/ReportSummary') do |r|
-					@report_summaries.push(ReportSummary.new(r.attributes["id"], r.attributes["cfg-id"], r.attributes["status"], r.attributes["generated-on"], r.attributes['report-uri']))
-				end
-			else
-				@error = true
-				@error_msg = 'Error ReportHistoryReponse'
-			end
-		end
-
-	end
-
-	# === Description
-	# Object that represents the summary of a single report.
-	class ReportSummary
-
-		# The Report ID
-		attr_reader :id
-		# The Report Configuration ID
-		attr_reader :cfg_id
-		# The status of this report
-		# available | generating | failed
-		attr_reader :status
-		# The date on which this report was generated
-		attr_reader :generated_on
-		# The relative URI of the report
-		attr_reader :report_uri
-
-		def initialize(id, cfg_id, status, generated_on, report_uri)
-
-			@id = id
-			@cfg_id = cfg_id
-			@status = status
-			@generated_on = generated_on
-			@report_uri = report_uri
-
-		end
-
-	end
-
-	# === Description
-	#
-	class ReportAdHoc
-		include XMLUtils
-
-		attr_reader :error
-		attr_reader :error_msg
-		attr_reader :connection
-		# Report Template ID strong e.g. full-audit
-		attr_reader :template_id
-		# pdf|html|xml|text|csv|raw-xml
-		attr_reader :format
-		# Array of (ReportFilter)*
-		attr_reader :filters
-		attr_reader :request_xml
-		attr_reader :response_xml
-		attr_reader :report_decoded
-
-
-		def initialize(connection, template_id = 'full-audit', format = 'raw-xml')
-
-			@error = false
-			@connection = connection
-			@filters = []
-			@template_id = template_id
-			@format = format
-
-		end
-
-		def addFilter(filter_type, id)
-
-			# filter_type can be site|group|device|scan
-			# id is the ID number. For scan, you can use 'last' for the most recently run scan
-			filter = ReportFilter.new(filter_type, id)
-			filters.push(filter)
-
-		end
-
-		def generate()
-			request_xml = '<ReportAdhocGenerateRequest session-id="' + @connection.session_id + '">'
-			request_xml += '<AdhocReportConfig template-id="' + @template_id + '" format="' + @format + '">'
-			request_xml += '<Filters>'
-			@filters.each do |f|
-				request_xml += '<filter type="' + f.type + '" id="'+ f.id.to_s + '"/>'
-			end
-			request_xml += '</Filters>'
-			request_xml += '</AdhocReportConfig>'
-			request_xml += '</ReportAdhocGenerateRequest>'
-
-			ad_hoc_request = APIRequest.new(request_xml, @connection.url)
-			ad_hoc_request.execute()
-
-			content_type_response = ad_hoc_request.raw_response.header['Content-Type']
-			if content_type_response =~ /multipart\/mixed;\s*boundary=([^\s]+)/
-				# NeXpose sends an incorrect boundary format which breaks parsing
-				# Eg: boundary=XXX; charset=XXX
-				# Fix by removing everything from the last semi-colon onward
-				last_semi_colon_index = content_type_response.index(/;/, content_type_response.index(/boundary/))
-				content_type_response = content_type_response[0, last_semi_colon_index]
-
-				data = "Content-Type: " + content_type_response + "\r\n\r\n" + ad_hoc_request.raw_response_data
-				doc = Rex::MIME::Message.new data
-				doc.parts.each do |part|
-					if /.*base64.*/ =~ part.header.to_s
-						if (@format == "text") or (@format == "pdf") or (@format == "csv")
-              						return part.content.unpack("m*")[0]
-            					else
-              						return parse_xml(part.content.unpack("m*")[0])
-            					end
-					end
-				end
-			end
-		end
-
-	end
-
-	# === Description
-	# Object that represents the configuration of a report definition.
-	#
-	class ReportConfig
-
-		# true if an error condition exists; false otherwise
-		attr_reader :error
-		# Error message string
-		attr_reader :error_msg
-		# The last XML request sent by this object
-		attr_reader :request_xml
-		# The last XML response received by this object
-		attr_reader :response_xml
-		# The NSC Connection associated with this object
-		attr_reader :connection
-		# The ID for this report definition
-		attr_reader :config_id
-		# A unique name for this report definition
-		attr_reader :name
-		# The template ID used for this report definition
-		attr_reader :template_id
-		# html, db, txt, xml, raw-xml, csv, pdf
-		attr_reader :format
-		# XXX new
-		attr_reader :timezone
-		# XXX new
-		attr_reader :owner
-		# Array of (ReportFilter)* - The Sites, Asset Groups, or Devices to run the report against
-		attr_reader :filters
-		# Automatically generate a new report at the conclusion of a scan
-		# 1 or 0
-		attr_reader :generate_after_scan
-		# Schedule to generate reports
-		# ReportSchedule Object
-		attr_reader :schedule
-		# Store the reports on the server
-		# 1 or 0
-		attr_reader :storeOnServer
-		# Location to store the report on the server
-		attr_reader :store_location
-		# Form to send the report via email
-		# "file", "zip", "url", or NULL (don’t send email)
-		attr_reader :email_As
-		# Send the Email to all Authorized Users
-		# boolean - Send the Email to all Authorized Users
-		attr_reader :email_to_all
-		# Array containing the email addresses of the recipients
-		attr_reader :email_recipients
-		# IP Address or Hostname of SMTP Relay Server
-		attr_reader :smtp_relay_server
-		# Sets the FROM field of the Email
-		attr_reader :sender
-		# TODO
-		attr_reader :db_export
-		# TODO
-		attr_reader :csv_export
-		# TODO
-		attr_reader :xml_export
-
-
-		def initialize(connection, config_id = -1)
-
-			@error = false
-			@connection = connection
-			@config_id = config_id
-			@xml_tag_stack = []
-			@filters = []
-			@email_recipients = []
-			@name = "New Report " + rand(999999999).to_s
-
-			r = @connection.execute('<ReportConfigRequest session-id="' + @connection.session_id.to_s + '" reportcfg-id="' + @config_id.to_s + '"/>')
-			if (r.success)
-				r.res.elements.each('ReportConfigResponse/ReportConfig') do |r|
-					@name = r.attributes['name']
-					@format = r.attributes['format']
-					@timezone = r.attributes['timezone']
-					@id = r.attributes['id']
-					@template_id = r.attributes['template-id']
-					@owner = r.attributes['owner']
-				end
-			else
-				@error = true
-				@error_msg = 'Error ReportHistoryReponse'
-			end
-		end
-
-		# === Description
-		# Generate a new report on this report definition. Returns the new report ID.
-		def generateReport(debug = false)
-			return generateReport(@connection, @config_id, debug)
-		end
-
-		# === Description
-		# Save the report definition to the NSC.
-		# Returns the config-id.
-		def saveReport()
-			r = @connection.execute('<ReportSaveRequest session-id="' + @connection.session_id.to_s + '">' + getXML().to_s + ' </ReportSaveRequest>')
-			if (r.success)
-				@config_id = r.attributes['reportcfg-id']
-				return true
-			end
-			return false
-		end
-
-		# === Description
-		# Adds a new filter to the report config
-		def addFilter(filter_type, id)
-			filter = ReportFilter.new(filter_type, id)
-			@filters.push(filter)
-		end
-
-		# === Description
-		# Adds a new email recipient
-		def addEmailRecipient(recipient)
-			@email_recipients.push(recipient)
-		end
-
-		# === Description
-		# Sets the schedule for this report config
-		def setSchedule(schedule)
-			@schedule = schedule
-		end
-
-		def getXML()
-
-			xml = '<ReportConfig id="' + @config_id.to_s + '" name="' + @name.to_s + '" template-id="' + @template_id.to_s + '" format="' + @format.to_s + '">'
-
-			xml += ' <Filters>'
-
-			@filters.each do |f|
-				xml += ' <filter type="' + f.type.to_s + '" id="' + f.id.to_s + '"/>'
-			end
-
-			xml += ' </Filters>'
-
-			xml += ' <Generate after-scan="' + @generate_after_scan.to_s + '">'
-
-			if (@schedule)
-				xml += ' <Schedule type="' + @schedule.type.to_s + '" interval="' + @schedule.interval.to_s + '" start="' + @schedule.start.to_s + '"/>'
-			end
-
-			xml += ' </Generate>'
-
-			xml += ' <Delivery>'
-
-			xml += ' <Storage storeOnServer="' + @storeOnServer.to_s + '">'
-
-			if (@store_location and @store_location.length > 0)
-				xml += ' <location>' + @store_location.to_s + '</location>'
-			end
-
-			xml += ' </Storage>'
-
-
-			xml += ' </Delivery>'
-
-			xml += ' </ReportConfig>'
-
-			return xml
-		end
-
-		def set_name(name)
-			@name = name
-		end
-
-		def set_template_id(template_id)
-			@template_id = template_id
-		end
-
-		def set_format(format)
-			@format = format
-		end
-
-		def set_email_As(email_As)
-			@email_As = email_As
-		end
-
-		def set_storeOnServer(storeOnServer)
-			@storeOnServer = storeOnServer
-		end
-
-		def set_smtp_relay_server(smtp_relay_server)
-			@smtp_relay_server = smtp_relay_server
-		end
-
-		def set_sender(sender)
-			@sender = sender
-		end
-
-		def set_generate_after_scan(generate_after_scan)
-			@generate_after_scan = generate_after_scan
-		end
-	end
-
-	# === Description
-	# Object that represents a report filter which determines which sites, asset
-	# groups, and/or devices that a report is run against.  gtypes are
-	# "SiteFilter", "AssetGroupFilter", "DeviceFilter", or "ScanFilter".  gid is
-	# the site-id, assetgroup-id, or devce-id.  ScanFilter, if used, specifies
-	# a specifies a specific scan to use as the data source for the report. The gid
-	# can be a specific scan-id or "first" for the first run scan, or “last” for
-	# the last run scan.
-	#
-	class ReportFilter
-
-		attr_reader :type
-		attr_reader :id
-
-		def initialize(type, id)
-
-			@type = type
-			@id = id
-
-		end
-
-	end
-
-
-	# === Description
-	# Object that represents the schedule on which to automatically generate new reports.
-	#
-	class ReportSchedule
-
-		# The type of schedule
-		# (daily, hourly, monthly, weekly)
-		attr_reader :type
-		# The frequency with which to run the scan
-		attr_reader :interval
-		# The earliest date to generate the report
-		attr_reader :start
-
-		def initialize(type, interval, start)
-
-			@type = type
-			@interval = interval
-			@start = start
-
-		end
-
-
-	end
-
-	class ReportTemplateListing
-
-		attr_reader :error_msg
-		attr_reader :error
-		attr_reader :request_xml
-		attr_reader :response_xml
-		attr_reader :connection
-		attr_reader :xml_tag_stack
-		attr_reader :report_template_summaries #;  //Array (ReportTemplateSummary*)
-
-
-		def initialize(connection)
-
-			@error = nil
-			@connection = connection
-			@report_template_summaries = []
-
-			r = @connection.execute('<ReportTemplateListingRequest session-id="' + connection.session_id.to_s + '"/>')
-			if (r.success)
-				r.res.elements.each('ReportTemplateListingResponse/ReportTemplateSummary') do |r|
-					@report_template_summaries.push(ReportTemplateSummary.new(r.attributes['id'], r.attributes['name'], r.attributes['description']))
-				end
-			else
-				@error = true
-				@error_msg = 'ReportTemplateListingRequest Parse Error'
-			end
-
-		end
-
-  end
-
-  class ReportListing
-
-    attr_reader :error_msg
-    attr_reader :error
-    attr_reader :request_xml
-    attr_reader :response_xml
-    attr_reader :connection
-    attr_reader :xml_tag_stack
-    attr_reader :report_summaries #; //Array (ReportSummary*)
-
-    def initialize(connection)
-
-      @error = nil
-      @connetion = connection
-      @report_summaries = []
-
-      r = @connetion.execute('<ReportListingRequest session-id="' + connection.session_id.to_s + '"/>')
-      if (r.success)
-        r.res.elements.each('ReportListingResponse/ReportConfigSummary') do |r|
-          @report_summaries.push(ReportSummary.new(r.attributes['template-id'], r.attributes['cfg-id'], r.attributes['status'], r.attributes['generated-on'], r.attributes['report-URI']))
-        end
-      else
-        @error = true
-        @error_msg = 'ReportListingRequest Parse Error'
-      end
-    end
-  end
-
-
-	class ReportTemplateSummary
-
-		attr_reader :id
-		attr_reader :name
-		attr_reader :description
-
-		def initialize(id, name, description)
-
-			@id = id
-			@name = name
-			@description = description
-
-		end
-
-	end
-
-
-	class ReportSection
-
-		attr_reader :name
-		attr_reader :properties
-
-		def initialize(name)
-
-			@properties = []
-			@name = name
-		end
-
-
-		def addProperty(name, value)
-
-			@properties[name.to_s] = value
-		end
-
-	end
-
-end
+module Nexpose
+  module NexposeAPI
+    include XMLUtils
+
+    # Generate a new report using the specified report definition.
+    def generate_report(report_id, wait = false)
+      xml = make_xml('ReportGenerateRequest', {'report-id' => report_id})
+      response = execute(xml)
+      summary = nil
+      if response.success
+        response.res.elements.each('//ReportSummary') do |summary|
+          summary = ReportSummary.parse(summary)
+          # If not waiting or the report is finished, return now.
+          return summary unless wait and summary.status == 'Started'
+        end
+      end
+      so_far = 0
+      while wait
+        summary = last_report(report_id)
+        return summary unless summary.status == 'Started'
+        sleep 5
+        so_far += 5
+        if so_far % 60 == 0
+          puts "Still waiting. Current status: #{summary.status}"
+        end
+      end
+      nil
+    end
+
+    # Provide a history of all reports generated with the specified report
+    # definition.
+    def report_history(report_config_id)
+      xml = make_xml('ReportHistoryRequest', {'reportcfg-id' => report_config_id})
+      ReportSummary.parse_all(execute(xml))
+    end
+
+    # Get the details of the last report generated with the specified report id.
+    def last_report(report_config_id)
+      history = report_history(report_config_id)
+      history.sort { |a, b| b.generated_on <=> a.generated_on }.first
+    end
+
+    # Delete a previously generated report definition.
+    # Also deletes any reports generated from that configuration.
+    def delete_report_config(report_config_id)
+      xml = make_xml('ReportDeleteRequest', {'reportcfg-id' => report_config_id})
+      execute(xml).success
+    end
+
+    # Delete a previously generated report.
+    def delete_report(report_id)
+      xml = make_xml('ReportDeleteRequest', {'report-id' => report_id})
+      execute(xml).success
+    end
+
+    # Provide a list of all report templates the user can access on the
+    # Security Console.
+    def report_template_listing
+      r = execute(make_xml('ReportTemplateListingRequest', {}))
+      templates = []
+      if (r.success)
+        r.res.elements.each('//ReportTemplateSummary') do |template|
+          templates << ReportTemplateSummary.parse(template)
+        end
+      end
+      templates
+    end
+
+    # Retrieve the configuration for a report template.
+    def get_report_template(template_id)
+      xml = make_xml('ReportTemplateConfigRequest', {'template-id' => template_id})
+      ReportTemplate.parse(execute(xml))
+    end
+
+    # Provide a listing of all report definitions the user can access on the
+    # Security Console.
+    def report_listing
+      r = execute(make_xml('ReportListingRequest', {}))
+      reports = []
+      if (r.success)
+        r.res.elements.each('//ReportConfigSummary') do |report|
+          reports << ReportConfigSummary.parse(report)
+        end
+      end
+      reports
+    end
+
+    # Retrieve the configuration for a report definition.
+    def get_report_config(report_config_id)
+      xml = make_xml('ReportConfigRequest', {'reportcfg-id' => report_config_id})
+      ReportConfig.parse(execute(xml))
+    end
+  end
+
+  # Data object for report configuration information.
+  # Not meant for use in creating new configurations.
+  class ReportConfigSummary
+    # The report definition (config) ID.
+    attr_reader :config_id
+    # The ID of the report template.
+    attr_reader :template_id
+    # The current status of the report.
+    # One of: Started|Generated|Failed|Aborted|Unknown
+    attr_reader :status
+    # The date and time the report was generated, in ISO 8601 format.
+    attr_reader :generated_on
+    # The URL to use to access the report (not set for database exports).
+    attr_reader :uri
+    # The visibility (scope) of the report definition.
+    # One of: (global|silo).
+    attr_reader :scope
+
+    def initialize(config_id, template_id, status, generated_on, uri, scope)
+      @config_id = config_id
+      @template_id = template_id
+      @status = status 
+      @generated_on = generated_on 
+      @uri = uri 
+      @scope = scope 
+    end
+
+    def self.parse(xml)
+      ReportConfigSummary.new(xml.attributes['cfg-id'],
+                              xml.attributes['template-id'],
+                              xml.attributes['status'],
+                              xml.attributes['generated-on'],
+                              xml.attributes['report-URI'],
+                              xml.attributes['scope'])
+    end
+  end
+
+  # Summary of a single report.
+  class ReportSummary
+    # The id of the generated report.
+    attr_reader :id
+    # The report definition (configuration) ID.
+    attr_reader :config_id
+    # The current status of the report.
+    # One of: Started|Generated|Failed|Aborted|Unknown
+    attr_reader :status
+    # The date and time the report was generated, in ISO 8601 format.
+    attr_reader :generated_on
+    # The relative URI to use to access the report.
+    attr_reader :uri
+
+    def initialize(id, config_id, status, generated_on, uri)
+      @id = id
+      @config_id = config_id
+      @status = status
+      @generated_on = generated_on
+      @uri = uri
+    end
+
+    # Delete this report.
+    def delete(connection)
+      connection.delete_report(@id)
+    end
+
+    def self.parse(xml)
+      ReportSummary.new(xml.attributes['id'], xml.attributes['cfg-id'], xml.attributes['status'], xml.attributes['generated-on'], xml.attributes['report-URI'])
+    end
+
+    def self.parse_all(response)
+      summaries = []
+      if (response.success)
+        response.res.elements.each('//ReportSummary') do |summary|
+          summaries << ReportSummary.parse(summary)
+        end
+      end
+      summaries
+    end
+  end
+
+  # Definition object for an adhoc report configuration.
+  #
+  # NOTE: Only text, pdf, and csv currently work reliably.
+  class AdhocReportConfig
+    # The ID of the report template used.
+    attr_accessor :template_id
+    # Format. One of: pdf|html|rtf|xml|text|csv|db|raw-xml|raw-xml-v2|ns-xml|qualys-xml
+    attr_accessor :format
+
+    # Array of filters associated with this report.
+    attr_accessor :filters
+    # Baseline comparison highlights the changes between two scans, including
+    # newly discovered assets, services and vulnerabilities, assets and services
+    # that are no longer available and vulnerabilities that were mitigated or
+    # fixed. The current scan results can be compared against the results of the
+    # first scan, the most recent (previous) scan, or the scan results from a
+    # particular date.
+    attr_accessor :baseline
+
+    def initialize(template_id, format, site_id = nil)
+      @template_id = template_id 
+      @format = format 
+
+      @filters = []
+      @filters << Filter.new('site', site_id) if site_id
+    end
+
+    # Add a new filter to this report configuration.
+    def add_filter(type, id)
+      filters << Filter.new(type, id)
+    end
+
+    def to_xml
+      xml = %Q{<AdhocReportConfig format='#{@format}' template-id='#{@template_id}'>}
+
+      xml << '<Filters>'
+      @filters.each { |filter| xml << filter.to_xml }
+      xml << '</Filters>'
+
+      xml << %Q{<Baseline compareTo='#{@baseline}' />} if @baseline
+
+      xml << '</AdhocReportConfig>'
+    end
+
+    include XMLUtils
+
+    # Generate a report once using a simple configuration, and send it back
+    # in a multi-part mime response.
+    def generate(connection)
+      xml = %Q{<ReportAdhocGenerateRequest session-id='#{connection.session_id}'>}
+      xml << to_xml
+      xml << '</ReportAdhocGenerateRequest>'
+      response = connection.execute(xml)
+      if response.success
+        content_type_response = response.raw_response.header['Content-Type']
+        if content_type_response =~ /multipart\/mixed;\s*boundary=([^\s]+)/
+          # Nexpose sends an incorrect boundary format which breaks parsing
+          # e.g., boundary=XXX; charset=XXX
+          # Fix by removing everything from the last semi-colon onward.
+          last_semi_colon_index = content_type_response.index(/;/, content_type_response.index(/boundary/))
+          content_type_response = content_type_response[0, last_semi_colon_index]
+
+          data = 'Content-Type: ' + content_type_response + "\r\n\r\n" + response.raw_response_data
+          doc = Rex::MIME::Message.new(data)
+          doc.parts.each do |part|
+            if /.*base64.*/ =~ part.header.to_s
+              if (@format == 'text') or (@format == 'pdf') or (@format == 'csv')
+                return part.content.unpack('m*')[0]
+              else
+                # FIXME This isn't working.
+                return parse_xml(part.content.unpack("m*")[0])
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+
+  # Definition object for a report configuration.
+  class ReportConfig < AdhocReportConfig
+    # The ID of the report definition (config).
+    # Use -1 to create a new definition.
+    attr_accessor :id
+    # The unique name assigned to the report definition.
+    attr_accessor :name
+    attr_accessor :owner
+    attr_accessor :time_zone
+
+    # Description associated with this report.
+    attr_accessor :description
+    # Array of user IDs which have access to resulting reports.
+    attr_accessor :users
+    # Configuration of when a report is generated.
+    attr_accessor :generate
+    # Report delivery configuration.
+    attr_accessor :delivery
+    # Database export configuration.
+    attr_accessor :db_export
+
+    # Construct a basic ReportConfig object.
+    def initialize(name, template_id, format, id = -1, owner = nil, time_zone = nil)
+      @name = name
+      @template_id = template_id
+      @format = format
+      @id = id
+      @owner = owner
+      @time_zone = time_zone
+
+      @filters = []
+      @users = []
+    end
+
+    # Retrieve the configuration for an existing report definition.
+    def self.get(connection, report_config_id)
+      connection.get_report_config(report_config_id)
+    end
+
+    # Build and save a report configuration against the specified site using
+    # the supplied type and format.
+    #
+    # Returns the new configuration.
+    def self.build(connection, site_id, site_name, type, format, generate_now = false)
+      name = %Q{#{site_name} #{type} report in #{format}}
+      config = ReportConfig.new(name, type, format)
+      config.generate = Generate.new(true, false)
+      config.filters << Filter.new('site', site_id)
+      config.save(connection, generate_now)
+      config
+    end
+
+    # Save the configuration of this report definition.
+    def save(connection, generate_now = false)
+      xml = %Q{<ReportSaveRequest session-id='#{connection.session_id}' generate-now='#{generate_now ? 1 : 0}'>}
+      xml << to_xml
+      xml << '</ReportSaveRequest>'
+      response = connection.execute(xml)
+      if response.success
+        @id = response.attributes['reportcfg-id']
+      end
+    end
+
+    # Generate a new report using this report definition.
+    def generate(connection, wait = false)
+      connection.generate_report(@id, wait)
+    end
+
+    # Delete this report definition from the Security Console.
+    # Deletion will also remove all reports previously generated from the
+    # configuration.
+    def delete(connection)
+      connection.delete_report_config(@id)
+    end
+
+    def to_xml
+      xml = %Q{<ReportConfig format='#{@format}' id='#{@id}' name='#{@name}' owner='#{@owner}' template-id='#{@template_id}' timezone='#{@time_zone}'>}
+      xml << %Q{<description>#{@description}</description>} if @description
+
+      xml << '<Filters>'
+      @filters.each { |filter| xml << filter.to_xml }
+      xml << '</Filters>'
+
+      xml << '<Users>'
+      @users.each { |user| xml << %Q{<user id='#{user}' />} }
+      xml << '</Users>'
+
+      xml << %Q{<Baseline compareTo='#{@baseline}' />} if @baseline
+      xml << @generate.to_xml if @generate
+      xml << @delivery.to_xml if @delivery
+      xml << @db_export.to_xml if @db_export
+
+      xml << '</ReportConfig>'
+    end
+
+    def self.parse(xml)
+      xml.res.elements.each('//ReportConfig') do |cfg|
+        config = ReportConfig.new(cfg.attributes['name'],
+                                  cfg.attributes['template-id'],
+                                  cfg.attributes['format'],
+                                  cfg.attributes['id'],
+                                  cfg.attributes['owner'],
+                                  cfg.attributes['timezone'])
+
+        cfg.elements.each('//description') do |desc|
+          config.description = desc.text
+        end
+
+        config.filters = Filter.parse(xml)
+
+        cfg.elements.each('//user') do |user|
+          config.users << user.attributes['id'].to_i
+        end
+
+        cfg.elements.each('//Baseline') do |baseline|
+          config.baseline = baseline.attributes['compareTo']
+        end
+
+        config.generate = Generate.parse(cfg)
+        config.delivery = Delivery.parse(cfg)
+        config.db_export = DBExport.parse(cfg)
+
+        return config
+      end
+      nil
+    end
+  end
+
+  # Object that represents a report filter which determines which sites, asset
+  # groups, and/or devices that a report is run against.
+  # 
+  # The configuration must include at least one of device (asset), site,
+  # group (asset group) or scan filter to define the scope of report.
+  # The vuln-status filter can be used only with raw report formats: csv
+  # or raw_xml. If the vuln-status filter is not included in the configuration,
+  # all the vulnerability test results (including invulnerable instances) are
+  # exported by default in csv and raw_xml reports.
+  class Filter
+    # The ID of the specific site, group, device, or scan.
+    # For scan, this can also be "last" for the most recently run scan.
+    # For vuln-status, the ID can have one of the following values:
+    # 1. vulnerable-exploited (The check was positive. An exploit verified the vulnerability.)
+    # 2. vulnerable-version (The check was positive. The version of the scanned service or software is associated with known vulnerabilities.)
+    # 3. potential (The check for a potential vulnerability was positive.)
+    # These values are supported for CSV and XML formats.
+    attr_reader :id
+    # One of: site|group|device|scan|vuln-categories|vuln-severity|vuln-status|cyberscope-component|cyberscope-bureau|cyberscope-enclave
+    attr_reader :type
+
+    def initialize(type, id)
+      @type = type
+      @id = id
+    end
+
+    def to_xml
+      %Q{<filter id='#{@id}' type='#{@type}' />}
+    end
+
+    def self.parse(xml)
+      filters = []
+      xml.res.elements.each('//Filters/filter') do |filter|
+        filters << Filter.new(filter.attributes['type'], filter.attributes['id']) 
+      end
+      filters
+    end
+  end
+
+  # Data object associated with when a report is generated.
+  class Generate
+    # Will the report be generated after a scan completes (true),
+    # or is it ad-hoc/scheduled (false).
+    attr_accessor :after_scan
+    # Whether or not a scan is scheduled.
+    attr_accessor :scheduled
+    # Schedule associated with the report.
+    attr_accessor :schedule
+
+    def initialize(after_scan, scheduled, schedule = nil)
+      @after_scan = after_scan
+      @scheduled = scheduled
+      @schedule = schedule
+    end
+
+    def to_xml
+      xml = %Q{<Generate after-scan='#{@after_scan ? 1 : 0}' schedule='#{@scheduled ? 1 : 0}'>}
+      xml << @schedule.to_xml if @schedule
+      xml << '</Generate>'
+    end
+
+    def self.parse(xml)
+      xml.elements.each('//Generate') do |generate|
+        if generate.attributes['after-scan'] == '1'
+          return Generate.new(true, false)
+        else
+          if generate.attributes['schedule'] == '1'
+            schedule = Schedule.parse(xml)
+            return Generate.new(false, true, schedule)
+          end
+          return Generate.new(false, false)
+        end
+      end
+      nil
+    end
+  end
+
+  # Data object for configuration of where a report is stored or delivered.
+  class Delivery
+    # Whether to store report on server.
+    attr_accessor :store_on_server
+    # Directory location to store report in (for non-default storage).
+    attr_accessor :location
+    # E-mail configuration.
+    attr_accessor :email
+
+    def initialize(store_on_server, location = nil, email = nil)
+      @store_on_server = store_on_server
+      @location = location
+      @email = email
+    end
+
+    def to_xml
+      xml = '<Delivery>'
+      xml << %Q{<Storage storeOnServer='#{@store_on_server ? 1 : 0}'>}
+      xml << %Q{<location>#{@location}</location>} if @location
+      xml << '</Storage>'
+      xml << @email.to_xml if @email
+      xml << '</Delivery>'
+    end
+
+    def self.parse(xml)
+      xml.elements.each('//Delivery') do |delivery|
+        on_server = false
+        location = nil
+        xml.elements.each('//Storage') do |storage|
+          on_server = true if storage.attributes['storeOnServer'] == '1'
+          xml.elements.each('//location') do |loc|
+            location = loc.text
+          end
+        end
+
+        email = Email.parse(xml)
+
+        return Delivery.new(on_server, location, email)
+      end
+      nil
+    end
+  end
+
+  # Configuration structure for database exporting of reports.
+  class DBExport
+    # The DB type to export to.
+    attr_accessor :type
+    # Credentials needed to export to the specified database.
+    attr_accessor :credentials
+    # Map of parameters for this DB export configuration.
+    attr_accessor :parameters
+
+    def initialize(type)
+      @type = type
+      @parameters = {}
+    end
+
+    def to_xml
+      xml = %Q{<DBExport type='#{@type}'>}
+      xml << @credentials.to_xml if @credentials
+      @parameters.each_pair do |name, value|
+        xml << %Q{<param name='#{name}'>#{value}</param>}
+      end
+      xml << '</DBExport>'
+    end
+
+    def self.parse(xml)
+      xml.elements.each('//DBExport') do |dbexport|
+        config = DBExport.new(dbexport.attributes['type'])
+        config.credentials = ExportCredential.parse(xml) 
+        xml.elements.each('//param') do |param|
+          config.parameters[param.attributes['name']] = param.text
+        end
+        return config
+      end
+      nil
+    end
+  end
+
+  # DBExport credentials configuration object.
+  #
+  # The user_id, password and realm attributes should ONLY be used
+  # if a security blob cannot be generated and the data is being
+  # transmitted/stored using external encryption (e.g., HTTPS).
+  class ExportCredential
+    # Security blob for exporting to a database.
+    attr_accessor :credential
+    attr_accessor :user_id
+    attr_accessor :password
+    # DB specific, usually the database name.
+    attr_accessor :realm
+
+    def initialize(credential)
+      @credential = credential
+    end
+
+    def to_xml
+      xml = '<credentials'
+      xml << %Q{ userid='#{@user_id}'} if @user_id
+      xml << %Q{ password='#{@password}'} if @password
+      xml << %Q{ realm='#{@realm}'} if @realm
+      xml << '>'
+      xml << @credential if @credential
+      xml << '</credentials>'
+    end
+
+    def self.parse(xml)
+      xml.elements.each('//credentials') do |creds|
+        credential = ExportCredential.new(creds.text)
+        # The following attributes may not exist.
+        credential.user_id = creds.attributes['userid']
+        credential.password = creds.attributes['password']
+        credential.realm = creds.attributes['realm']
+        return credential
+      end
+      nil
+    end
+  end
+
+  # Data object for report template summary information.
+  # Not meant for use in creating new templates.
+  class ReportTemplateSummary
+    # The ID of the report template.
+    attr_reader :id
+    # The name of the report template.
+    attr_reader :name
+    # One of: data|document. With a data template, you can export
+    # comma-separated value (CSV) files with vulnerability-based data.
+    # With a document template, you can create PDF, RTF, HTML, or XML reports
+    # with asset-based information.
+    attr_reader :type
+    # The visibility (scope) of the report template. One of: global|silo
+    attr_reader :scope
+    # Whether the report template is built-in, and therefore cannot be modified.
+    attr_reader :built_in
+    # Description of the report template.
+    attr_reader :description
+
+    def initialize(id, name, type, scope, built_in, description)
+      @id = id
+      @name = name
+      @type = type
+      @scope = scope
+      @built_in = built_in
+      @description = description
+    end
+
+    def self.parse(xml)
+      description = nil
+      xml.elements.each('description') { |desc| description = desc.text }
+      ReportTemplateSummary.new(xml.attributes['id'],
+                                xml.attributes['name'],
+                                xml.attributes['type'],
+                                xml.attributes['scope'],
+                                xml.attributes['builtin'] == '1',
+                                description)
+    end
+  end
+
+  # Definition object for a report template.
+  class ReportTemplate
+    # The ID of the report template.
+    attr_accessor :id
+    # The name of the report template.
+    attr_accessor :name
+    # With a data template, you can export comma-separated value (CSV) files
+    # with vulnerability-based data. With a document template, you can create
+    # PDF, RTF, HTML, or XML reports with asset-based information. When you
+    # retrieve a report template, the type will always be visible even though
+    # type is implied. When ReportTemplate is sent as a request, and the type
+    # attribute is not provided, the type attribute defaults to document,
+    # allowing for backward compatibility with existing API clients.
+    attr_accessor :type
+    # The visibility (scope) of the report template.
+    # One of: global|silo
+    attr_accessor :scope
+    # The report template is built-in, and cannot be modified.
+    attr_accessor :built_in
+    # Description of this report template.
+    attr_accessor :description
+
+    # Array of report sections.
+    attr_accessor :sections
+    # Map of report properties.
+    attr_accessor :properties
+    # Array of report attributes, in the order they will be present in a report.
+    attr_accessor :attributes
+    # Display asset names with IPs.
+    attr_accessor :show_device_names
+
+    def initialize(name, type = 'document', id = -1, scope = 'silo', built_in = false)
+      @name = name
+      @type = type
+      @id = id
+      @scope = scope
+      @built_in = built_in
+
+      @sections = []
+      @properties = {}
+      @attributes = []
+      @show_device_names = false
+    end
+
+    # Save the configuration for a report template.
+    def save(connection)
+      xml = %Q{<ReportTemplateSaveRequest session-id='#{connection.session_id}' scope='#{@scope}'>}
+      xml << to_xml
+      xml << '</ReportTemplateSaveRequest>'
+      response = connection.execute(xml)
+      if response.success
+        @id = response.attributes['template-id']
+      end
+    end
+
+    def delete(connection)
+      xml = %Q{<ReportTemplateDeleteRequest session-id='#{connection.session_id}' template-id='#{@id}'>}
+      xml << '</ReportTemplateDeleteRequest>'
+      response = connection.execute(xml)
+      if response.success
+        @id = response.attributes['template-id']
+      end
+    end
+
+    # Retrieve the configuration for a report template.
+    def self.get(connection, template_id)
+      connection.get_report_template(template_id)
+    end
+
+    include Sanitize
+
+    def to_xml
+      xml = %Q{<ReportTemplate id='#{@id}' name='#{@name}' type='#{@type}'}
+      xml << %Q{ scope='#{@scope}'} if @scope
+      xml << %Q{ builtin='#{@built_in}'} if @built_in
+      xml << '>'
+      xml << %Q{<description>#{@description}</description>} if @description
+
+      unless @attributes.empty?
+        xml << '<ReportAttributes>'
+        @attributes.each do |attr|
+          xml << %Q(<ReportAttribute name='#{attr}'/>)
+        end
+        xml << '</ReportAttributes>'
+      end
+
+      unless @sections.empty?
+        xml << '<ReportSections>'
+        properties.each_pair do |name, value|
+          xml << %Q{<property name='#{name}'>#{replace_entities(value)}</property>}
+        end
+        @sections.each { |section| xml << section.to_xml }
+        xml << '</ReportSections>'
+      end
+
+      xml << %Q{<Settings><showDeviceNames enabled='#{@show_device_names ? 1 : 0}' /></Settings>}
+      xml << '</ReportTemplate>'
+    end
+
+    def self.parse(xml)
+      xml.res.elements.each('//ReportTemplate') do |tmp|
+        template = ReportTemplate.new(tmp.attributes['name'],
+                                      tmp.attributes['type'],
+                                      tmp.attributes['id'],
+                                      tmp.attributes['scope'] || 'silo',
+                                      tmp.attributes['builtin'])
+        tmp.elements.each('//description') do |desc|
+          template.description = desc.text
+        end
+
+        tmp.elements.each('//ReportAttributes/ReportAttribute') do |attr|
+          template.attributes << attr.attributes['name']
+        end
+
+        tmp.elements.each('//ReportSections/property') do |property|
+          template.properties[property.attributes['name']] = property.text
+        end
+
+        tmp.elements.each('//ReportSection') do |section|
+          template.sections << Section.parse(section)
+        end
+
+        tmp.elements.each('//showDeviceNames') do |show|
+          template.show_device_names = show.attributes['enabled'] == '1'
+        end
+
+        return template
+      end
+      nil
+    end
+  end
+
+  # Section specific content to include in a report template.
+  class Section
+    # Name of the report section.
+    attr_accessor :name
+    # Map of properties specific to the report section.
+    attr_accessor :properties
+
+    def initialize(name)
+      @name = name
+      @properties = {}
+    end
+
+    include Sanitize
+
+    def to_xml
+      xml = %Q{<ReportSection name='#{@name}'>}
+      properties.each_pair do |name, value|
+        xml << %Q{<property name='#{name}'>#{replace_entities(value)}</property>}
+      end
+      xml << '</ReportSection>'
+    end
+
+    def self.parse(xml)
+      name = xml.attributes['name']
+      xml.elements.each("//ReportSection[@name='#{name}']") do |elem|
+        section = Section.new(name)
+        elem.elements.each("//ReportSection[@name='#{name}']/property") do |property|
+          section.properties[property.attributes['name']] = property.text
+        end
+        return section
+      end
+      nil
+    end
+  end
+end