From 00075af1d9a2afcb7bcb0cd6af4e4fc3b41a621f Mon Sep 17 00:00:00 2001
From: Xavi Vila <xavivm@gmail.com>
Date: Thu, 28 Jun 2018 14:15:13 +0100
Subject: [PATCH 1/2] using Nokogiri::XML::Reader

---
 lib/dradis/plugins/nessus/importer.rb         | 46 +++++++++++--------
 .../plugins/nessus/field_processor_spec.rb    |  2 +-
 2 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/lib/dradis/plugins/nessus/importer.rb b/lib/dradis/plugins/nessus/importer.rb
index c51734f..ec3b43f 100644
--- a/lib/dradis/plugins/nessus/importer.rb
+++ b/lib/dradis/plugins/nessus/importer.rb
@@ -11,26 +11,34 @@ def import(params={})
       doc = Nokogiri::XML( file_content )
       logger.info{'Done.'}
 
-      if doc.xpath('/NessusClientData_v2/Report').empty?
-        error = "No reports were detected in the uploaded file (/NessusClientData_v2/Report). Ensure you uploaded a Nessus XML v2 (.nessus) report."
-        logger.fatal{ error }
-        content_service.create_note text: error
-        return false
+      # if doc.xpath('/NessusClientData_v2/Report').empty?
+      #   error = "No reports were detected in the uploaded file (/NessusClientData_v2/Report). Ensure you uploaded a Nessus XML v2 (.nessus) report."
+      #   logger.fatal{ error }
+      #   content_service.create_note text: error
+      #   return false
+      # end
+
+      logger.info { 'Parsing nessus output file...' }
+      Nokogiri::XML::Reader(file_content).each do |node|
+        if node.name == 'ReportHost' && node.node_type == Nokogiri::XML::Reader::TYPE_ELEMENT
+          process_report_host(Nokogiri::XML(node.outer_xml).at('./ReportHost'))
+        end
       end
-
-      doc.xpath('/NessusClientData_v2/Report').each do |xml_report|
-        report_label = xml_report.attributes['name'].value
-        logger.info{ "Processing report: #{report_label}" }
-        # No need to create a report node for each report. It may be good to
-        # create a plugin.output/nessus.reports with info for each scan, but
-        # for the time being we just append stuff to the Host
-        # report_node = parent.children.find_or_create_by_label(report_label)
-
-        xml_report.xpath('./ReportHost').each do |xml_host|
-          process_report_host(xml_host)
-        end #/ReportHost
-        logger.info{ "Report processed." }
-      end  #/Report
+      logger.info { 'Done.' }
+
+      # doc.xpath('/NessusClientData_v2/Report').each do |xml_report|
+      #   report_label = xml_report.attributes['name'].value
+      #   logger.info{ "Processing report: #{report_label}" }
+      #   # No need to create a report node for each report. It may be good to
+      #   # create a plugin.output/nessus.reports with info for each scan, but
+      #   # for the time being we just append stuff to the Host
+      #   # report_node = parent.children.find_or_create_by_label(report_label)
+      #
+      #   xml_report.xpath('./ReportHost').each do |xml_host|
+      #     process_report_host(xml_host)
+      #   end #/ReportHost
+      #   logger.info{ "Report processed." }
+      # end  #/Report
 
       return true
     end # /import
diff --git a/spec/dradis/plugins/nessus/field_processor_spec.rb b/spec/dradis/plugins/nessus/field_processor_spec.rb
index 63c2482..ea710dc 100644
--- a/spec/dradis/plugins/nessus/field_processor_spec.rb
+++ b/spec/dradis/plugins/nessus/field_processor_spec.rb
@@ -12,7 +12,7 @@
         value = processor.value(field: 'report_item.description')
         expect(value).to_not be_empty
 
-        expect(value).to include("* A denial of service vulnerability exists relating to the 'mod_dav' module as it relates to MERGE requests. (CVE-2013-1896)")
+        expect(value).to include("* A denial of service vulnerability exists relating to the 'mod_dav' module as it relates to MERGE requests.\n\n    (CVE-2013-1896)")
       end
     end
   end

From 042d26f702147cd5d98ca80bb6fd42a9b7409560 Mon Sep 17 00:00:00 2001
From: Xavi Vila <xavivm@gmail.com>
Date: Thu, 28 Jun 2018 14:33:03 +0100
Subject: [PATCH 2/2] comments cleanup

---
 lib/dradis/plugins/nessus/importer.rb | 29 ++-------------------------
 1 file changed, 2 insertions(+), 27 deletions(-)

diff --git a/lib/dradis/plugins/nessus/importer.rb b/lib/dradis/plugins/nessus/importer.rb
index ec3b43f..fcf44f2 100644
--- a/lib/dradis/plugins/nessus/importer.rb
+++ b/lib/dradis/plugins/nessus/importer.rb
@@ -5,18 +5,7 @@ class Importer < Dradis::Plugins::Upload::Importer
     # the dropdown list and uploads a file.
     # @returns true if the operation was successful, false otherwise
     def import(params={})
-      file_content    = File.read( params[:file] )
-
-      logger.info{'Parsing nessus output file...'}
-      doc = Nokogiri::XML( file_content )
-      logger.info{'Done.'}
-
-      # if doc.xpath('/NessusClientData_v2/Report').empty?
-      #   error = "No reports were detected in the uploaded file (/NessusClientData_v2/Report). Ensure you uploaded a Nessus XML v2 (.nessus) report."
-      #   logger.fatal{ error }
-      #   content_service.create_note text: error
-      #   return false
-      # end
+      file_content = File.read(params[:file])
 
       logger.info { 'Parsing nessus output file...' }
       Nokogiri::XML::Reader(file_content).each do |node|
@@ -26,21 +15,7 @@ def import(params={})
       end
       logger.info { 'Done.' }
 
-      # doc.xpath('/NessusClientData_v2/Report').each do |xml_report|
-      #   report_label = xml_report.attributes['name'].value
-      #   logger.info{ "Processing report: #{report_label}" }
-      #   # No need to create a report node for each report. It may be good to
-      #   # create a plugin.output/nessus.reports with info for each scan, but
-      #   # for the time being we just append stuff to the Host
-      #   # report_node = parent.children.find_or_create_by_label(report_label)
-      #
-      #   xml_report.xpath('./ReportHost').each do |xml_host|
-      #     process_report_host(xml_host)
-      #   end #/ReportHost
-      #   logger.info{ "Report processed." }
-      # end  #/Report
-
-      return true
+      true
     end # /import