RubyGems - foreman_openscap - Versions diffs - 4.1.3 → 4.3.3 - Mend

foreman_openscap 4.1.3 → 4.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (193) hide show

data/app/views/api/v2/compliance/oval_contents/index.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+collection @oval_contents
+extends "api/v2/compliance/oval_contents/base"

data/app/views/api/v2/compliance/oval_contents/show.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object @oval_content
+extends "api/v2/compliance/oval_contents/base"

data/app/views/api/v2/compliance/oval_contents/sync.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+collection @oval_contents
+extends "api/v2/compliance/oval_contents/sync_result"

data/app/views/api/v2/compliance/oval_contents/sync_result.json.rabl ADDED Viewed

@@ -0,0 +1,11 @@
+object @oval_content
+attributes :id, :name
+node(:errors) do |content|
+  content.errors.to_hash
+end
+node(:full_messages) do |content|
+  content.errors.full_messages
+end

data/app/views/api/v2/compliance/oval_contents/update.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object @oval_content
+extends "api/v2/compliance/oval_contents/base"

data/app/views/api/v2/compliance/oval_policies/create.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object @oval_policy
+extends "api/v2/compliance/oval_policies/main"

data/app/views/api/v2/compliance/oval_policies/index.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+collection @oval_policies
+extends "api/v2/compliance/oval_policies/main"

data/app/views/api/v2/compliance/oval_policies/main.json.rabl ADDED Viewed

@@ -0,0 +1,15 @@
+object @oval_policy
+extends "api/v2/compliance/common/org"
+extends "api/v2/compliance/common/loc"
+extends "api/v2/compliance/policies_common/attrs"
+attributes :created_at, :updated_at, :oval_content_id
+child :hosts => :hosts do |host|
+  attributes :id, :name
+end
+child :hostgroups => :hostgroups do |hg|
+  attributes :id, :name
+end

data/app/views/api/v2/compliance/oval_policies/show.json.rabl ADDED Viewed

@@ -0,0 +1,3 @@
+object @oval_policy
+extends "api/v2/compliance/oval_policies/main"

data/app/views/api/v2/compliance/policies/base.json.rabl CHANGED Viewed

@@ -2,6 +2,6 @@ object @policy
 extends "api/v2/compliance/common/org"
 extends "api/v2/compliance/common/loc"
+extends "api/v2/compliance/policies_common/attrs"
-attributes :id, :name, :period, :weekday, :description, :scap_content_id, :scap_content_profile_id, :day_of_month, :cron_line,
-           :tailoring_file_id, :tailoring_file_profile_id, :deploy_by
+attributes :scap_content_id, :scap_content_profile_id, :tailoring_file_id, :tailoring_file_profile_id, :deploy_by

data/app/views/api/v2/compliance/policies_common/_attrs.json.rabl ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ attributes :id, :name, :period, :weekday, :description, :day_of_month, :cron_line
2	+

data/app/views/arf_reports/_output.html.erb CHANGED Viewed

@@ -1,3 +1,11 @@
+<% content_for(:javascripts) do %>
+  <%= webpacked_plugins_js_for :foreman_openscap %>
+<% end %>
+<% content_for(:stylesheets) do %>
+  <%= webpacked_plugins_css_for :foreman_openscap %>
+<% end %>
 <table id='report_log' class="<%= table_css_classes %>">
   <thead>
     <tr>
@@ -16,7 +24,7 @@
           <%= render :partial => 'detailed_message', :locals => { :message => log.message } %>
         </td>
         <td><%= log.source %></td>
-        <td><span <%= severity_tag log.message.severity %>><%= h log.message.severity %></span></td>
+        <td><%= react_component 'RuleSeverity', { :severity => log.message.severity.downcase } %></td>
         <td><%= host_search_by_rule_result_buttons(log.source) %></td>
       </tr>
     <% end %>

data/app/views/arf_reports/show.html.erb CHANGED Viewed

@@ -2,7 +2,7 @@
 <% javascript 'foreman_openscap/reports' %>
 <% stylesheet 'foreman_openscap/reports' %>
-<% title "#{@arf_report.host}" %>
+<% title @arf_report.host.to_s %>
 <%= arf_report_breadcrumbs %>
 <p class='ra'><%= reported_info @arf_report %></p>

data/app/views/arf_reports/show_html.html.erb CHANGED Viewed

@@ -1,5 +1,6 @@
 <%= javascript 'foreman_openscap/load_report'%>
+<% title @arf_report.host.to_s %>
 <%= arf_report_breadcrumbs %>
 <div class="row">

data/app/views/compliance_hosts/show.html.erb CHANGED Viewed

@@ -3,14 +3,7 @@
 <%= breadcrumbs(:resource_url => api_hosts_path,
                 :resource_filter => "is_compliance_host = true",
-                :name_field => 'name',
-                :switchable => true,
-                :items => [
-                  { :caption => _('Compliance Hosts'),
-                    :url => url_for(hosts_path(:search => "is_compliance_host = true")) },
-                  { :caption => ((N_("%s compliance reports by policy") % @host.to_label)),
-                    :url => (host_path(@host) if authorized_for(hash_for_host_path(@host))) }
-                ])
+                :name_field => 'name')
 %>
 <% title n_("%s compliance report by policy", "%s compliance reports by policy" , @host.combined_policies.length) % @host.to_label %>
 <% @host.combined_policies.each do |policy| %>

data/app/views/job_templates/run_oval_scans.erb ADDED Viewed

@@ -0,0 +1,24 @@
+<%#
+name: Run OVAL scans
+job_category: OpenSCAP
+description_format: Run scan for specified OVAL Policies
+feature: foreman_openscap_run_oval_scans
+provider_type: SSH
+snippet: false
+provider_type: SSH
+kind: job_template
+template_inputs:
+- name: oval_policies
+  description: Comma separated OVAL Policy Ids to run
+  input_type: user
+  advanced: true
+-%>
+<% unless input('oval_policies').blank? -%>
+  <% input('oval_policies').split(',').map do |id| -%>
+    /usr/bin/foreman_scap_client oval <%= id %>
+  <% end -%>
+<% else -%>
+  <% @host.oval_policies_enc_raw.map do |policy| -%>
+    /usr/bin/foreman_scap_client oval <%= policy['id'] %>
+  <% end -%>
+<% end -%>

data/app/views/policies/edit.html.erb CHANGED Viewed

@@ -1,4 +1,5 @@
-<% title _("Edit Compliance Policy") %>
-<%= policy_breadcrumbs %>
+<% title _("Edit %s") % @policy.name %>
+<%= breadcrumbs(:resource_url => api_compliance_policies_path,
+                :name_field => 'name') %>
 <%= render :partial => "form" %>

data/app/views/policies/show.html.erb CHANGED Viewed

@@ -1,4 +1,6 @@
-<%= policy_breadcrumbs %>
+<% title _("Details for Compliance Policy %s") % @policy.name %>
+<%= breadcrumbs(:resource_url => api_compliance_policies_path,
+                  :name_field => 'name') %>
 <div class="row">
   <iframe style="min-height: 800px" height="100%" width="100%" frameborder="0" src="<%= parse_policy_path(@policy) %>"></iframe>

data/app/views/policies/steps/_deployment_options_form.html.erb CHANGED Viewed

@@ -3,8 +3,8 @@
   <div class="alert alert-info" id="scap-deployment-options-info-banner">
     <span class="pficon pficon-info"></span>
-    <strong>There are significant differences in deployment options.</strong>
-    Please make sure you understand them by reading our <%= scap_doc_link('#2.3Policydeploymentoptions') %>.
+    <strong><%= _('There are significant differences in deployment options.') %></strong>
+    <%= _('Please make sure you understand them by reading our') %> <%=scap_doc_link('#2.3Policydeploymentoptions') %>.
   </div>
   <%= deploy_by_radios f, @policy %>

data/app/views/scap_contents/edit.html.erb CHANGED Viewed

@@ -1,15 +1,5 @@
-<% title _("Edit SCAP Content") %>
+<% title _("Edit %s") % @scap_content.title %>
 <%= breadcrumbs(:resource_url => api_compliance_scap_contents_path,
-                :name_field => 'title',
-                :items => [
-                  { :caption => _('Scap Contents'),
-                    :url => url_for(scap_contents_path)
-                  },
-                  { :caption => @scap_content.title,
-                    :url => (edit_scap_content_path(@scap_content) if authorized_for(hash_for_edit_scap_content_path(@scap_content)))
-                  }
-                ]
-              ) if @scap_content %>
+                :name_field => 'title') %>
 <%= render :partial => 'form' %>

data/app/views/tailoring_files/edit.html.erb CHANGED Viewed

@@ -1,13 +1,5 @@
-<% title _("Edit Tailoring File") %>
+<% title _("Edit %s") % @tailoring_file.name %>
 <%= breadcrumbs(:resource_url => api_compliance_tailoring_files_path,
-                :items => [
-                  { :caption => _('Tailoring Files'),
-                    :url => url_for(tailoring_files_path)
-                  },
-                  { :caption => @tailoring_file.name,
-                    :url => (edit_tailoring_file_path(@tailoring_file) if authorized_for(hash_for_edit_tailoring_file_path(@tailoring_file)))
-                  }
-                ]
-              ) if @tailoring_file %>
+                :name_field => 'name') %>
 <%= render :partial => 'form' %>

data/config/initializers/inflections.rb ADDED Viewed

@@ -0,0 +1,12 @@
+# Be sure to restart your server when you modify this file.
+# Add new inflection rules using the following format
+# (all these examples are active by default):
+ActiveSupport::Inflector.inflections do |inflect|
+  #   inflect.plural /^(ox)$/i, '\1en'
+  #   inflect.singular /^(ox)en/i, '\1'
+  #   inflect.irregular 'person', 'people'
+  #   inflect.uncountable %w(fish sheep)
+  inflect.singular 'cves', 'cve'
+end

data/config/routes.rb CHANGED Viewed

@@ -1,4 +1,7 @@
 Rails.application.routes.draw do
+  match '/experimental/compliance' => 'react#index', :via => [:get]
+  match '/experimental/compliance/*page' => 'react#index', :via => [:get]
   scope '/compliance' do
     resources :arf_reports, :only => %i[index show destroy] do
       member do
@@ -87,8 +90,24 @@ Rails.application.routes.draw do
             get 'download_html'
           end
         end
         post 'arf_reports/:cname/:policy_id/:date', \
              :constraints => { :cname => /[^\/]+/ }, :to => 'arf_reports#create'
+        resources :oval_contents, :except => %i[new edit] do
+          collection do
+            post 'sync'
+          end
+        end
+        resources :oval_policies, :except => %i[new edit] do
+          member do
+            post 'assign_hostgroups'
+            post 'assign_hosts'
+            get 'oval_content'
+          end
+        end
+        post 'oval_reports/:cname/:oval_policy_id/:date', :constraints => { :cname => /[^\/]+/ }, :to => 'oval_reports#create'
       end
     end
   end

data/db/migrate/20201019074925_create_oval_policy.rb ADDED Viewed

@@ -0,0 +1,13 @@
+class CreateOvalPolicy < ActiveRecord::Migration[6.0]
+  def change
+    create_table :foreman_openscap_oval_policies do |t|
+      t.string :name, unique: true
+      t.string :description
+      t.string :period
+      t.string :weekday
+      t.integer :day_of_month
+      t.string :cron_line
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20201020113801_create_oval_facet.rb ADDED Viewed

@@ -0,0 +1,14 @@
+class CreateOvalFacet < ActiveRecord::Migration[6.0]
+  def change
+    create_table :foreman_openscap_oval_facets do |t|
+      t.references 'host', :null => false
+    end
+    add_index :foreman_openscap_oval_facets, [:host_id], :unique => true, :name => :foreman_openscap_oval_facets_host_id
+    create_table :foreman_openscap_oval_facet_oval_policies do |t|
+      t.references 'oval_policy', :null => false, :index => { :name => 'index_oval_facet_oval_policies_on_oval_policy_id'}
+      t.references 'oval_facet', :null => false, :index => { :name => 'index_oval_facet_oval_policies_on_oval_facet_id'}
+    end
+  end
+end

data/db/migrate/20201021084109_create_hostgroup_oval_facet.rb ADDED Viewed

@@ -0,0 +1,14 @@
+class CreateHostgroupOvalFacet < ActiveRecord::Migration[6.0]
+  def change
+    create_table :foreman_openscap_hostgroup_oval_facets do |t|
+      t.references 'hostgroup', :null => false
+    end
+    add_index :foreman_openscap_hostgroup_oval_facets, [:hostgroup_id], :unique => true, :name => :foreman_openscap_hostgroup_oval_facets_hostgroup_id
+    create_table :foreman_openscap_hostgroup_oval_facet_oval_policies do |t|
+      t.references 'oval_policy', :null => false, :index => { :name => 'index_hg_oval_facet_oval_policies_on_oval_policy_id'}
+      t.references 'oval_facet', :null => false, :index => { :name => 'index_hg_oval_facet_oval_policies_on_hg_oval_facet_id'}
+    end
+  end
+end

data/db/migrate/20201106080924_create_oval_content.rb ADDED Viewed

@@ -0,0 +1,12 @@
+class CreateOvalContent < ActiveRecord::Migration[6.0]
+  def change
+    create_table :foreman_openscap_oval_contents do |t|
+      t.string :name, null: false
+      t.string :digest
+      t.string :original_filename
+      t.binary :scap_file
+    end
+    add_index :foreman_openscap_oval_contents, :name, :unique => true
+  end
+end

data/db/migrate/20201116110256_add_oval_content_to_oval_policy.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddOvalContentToOvalPolicy < ActiveRecord::Migration[6.0]
+  def change
+    add_column :foreman_openscap_oval_policies, :oval_content_id, :integer, :references => :oval_content
+  end
+end

data/db/migrate/20201120080329_create_cves.rb ADDED Viewed

@@ -0,0 +1,13 @@
+class CreateCves < ActiveRecord::Migration[6.0]
+  def change
+    create_table :foreman_openscap_cves do |t|
+      t.string :ref_id, :null => false, :unique => true
+      t.string :ref_url, :null => false, :unique => true
+    end
+    create_table :foreman_openscap_host_cves do |t|
+      t.references :host, :null => false
+      t.references :cve, :null => false
+    end
+  end
+end

data/db/migrate/20201217130800_add_has_errata_to_cve.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class AddHasErrataToCve < ActiveRecord::Migration[6.0]
+  def change
+    add_column :foreman_openscap_cves, :has_errata, :boolean
+    add_column :foreman_openscap_cves, :definition_id, :string, :null => false
+    change_column :foreman_openscap_cves, :ref_id, :string, :null => false
+    change_column :foreman_openscap_cves, :ref_url, :string, :null => false
+  end
+end

data/db/migrate/20201217161511_add_url_to_oval_content.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddUrlToOvalContent < ActiveRecord::Migration[6.0]
+  def change
+    add_column :foreman_openscap_oval_contents, :url, :string
+  end
+end

data/db/migrate/20210409095625_add_oval_policy_reference_to_cve.rb ADDED Viewed

@@ -0,0 +1,7 @@
+class AddOvalPolicyReferenceToCve < ActiveRecord::Migration[6.0]
+  def change
+    add_column :foreman_openscap_host_cves, :oval_policy_id, :integer, :references => :oval_policy
+    add_index :foreman_openscap_host_cves, [:host_id, :oval_policy_id, :cve_id], :unique => true, :name => :index_oval_policy_host_cve_id_on_host_cve
+  end
+end

data/db/seeds.d/75-job_templates.rb CHANGED Viewed

@@ -11,8 +11,9 @@ if ForemanOpenscap.with_remote_execution?
         else
           template = JobTemplate.import!(File.read(template), :default => true, :lock => true, :update => sync)
         end
-        template.organizations = organizations if SETTINGS[:organizations_enabled] && template.present?
-        template.locations = locations if SETTINGS[:locations_enabled] && template.present?
+        next unless template.present?
+        template.organizations = organizations
+        template.locations = locations
       end
     end
   end

data/lib/foreman_openscap/bulk_upload.rb CHANGED Viewed

@@ -49,8 +49,8 @@ module ForemanOpenscap
         next if scap_content.persisted?
         scap_content.scap_file = file
         scap_content.original_filename = filename
-        scap_content.location_ids = Location.all.map(&:id)
-        scap_content.organization_ids = Organization.all.map(&:id)
+        scap_content.location_ids = Location.all.pluck(:id)
+        scap_content.organization_ids = Organization.all.pluck(:id)
         if scap_content.save
           @result.results.push(scap_content)

data/lib/foreman_openscap/engine.rb CHANGED Viewed

@@ -9,6 +9,7 @@ module ForemanOpenscap
     config.autoload_paths += Dir["#{config.root}/app/helpers/concerns"]
     config.autoload_paths += Dir["#{config.root}/app/models/concerns"]
     config.autoload_paths += Dir["#{config.root}/app/models"]
+    config.autoload_paths += Dir["#{config.root}/app/graphql"]
     config.autoload_paths += Dir["#{config.root}/app/lib"]
     config.autoload_paths += Dir["#{config.root}/app/services"]
     config.autoload_paths += Dir["#{config.root}/lib"]
@@ -41,8 +42,8 @@ module ForemanOpenscap
       Apipie.configuration.checksum_path += ['/compliance/']
     end
-    initializer 'foreman_openscap.filter_report_body' do |app|
-      app.config.filter_parameters << :logs if app.config.filter_parameters
+    initializer 'foreman_openscap.filter_large_params' do |app|
+      app.config.filter_parameters += %i[logs scap_file oval_results] if app.config.filter_parameters
     end
     initializer 'foreman_openscap.register_plugin', :before => :finisher_hook do |app|
@@ -52,6 +53,7 @@ module ForemanOpenscap
         apipie_documented_controllers ["#{ForemanOpenscap::Engine.root}/app/controllers/api/v2/compliance/*.rb"]
         register_custom_status ForemanOpenscap::ComplianceStatus
+        register_custom_status ForemanOpenscap::OvalStatus
         # Add permissions
         security_block :foreman_openscap do
@@ -120,6 +122,24 @@ module ForemanOpenscap
                      :resource_type => 'ForemanOpenscap::TailoringFile'
           permission :view_openscap_proxies, { :openscap_proxies => [:openscap_spool] },
                      :resource_type => 'SmartProxy'
+          permission :view_oval_contents, { 'api/v2/compliance/oval_contents' => %i[index show] },
+                     :resource_type => 'ForemanOpenscap::OvalContent'
+          permission :edit_oval_contents, { 'api/v2/compliance/oval_contents' => %i[update sync] },
+                     :resource_type => 'ForemanOpenscap::OvalContent'
+          permission :create_oval_contents, { 'api/v2/compliance/oval_contents' => %i[create] },
+                     :resource_type => 'ForemanOpenscap::OvalContent'
+          permission :destroy_oval_contents, { 'api/v2/compliance/oval_contents' => %i[destroy] },
+                     :resource_type => 'ForemanOpenscap::OvalContent'
+          permission :view_oval_policies, { 'api/v2/compliance/oval_policies' => %i[index show oval_content] },
+                     :resource_type => 'ForemanOpenscap::OvalPolicy'
+          permission :edit_oval_policies, { 'api/v2/compliance/oval_policies' => %i[update assign_hosts assign_hostgroups] },
+                     :resource_type => 'ForemanOpenscap::OvalPolicy'
+          permission :create_oval_policies, { 'api/v2/compliance/oval_policies' => %i[create] },
+                     :resource_type => 'ForemanOpenscap::OvalPolicy'
+          permission :destroy_oval_policies, { 'api/v2/compliance/oval_policies' => %i[destroy] },
+                     :resource_type => 'ForemanOpenscap::OvalPolicy'
+          permission :create_oval_policies, { 'api/v2/compliance/oval_reports' => %i[create] },
+                     :resource_type => 'ForemanOpenscap::Cve'
         end
         role "Compliance viewer", %i[view_arf_reports view_policies view_scap_contents view_tailoring_files view_openscap_proxies],
@@ -148,7 +168,15 @@ module ForemanOpenscap
         menu :top_menu, :compliance_files, :caption => N_('Tailoring Files'),
                                            :url_hash => { :controller => :tailoring_files, :action => :index },
                                            :parent => :hosts_menu
+        menu :labs_menu, :oval_contents, :caption => N_('OVAL Contents'),
+                                         :url_hash => { :controller => 'react', :action => 'index' },
+                                         :url => '/experimental/compliance/oval_contents',
+                                         :parent => :lab_features_menu
+        menu :labs_menu, :oval_policies, :caption => N_('OVAL Policies'),
+                                         :url_hash => { :controller => 'react', :action => 'index' },
+                                         :url => '/experimental/compliance/oval_policies',
+                                         :parent => :lab_features_menu
         # add dashboard widget
         widget 'compliance_host_reports_widget',
                :name => N_('Latest Compliance Reports'), :sizex => 6, :sizey => 1
@@ -169,7 +197,7 @@ module ForemanOpenscap
         proxy_description = N_('OpenSCAP Proxy to use for fetching SCAP content and uploading ARF reports. Leave blank and override appropriate parameters when using proxy load balancer.')
-        smart_proxy_for Hostgroup, :openscap_proxy,
+        smart_proxy_for ::Hostgroup, :openscap_proxy,
                         :feature => 'Openscap',
                         :label => N_('OpenSCAP Proxy'),
                         :description => proxy_description,
@@ -188,6 +216,30 @@ module ForemanOpenscap
           base_scope.preload(:policies)
         end
+        register_global_js_file 'global'
+        register_graphql_query_field :oval_contents, '::Types::OvalContent', :collection_field
+        register_graphql_query_field :oval_policies, '::Types::OvalPolicy', :collection_field
+        register_graphql_query_field :oval_policy, '::Types::OvalPolicy', :record_field
+        register_graphql_query_field :cves, '::Types::Cve', :collection_field
+        # move to core
+        extend_graphql_type type: ::Types::Hostgroup do
+          field :descendants, Types::Hostgroup.connection_type, null: true, resolve: (proc do |object|
+            RecordLoader.for(model_class).load_many(object.descendant_ids)
+          end)
+        end
+        register_facet ForemanOpenscap::Host::OvalFacet, :oval_facet do
+          configure_host do
+            extend_model ForemanOpenscap::OvalFacetHostExtensions
+          end
+          configure_hostgroup(ForemanOpenscap::Hostgroup::OvalFacet) do
+            extend_model ForemanOpenscap::OvalFacetHostgroupExtensions
+          end
+        end
         describe_host do
           multiple_actions_provider :compliance_host_multiple_actions
           overview_buttons_provider :compliance_host_overview_button
@@ -204,13 +256,13 @@ module ForemanOpenscap
     # Include concerns in this config.to_prepare block
     config.to_prepare do
       ::Api::V2::HostsController.send(:include, ForemanOpenscap::Api::V2::HostsControllerExtensions)
-      Host::Managed.send(:include, ForemanOpenscap::OpenscapProxyExtensions)
-      Host::Managed.send(:include, ForemanOpenscap::OpenscapProxyCoreExtensions)
-      Host::Managed.send(:prepend, ForemanOpenscap::HostExtensions)
+      ::Host::Managed.send(:include, ForemanOpenscap::OpenscapProxyExtensions)
+      ::Host::Managed.send(:include, ForemanOpenscap::OpenscapProxyCoreExtensions)
+      ::Host::Managed.send(:prepend, ForemanOpenscap::HostExtensions)
       HostsHelper.send(:prepend, ForemanOpenscap::HostsHelperExtensions)
-      Hostgroup.send(:include, ForemanOpenscap::OpenscapProxyExtensions)
-      Hostgroup.send(:include, ForemanOpenscap::OpenscapProxyCoreExtensions)
-      Hostgroup.send(:include, ForemanOpenscap::HostgroupExtensions)
+      ::Hostgroup.send(:include, ForemanOpenscap::OpenscapProxyExtensions)
+      ::Hostgroup.send(:include, ForemanOpenscap::OpenscapProxyCoreExtensions)
+      ::Hostgroup.send(:include, ForemanOpenscap::HostgroupExtensions)
       SmartProxy.send(:include, ForemanOpenscap::SmartProxyExtensions)
       HostsController.send(:prepend, ForemanOpenscap::HostsControllerExtensions)
       HostsController.send(:include, ForemanOpenscap::HostsAndHostgroupsControllerExtensions)
@@ -225,11 +277,17 @@ module ForemanOpenscap
           :provided_inputs => "policies"
         }
+        oval_options = {
+          :description => N_("Run OVAL scan")
+        }
         if Gem::Version.new(ForemanRemoteExecution::VERSION) >= Gem::Version.new('1.2.3')
           options[:host_action_button] = true
+          oval_options[:host_action_button] = Setting[:lab_features]
         end
         RemoteExecutionFeature.register(:foreman_openscap_run_scans, N_("Run OpenSCAP scan"), options)
+        RemoteExecutionFeature.register(:foreman_openscap_run_oval_scans, N_("Run OVAL scan"), oval_options)
       end
     end