foreman_openscap 0.7.1 → 0.7.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d990a16bea1dc5c0a6f4842fb3f61df880f744fb
-  data.tar.gz: 1cc01508d9d31b40a171f809f4f6efa8ebd6485a
+  metadata.gz: 9ab167c73f11d1deec80d98b87c0c75a5c2df119
+  data.tar.gz: 2904ab063872e0ba90daca541917ebbde98d0927
 SHA512:
-  metadata.gz: e33ad9f4607d3b235e0be752bf6a49594221a2ed8ac4e3c6a67f59b71df5712ad041c8e09ba4718d56301d4d9c21a2e9898c92168f1feb25e6180d630e11121a
-  data.tar.gz: 2d58fcf86df24c30fdb767ad866a2e9ceb2b1e92a7ab8c97efcb793132f7a0371e2ffbce4d5ac1420665204abc1bc194702d4bb757338da4138669099a280a20
+  metadata.gz: ff2cdd7e0bedaabf6d5d5f76981afdf07019a8eee6faddd68b9ef88f349c4eef41b02994d04a4fd32894135dca037cedadcb24d5091a28407bdc3e2cc61f057d
+  data.tar.gz: 1661d0a384c8c66285cb2a4385aa47aeaccfdc4e4b8527a0eaca9cbb867fae5310e14b6d84f8dc1f687f7a55b37f30c0a861f6395bb309f7ade56960e3e9ba5b

data/app/controllers/api/v2/compliance/arf_reports_controller.rb

@@ -19,7 +19,7 @@ module Api
         end
 
         def get_resource(message = 'no resource loaded')
-          instance_variable_get :"@arf_report" or fail message
+          instance_variable_get :"@arf_report" or raise message
         end
 
         api :GET, '/compliance/arf_reports', N_('List ARF reports')

data/app/controllers/api/v2/compliance/policies_controller.rb

@@ -4,7 +4,7 @@ module Api::V2
       include Foreman::Controller::SmartProxyAuth
       include Foreman::Controller::Parameters::PolicyApi
 
-      add_smart_proxy_filters [:content, :tailoring], :features => 'Openscap'
+      add_smart_proxy_filters %i(content tailoring), :features => 'Openscap'
 
       before_filter :find_resource, :except => %w(index create)
 
@@ -15,7 +15,7 @@ module Api::V2
       end
 
       def get_resource(message = 'no resource loaded')
-        instance_variable_get :"@policy" or fail message
+        instance_variable_get :"@policy" or raise message
       end
 
       def policy_url(policy = nil)

data/app/controllers/api/v2/compliance/scap_contents_controller.rb

@@ -9,7 +9,7 @@ module Api::V2
       end
 
       def get_resource(message = 'no resource loaded')
-        instance_variable_get :"@scap_content" or fail message
+        instance_variable_get :"@scap_content" or raise message
       end
 
       api :GET, '/compliance/scap_contents', N_('List SCAP contents')

data/app/controllers/api/v2/compliance/tailoring_files_controller.rb

@@ -10,7 +10,7 @@ module Api::V2
       end
 
       def get_resource(message = 'no resource loaded')
-        instance_variable_get :"@tailoring_file" or fail message
+        instance_variable_get :"@tailoring_file" or raise message
       end
 
       api :GET, '/compliance/tailoring_files', N_('List Tailoring files')

data/app/controllers/arf_reports_controller.rb

@@ -2,17 +2,17 @@ class ArfReportsController < ApplicationController
   include Foreman::Controller::AutoCompleteSearch
   include ForemanOpenscap::ArfReportsControllerCommonExtensions
 
-  before_filter :find_arf_report, :only => [:show, :show_html, :destroy, :parse_html, :parse_bzip, :download_html]
-  before_filter :find_multiple, :only => [:delete_multiple, :submit_delete_multiple]
+  before_filter :find_arf_report, :only => %i(show show_html destroy parse_html parse_bzip download_html)
+  before_filter :find_multiple, :only => %i(delete_multiple submit_delete_multiple)
 
   def model_of_controller
     ::ForemanOpenscap::ArfReport
   end
 
   def index
-    @arf_reports = resource_base.includes(:host => [:policies, :last_report_object, :host_statuses])
-      .search_for(params[:search], :order => params[:order])
-      .paginate(:page => params[:page], :per_page => params[:per_page])
+    @arf_reports = resource_base.includes(:host => %i(policies last_report_object host_statuses))
+                                .search_for(params[:search], :order => params[:order])
+                                .paginate(:page => params[:page], :per_page => params[:per_page])
   end
 
   def show
@@ -34,7 +34,7 @@ class ArfReportsController < ApplicationController
       response = @arf_report.to_bzip
       send_data response, :filename => "#{format_filename}.xml.bz2", :type => 'application/octet-stream', :disposition => 'attachement'
     rescue => e
-      process_error(:error_msg => (_("Failed to downloaded ARF report as bzip: %s") % (e.message)),
+      process_error(:error_msg => (_("Failed to downloaded ARF report as bzip: %s") % e.message),
                     :error_redirect => arf_report_path(@arf_report.id))
     end
   end
@@ -52,7 +52,7 @@ class ArfReportsController < ApplicationController
 
   def destroy
     if @arf_report.destroy
-      process_success(:success_msg => (_("Successfully deleted ARF report.")), :success_redirect => arf_reports_path)
+      process_success(:success_msg => _("Successfully deleted ARF report."), :success_redirect => arf_reports_path)
     else
       process_error(:error_msg => _("Failed to delete ARF Report for host %{host_name} reported at %{reported_at}") % {:host_name => @arf_report.host.name, :reported_at => @arf_report.reported_at})
     end
@@ -75,7 +75,7 @@ class ArfReportsController < ApplicationController
   private
 
   def find_arf_report
-    @arf_report = resource_base.includes(:logs => [:message, :source]).find(params[:id])
+    @arf_report = resource_base.includes(:logs => %i(message source)).find(params[:id])
   end
 
   def find_multiple
@@ -91,7 +91,7 @@ class ArfReportsController < ApplicationController
     end
     return @arf_reports
   rescue => e
-    error _("Something went wrong while selecting compliance reports - %s") % (e)
+    error _("Something went wrong while selecting compliance reports - %s") % e
     logger.debug e.message
     logger.debug e.backtrace.join("\n")
     redirect_to arf_reports_path and return false

data/app/controllers/concerns/foreman/controller/parameters/policy.rb

@@ -5,7 +5,7 @@ module Foreman::Controller::Parameters::Policy
   class_methods do
     def policy_params_filter
       Foreman::ParameterFilter.new(::ForemanOpenscap::Policy).tap do |filter|
-        filter.permit([:current_step, :wizard_initiated] + filter_params_list)
+        filter.permit(%i(current_step wizard_initiated) + filter_params_list)
       end
     end
   end

data/app/controllers/openscap_proxies_controller.rb

@@ -22,10 +22,10 @@ class OpenscapProxiesController < ApplicationController
   end
 
   def find_spool_error
-    @smart_proxy.statuses[:logs].
-      logs.
-      log_entries.
-      reverse.
-      find { |entry| entry["level"] == "ERROR" && entry["message"].start_with?("Failed to parse Arf Report") }
+    @smart_proxy.statuses[:logs]
+                .logs
+                .log_entries
+                .reverse
+                .find { |entry| entry["level"] == "ERROR" && entry["message"].start_with?("Failed to parse Arf Report") }
   end
 end

data/app/controllers/policies_controller.rb

@@ -2,8 +2,8 @@ class PoliciesController < ApplicationController
   include Foreman::Controller::AutoCompleteSearch
   include Foreman::Controller::Parameters::Policy
 
-  before_filter :find_by_id, :only => [:show, :edit, :update, :parse, :destroy]
-  before_filter :find_multiple, :only => [:select_multiple_hosts, :update_multiple_hosts, :disassociate_multiple_hosts, :remove_policy_from_multiple_hosts]
+  before_filter :find_by_id, :only => %i(show edit update parse destroy)
+  before_filter :find_multiple, :only => %i(select_multiple_hosts update_multiple_hosts disassociate_multiple_hosts remove_policy_from_multiple_hosts)
   before_filter :find_tailoring_file, :only => [:tailoring_file_selected]
 
   def model_of_controller
@@ -11,9 +11,9 @@ class PoliciesController < ApplicationController
   end
 
   def index
-    @policies = resource_base.search_for(params[:search], :order => params[:order]).
-                paginate(:page => params[:page], :per_page => params[:per_page]).
-                includes(:scap_content, :scap_content_profile, :tailoring_file)
+    @policies = resource_base.search_for(params[:search], :order => params[:order])
+                             .paginate(:page => params[:page], :per_page => params[:per_page])
+                             .includes(:scap_content, :scap_content_profile, :tailoring_file)
     if @policies.empty? && ForemanOpenscap::ScapContent.unconfigured?
       redirect_to scap_contents_path
     end
@@ -34,13 +34,11 @@ class PoliciesController < ApplicationController
     @policy = ::ForemanOpenscap::Policy.new(policy_params)
     if @policy.wizard_completed? && @policy.save
       process_success :success_redirect => policies_path
+    elsif @policy.valid?
+      render 'new' and return
     else
-      if @policy.valid?
-        render 'new' and return
-      else
-        @policy.rewind_step
-        process_error :object => @policy
-      end
+      @policy.rewind_step
+      process_error :object => @policy
     end
   end
 
@@ -75,13 +73,14 @@ class PoliciesController < ApplicationController
     render :partial => 'tailoring_file_selected', :locals => { :policy => @policy, :tailoring_file => @tailoring_file }
   end
 
-  def select_multiple_hosts; end
+  def select_multiple_hosts
+  end
 
   def update_multiple_hosts
     if (id = params['policy']['id'])
       policy = ::ForemanOpenscap::Policy.find(id)
       policy.assign_hosts(@hosts)
-      notice _("Updated hosts: Assigned with compliance policy: %s")  % policy.name
+      notice _("Updated hosts: Assigned with compliance policy: %s") % policy.name
       # We prefer to go back as this does not lose the current search
       redirect_to hosts_path
     else
@@ -90,18 +89,18 @@ class PoliciesController < ApplicationController
     end
   end
 
-  def disassociate_multiple_hosts; end
+  def disassociate_multiple_hosts
+  end
 
   def remove_policy_from_multiple_hosts
     if (id = params.fetch(:policy, {})[:id])
       policy = ::ForemanOpenscap::Policy.find(id)
       policy.unassign_hosts(@hosts)
       notice _("Updated hosts: Unassigned from compliance policy '%s'") % policy.name
-      redirect_to hosts_path
     else
       error _('No valid policy ID provided')
-      redirect_to hosts_path
     end
+    redirect_to hosts_path
   end
 
   private
@@ -127,7 +126,7 @@ class PoliciesController < ApplicationController
     end
     return @hosts
   rescue => e
-    error _("Something went wrong while selecting hosts - %s") % (e)
+    error _("Something went wrong while selecting hosts - %s") % e
     logger.debug e.message
     logger.debug e.backtrace.join("\n")
     redirect_to hosts_path and return false

data/app/controllers/policy_dashboard_controller.rb

@@ -1,7 +1,8 @@
 class PolicyDashboardController < ApplicationController
   before_filter :prefetch_data, :only => :index
 
-  def index; end
+  def index
+  end
 
   def prefetch_data
     @policy = ::ForemanOpenscap::Policy.find(params[:id])

data/app/controllers/scap_contents_controller.rb

@@ -2,8 +2,8 @@ class ScapContentsController < ApplicationController
   include Foreman::Controller::AutoCompleteSearch
   include Foreman::Controller::Parameters::ScapContent
 
-  before_filter :handle_file_upload, :only => [:create, :update]
-  before_filter :find_by_id, :only => [:show, :edit, :update, :destroy]
+  before_filter :handle_file_upload, :only => %i(create update)
+  before_filter :find_by_id, :only => %i(show edit update destroy)
 
   def model_of_controller
     ::ForemanOpenscap::ScapContent

data/app/controllers/tailoring_files_controller.rb

@@ -2,16 +2,16 @@ class TailoringFilesController < ApplicationController
   include Foreman::Controller::AutoCompleteSearch
   include Foreman::Controller::Parameters::TailoringFile
 
-  before_filter :find_tailoring_file, :only => [:destroy, :update, :edit, :xml]
-  before_filter :handle_file_upload, :only => [:create, :update]
+  before_filter :find_tailoring_file, :only => %i(destroy update edit xml)
+  before_filter :handle_file_upload, :only => %i(create update)
 
   def model_of_controller
     ::ForemanOpenscap::TailoringFile
   end
 
   def index
-    @tailoring_files = resource_base.search_for(params[:search], :order => params[:order]).
-                       paginate(:page => params[:page], :per_page => params[:per_page])
+    @tailoring_files = resource_base.search_for(params[:search], :order => params[:order])
+                                    .paginate(:page => params[:page], :per_page => params[:per_page])
   end
 
   def new

data/app/helpers/arf_report_dashboard_helper.rb

@@ -3,14 +3,13 @@ module ArfReportDashboardHelper
     :passed => '#89A54E',
     :failed => '#AA4643',
     :othered => '#DB843D',
-  }
+  }.freeze
 
   def reports_breakdown_chart(report, options = {})
     data = []
     [[:failed, _('Failed')],
      [:passed, _('Passed')],
-     [:othered, _('Othered')],
-    ].each do |i|
+     [:othered, _('Othered')],].each do |i|
       data << {:label => i[1], :data => report[i[0]], :color => COLORS[i[0]]}
     end
     flot_pie_chart 'overview', _('Compliance reports breakdown'), data, options

data/app/helpers/arf_reports_helper.rb

@@ -5,7 +5,7 @@ module ArfReportsHelper
   end
 
   def show_logs
-    return unless @arf_report.logs.size > 0
+    return if @arf_report.logs.empty?
     form_tag arf_report_path(@arf_report), :id => 'level_filter', :method => :get, :class => "form form-horizontal" do
       content_tag(:span, _("Show log messages:") + ' ') +
       select(nil, 'level', [[_('All messages'), 'info'],[_('Failed and Othered'), 'warning'],[_('Failed only'), 'error']],

data/app/helpers/compliance_hosts_helper.rb

@@ -4,8 +4,7 @@ module ComplianceHostsHelper
     data = []
     [[:passed, _('Passed')],
      [:failed, _('Failed')],
-     [:othered, _('Other')],
-    ].each do |i|
+     [:othered, _('Other')],].each do |i|
       data << {:label => i[1], :data => report[i[0]], :color => ArfReportDashboardHelper::COLORS[i[0]]}
     end
     flot_pie_chart 'overview', _('Compliance reports breakdown'), data, options

data/app/helpers/policies_helper.rb

@@ -1,7 +1,7 @@
 module PoliciesHelper
   def profiles_selection
-    return @scap_content.scap_content_profiles unless @scap_content.blank?
-    return @policy.scap_content.scap_content_profiles unless @policy.scap_content.blank?
+    return @scap_content.scap_content_profiles if @scap_content.present?
+    return @policy.scap_content.scap_content_profiles if @policy.scap_content.present?
     return []
   end
 
@@ -72,7 +72,7 @@ module PoliciesHelper
       content_tag(:div, :class => "form-actions") do
         text    = overwrite ? overwrite : _("Submit")
         options = {:class => "btn btn-primary"}
-        options.merge! :'data-id' => form_to_submit_id(form) unless options.key?(:'data-id')
+        options[:'data-id'] = form_to_submit_id(form) unless options.key?(:'data-id')
         previous = form.object.first_step? ? ' ' : previous_link(form)
         cancel_and_submit = content_tag(:div, :class => "pull-right") do
           link_to(_("Cancel"), args[:cancel_path], :class => "btn btn-default") + ' ' +
@@ -90,7 +90,7 @@ module PoliciesHelper
   def previous_link(form)
     previous = content_tag(:span, :class => 'glyphicon glyphicon-chevron-left') {}
     content_tag(:div, :class => 'pull-left') do
-      link_to((previous).html_safe, '#', :class => 'btn btn-default', :onclick => "previous_step('#{@policy.previous_step}')")
+      link_to(previous.html_safe, '#', :class => 'btn btn-default', :onclick => "previous_step('#{@policy.previous_step}')")
     end
   end
 

data/app/helpers/policy_dashboard_helper.rb

@@ -4,15 +4,14 @@ module PolicyDashboardHelper
     :incompliant_hosts => ArfReportDashboardHelper::COLORS[:failed],
     :inconclusive_hosts => ArfReportDashboardHelper::COLORS[:othered],
     :report_missing => '#92A8CD',
-  }
+  }.freeze
 
   def host_breakdown_chart(report, options = {})
     data = []
     [[:compliant_hosts, _('Compliant hosts')],
      [:incompliant_hosts, _('Incompliant hosts')],
      [:inconclusive_hosts, _('Inconclusive')],
-     [:report_missing, _('Not audited')],
-    ].each do |i|
+     [:report_missing, _('Not audited')],].each do |i|
       data << {:label => i[1], :data => report[i[0]], :color => COLORS[i[0]]}
     end
     flot_pie_chart 'overview', _('Compliance Status'), data, options

data/app/lib/proxy_api/available_proxy.rb

@@ -9,7 +9,7 @@ module ::ProxyAPI
       Net::HTTPHeaderSyntaxError,
       Net::ProtocolError,
       Timeout::Error
-    ]
+    ].freeze
 
     def initialize(args)
       @args = args
@@ -17,7 +17,7 @@ module ::ProxyAPI
 
     def available?
       begin
-        return true if (has_scap_feature? && minimum_version)
+        return true if has_scap_feature? && minimum_version
       rescue *HTTP_ERRORS
         return false
       end

data/app/lib/proxy_api/openscap.rb

@@ -3,7 +3,7 @@ module ::ProxyAPI
     def initialize(args)
       @url = args[:url] + '/compliance/'
       super args
-      @connect_params[:headers].merge!(:content_type => :xml)
+      @connect_params[:headers][:content_type] = :xml
       @connect_params[:timeout] = timeout
     end
 

data/app/mailers/foreman_openscap/policy_mailer.rb

@@ -32,7 +32,7 @@ module ForemanOpenscap
       @changed_hosts = []
       hash.each do |key, values|
         values.each do |host|
-          @changed_hosts << host if host.scap_status_changed?(::ForemanOpenscap::Policy.find key)
+          @changed_hosts << host if host.scap_status_changed?(::ForemanOpenscap::Policy.find(key))
         end
       end
       @changed_hosts.uniq

data/app/models/concerns/foreman_openscap/compliance_status_scoped_search.rb

@@ -4,7 +4,8 @@ module ForemanOpenscap
 
     module ClassMethods
       def compliance_status_scoped_search(status, options = {})
-        options.merge!(:offset => ArfReport::METRIC.index(status.to_s), :word_size => ArfReport::BIT_NUM)
+        options[:offset] = ArfReport::METRIC.index(status.to_s)
+        options[:word_size] = ArfReport::BIT_NUM
         scoped_search options
       end
 
@@ -12,9 +13,8 @@ module ForemanOpenscap
         cond = sanitize_policy_name(policy_name)
         { :conditions => ArfReport.arel_table[:id].in(
           PolicyArfReport.select(PolicyArfReport.arel_table[:arf_report_id])
-            .of_policy(Policy.find_by_name(cond).id).ast
-        ).to_sql
-        }
+            .of_policy(Policy.find_by(name: cond).id).ast
+        ).to_sql}
       end
 
       def search_by_comply_with(_key, _operator, policy_name)
@@ -33,9 +33,8 @@ module ForemanOpenscap
         cond = sanitize_policy_name(policy_name)
         { :conditions => ArfReport.arel_table[:id].in(
           ArfReport.select(ArfReport.arel_table[:id])
-              .latest_of_policy(Policy.find_by_name cond).instance_eval(&selection).ast
-        ).to_sql
-        }
+              .latest_of_policy(Policy.find_by(name: cond)).instance_eval(&selection).ast
+        ).to_sql}
       end
 
       def search_by_last_for(key, operator, by)
@@ -56,7 +55,7 @@ module ForemanOpenscap
                            ) latest
                 ON foreman_openscap_policies.id = latest.policy_id)' }
         else
-          fail "Cannot search last by #{by}"
+          raise "Cannot search last by #{by}"
         end
       end
 

data/app/models/concerns/foreman_openscap/host_extensions.rb

@@ -23,27 +23,23 @@ module ForemanOpenscap
       after_update :puppetrun!, :if => ->(host) { Setting[:puppetrun] && host.changed.include?('openscap_proxy_id') }
 
       scope :comply_with, lambda { |policy|
-        joins(:arf_reports).merge(ArfReport.latest_of_policy policy).merge(ArfReport.passed)
+        joins(:arf_reports).merge(ArfReport.latest_of_policy(policy)).merge(ArfReport.passed)
       }
 
       scope :incomply_with, lambda { |policy|
-        joins(:arf_reports).merge(ArfReport.latest_of_policy policy).merge(ArfReport.failed)
+        joins(:arf_reports).merge(ArfReport.latest_of_policy(policy)).merge(ArfReport.failed)
       }
 
       scope :inconclusive_with, lambda { |policy|
-        joins(:arf_reports).merge(ArfReport.latest_of_policy policy).merge(ArfReport.othered)
+        joins(:arf_reports).merge(ArfReport.latest_of_policy(policy)).merge(ArfReport.othered)
       }
 
       scope :policy_reports_missing, lambda { |policy|
-        where("id NOT IN (SELECT host_id
-                          FROM reports INNER JOIN foreman_openscap_policy_arf_reports
-                              ON reports.id = foreman_openscap_policy_arf_reports.arf_report_id
-                          WHERE policy_id = #{policy.id})
-              AND id IN (SELECT assetable_id
-                         FROM foreman_openscap_asset_policies INNER JOIN foreman_openscap_assets
-                              ON foreman_openscap_asset_policies.asset_id = foreman_openscap_assets.id
-                         WHERE foreman_openscap_assets.assetable_type = 'Host::Base'
-                               AND foreman_openscap_asset_policies.policy_id = '#{policy.id}')")
+        search_for("compliance_report_missing_for = \"#{policy.name}\"")
+      }
+
+      scope :assigned_to_policy, lambda { |policy|
+        search_for("compliance_policy = \"#{policy.name}\"")
       }
 
       alias_method_chain :inherited_attributes, :openscap
@@ -86,10 +82,10 @@ module ForemanOpenscap
     def reports_for_policy(policy, limit = nil)
       if limit
         ForemanOpenscap::ArfReport.joins(:policy_arf_report)
-          .merge(ForemanOpenscap::PolicyArfReport.of_policy policy.id).where(:host_id => id).limit limit
+                                  .merge(ForemanOpenscap::PolicyArfReport.of_policy(policy.id)).where(:host_id => id).limit limit
       else
         ForemanOpenscap::ArfReport.joins(:policy_arf_report)
-          .merge(ForemanOpenscap::PolicyArfReport.of_policy policy.id).where(:host_id => id)
+                                  .merge(ForemanOpenscap::PolicyArfReport.of_policy(policy.id)).where(:host_id => id)
       end
     end
 
@@ -104,21 +100,44 @@ module ForemanOpenscap
     module ClassMethods
       def search_by_policy_name(key, operator, policy_name)
         cond = sanitize_sql_for_conditions(["foreman_openscap_policies.name #{operator} ?", value_to_sql(operator, policy_name)])
-        { :conditions => Host::Managed.arel_table[:id].in(Host::Managed.select(Host::Managed.arel_table[:id]).joins(:policies).where(cond).pluck(:id)).to_sql }
+
+        host_group_host_ids = policy_assigned_using_hostgroup_host_ids cond, []
+        host_group_cond = if host_group_host_ids.any?
+                            ' OR ' + sanitize_sql_for_conditions("hosts.id IN (#{host_group_host_ids.join(',')})")
+                          else
+                            ''
+                          end
+        { :conditions => Host::Managed.arel_table[:id].in(Host::Managed.select(Host::Managed.arel_table[:id]).joins(:policies).where(cond).pluck(:id)).to_sql + host_group_cond }
       end
 
       def search_by_missing_arf(key, operator, policy_name)
         cond = sanitize_sql_for_conditions(["foreman_openscap_policies.name #{operator} ?", value_to_sql(operator, policy_name)])
-        { :conditions => Host::Managed.arel_table[:id].in(Host::Managed.select(Host::Managed.arel_table[:id]).
-            joins(:policies).
-            where(cond).
-            where("foreman_openscap_assets.id NOT IN (
-                     SELECT DISTINCT foreman_openscap_arf_reports.asset_id
-                     FROM foreman_openscap_arf_reports
-                     WHERE foreman_openscap_arf_reports.asset_id = foreman_openscap_assets.id
-                         AND foreman_openscap_arf_reports.policy_id = foreman_openscap_policies.id)").
-            pluck(:id)).to_sql
-        }
+
+        host_ids_from_arf_of_policy = ForemanOpenscap::ArfReport.joins(:policy).where(cond).pluck(:host_id).uniq
+
+        direct_result = policy_assigned_directly_host_ids cond, host_ids_from_arf_of_policy
+
+        hg_result = policy_assigned_using_hostgroup_host_ids cond, host_ids_from_arf_of_policy
+
+        result = (direct_result + hg_result).uniq
+        { :conditions => "hosts.id IN (#{result.empty? ? 'NULL' : result.join(',')})" }
+      end
+
+      def policy_assigned_directly_host_ids(condition, host_ids_from_arf)
+        ForemanOpenscap::Asset.where(:assetable_type => 'Host::Base')
+                              .joins(:policies)
+                              .where(condition)
+                              .where.not(:assetable_id => host_ids_from_arf)
+                              .pluck(:assetable_id)
+      end
+
+      def policy_assigned_using_hostgroup_host_ids(condition, host_ids_from_arf)
+        hostgroup_with_policy_ids = ForemanOpenscap::Asset.where(:assetable_type => 'Hostgroup')
+                                                          .joins(:policies)
+                                                          .where(condition)
+                                                          .pluck(:assetable_id)
+        subtree_ids = Hostgroup.where(:id => hostgroup_with_policy_ids).flat_map(&:subtree_ids).uniq
+        Host.where(:hostgroup_id => subtree_ids).where.not(:id => host_ids_from_arf).pluck(:id)
       end
     end
   end

data/app/models/concerns/foreman_openscap/log_extensions.rb

@@ -2,7 +2,7 @@ module ForemanOpenscap
   module LogExtensions
     extend ActiveSupport::Concern
     included do
-      SCAP_RESULT = %w(pass fail error unknown notapplicable notchecked notselected informational fixed)
+      SCAP_RESULT = %w(pass fail error unknown notapplicable notchecked notselected informational fixed).freeze
       validate :scap_result
     end
 

data/app/models/concerns/foreman_openscap/openscap_proxy_core_extensions.rb

@@ -13,7 +13,7 @@ module ForemanOpenscap
     end
 
     def update_scap_client_params
-      model_match = self.class.name.underscore.match(/\Ahostgroup\z/) ? "hostgroup" : "fqdn"
+      model_match = self.class.name.underscore =~ /\Ahostgroup\z/ ? "hostgroup" : "fqdn"
       scap_params = find_scap_client.class_params
       server_lookup_key = scap_params.find { |param| param.key == "server" }
       port_lookup_key = scap_params.find { |param| param.key == "port" }
@@ -34,7 +34,7 @@ module ForemanOpenscap
 
     def scap_client_lookup_values_for(lookup_keys, model_match)
       lookup_keys.inject({}) do |result, key|
-        result[key] = key.lookup_values.find { |value| value.match == "#{lookup_matcher(model_match)}" }
+        result[key] = key.lookup_values.find { |value| value.match == lookup_matcher(model_match).to_s }
         result
       end
     end
@@ -55,7 +55,7 @@ module ForemanOpenscap
     end
 
     def find_scap_client
-      Puppetclass.find_by_name("foreman_scap_client")
+      Puppetclass.find_by(name: "foreman_scap_client")
     end
 
     def lookup_matcher(model_match)