Importing Nexpose reports should retain test keys (which are usually some kind of proof or expanded details about a vulnerability).

git-svn-id: file:///home/svn/framework3/trunk@12442 4d416f70-5f16-0410-b530-b9f4589650da

lib/msf/core/db.rb

@@ -3243,6 +3243,22 @@ class DBManager
 			report_import_note(wspace, hobj)
 		end
 
+		if h["notes"]
+			note = {
+				:workspace => wspace,
+				:host => (hobj || addr),
+				:type => "host.vuln.nexpose_keys",
+				:data => {},
+				:mode => :unique_data
+			}
+			h["notes"].each do |v,k|
+				note[:data][v] ||= []
+				next if note[:data][v].include? k
+			 	note[:data][v] << k
+			end
+			report_note(note)
+		end
+
 		if h["os_family"]
 			note = {
 				:workspace => wspace,

lib/rex/parser/nexpose_xml.rb

@@ -51,6 +51,10 @@ class NexposeXMLStreamParser
 		when "test"
 			if attributes["status"] == "vulnerable-exploited" or attributes["status"] == "vulnerable-version"
 				@host["vulns"][attributes["id"]] = attributes.dup
+				if attributes["key"]
+					@host["notes"] ||= []
+					@host["notes"] << [attributes["id"], attributes["key"]]
+				end
 			end
 		when "vulnerability"
 			@vuln.merge! attributes