Bearer · elsapet · Nov 18, 2022 · Nov 17, 2022 · Nov 18, 2022 · Nov 18, 2022
diff --git a/docs/_data/curio_init.yaml b/docs/_data/curio_init.yaml
@@ -46,6 +46,14 @@ options:
       default_value: '[]'
       usage: |
         specify the comma separated files and directories to skip (supports * syntax), eg. --skip-path users/*.go,users/admin.sql
+    - name: skip-policy
+      default_value: '[]'
+      usage: |
+        specify the comma separated ids of the policies you would like to skip. Runs all other policies.
+    - name: only-policy
+      default_value: '[]'
+      usage: |
+        specify the comma separated ids of the policies you would like to run. Skips all other policies.
     - name: timeout
       default_value: 10m0s
       usage: time allowed to complete scan
@@ -69,4 +77,4 @@ options:
       usage: number of processing workers to spawn
 see_also:
     - ' - '
-aliases: 
+aliases:
diff --git a/docs/_data/curio_scan.yaml b/docs/_data/curio_scan.yaml
@@ -46,6 +46,14 @@ options:
       default_value: '[]'
       usage: |
         specify the comma separated files and directories to skip (supports * syntax), eg. --skip-path users/*.go,users/admin.sql
+    - name: skip-policy
+      default_value: '[]'
+      usage: |
+        specify the comma separated ids of the policies you would like to skip. Runs all other policies.
+    - name: only-policy
+      default_value: '[]'
+      usage: |
+        specify the comma separated ids of the policies you would like to run. Skips all other policies.
     - name: timeout
       default_value: 10m0s
       usage: time allowed to complete scan

diff --git a/integration/flags/.snapshots/TestInitCommand-init b/integration/flags/.snapshots/TestInitCommand-init
@@ -1,3 +1,6 @@
+policy:
+    only-policy: []
+    skip-policy: []
 report:
     format: json
     output: ""

diff --git a/integration/flags/.snapshots/TestMetadataFlags-help-scan b/integration/flags/.snapshots/TestMetadataFlags-help-scan
@@ -20,6 +20,10 @@ Scan Flags
       --quiet                                suppress non-essential messages
       --skip-path strings                    specify the comma separated files and directories to skip (supports * syntax), eg. --skip-path users/*.go,users/admin.sql
 
+Policy Flags
+      --only-policy strings   specify the comma separated ids of the policies you would like to run. Skips all other policies.
+      --skip-policy strings   specify the comma separated ids of the policies you would like to skip. Runs all other policies.
+
 Worker Flags
       --existing-worker string              URL of an existing worker
       --file-size-max int                   ignore files with file size larger than this config (default 25000000)

diff --git a/integration/flags/.snapshots/TestMetadataFlags-scan-help b/integration/flags/.snapshots/TestMetadataFlags-scan-help
@@ -20,6 +20,10 @@ Scan Flags
       --quiet                                suppress non-essential messages
       --skip-path strings                    specify the comma separated files and directories to skip (supports * syntax), eg. --skip-path users/*.go,users/admin.sql
 
+Policy Flags
+      --only-policy strings   specify the comma separated ids of the policies you would like to run. Skips all other policies.
+      --skip-policy strings   specify the comma separated ids of the policies you would like to skip. Runs all other policies.
+
 Worker Flags
       --existing-worker string              URL of an existing worker
       --file-size-max int                   ignore files with file size larger than this config (default 25000000)

diff --git a/pkg/commands/process/settings/settings.go b/pkg/commands/process/settings/settings.go
@@ -85,7 +85,19 @@ func FromOptions(opts flag.Options) (Config, error) {
 		}
 	}
 
-	for _, policy := range policies {
+	for key := range policies {
+		policy := policies[key]
+
+		if len(opts.PolicyOptions.OnlyPolicy) > 0 && !opts.PolicyOptions.OnlyPolicy[policy.Id] {
+			delete(policies, key)
+			continue
+		}
+
+		if opts.PolicyOptions.SkipPolicy[policy.Id] {
+			delete(policies, key)
+			continue
+		}
+
 		for _, module := range policy.Modules {
 			if module.Path != "" {
 				content, err := policiesFs.ReadFile(module.Path)

diff --git a/pkg/commands/scan.go b/pkg/commands/scan.go
@@ -30,6 +30,7 @@ Available Commands:{{range .Commands}}{{if (or .IsAvailableCommand (eq .Name "he
 
 var scanFlags = &flag.Flags{
 	ScanFlagGroup:    flag.NewScanFlagGroup(),
+	PolicyFlagGroup:  flag.NewPolicyFlagGroup(),
 	WorkerFlagGroup:  flag.NewWorkerFlagGroup(),
 	ReportFlagGroup:  flag.NewReportFlagGroup(),
 	GeneralFlagGroup: flag.NewGeneralFlagGroup(),

diff --git a/pkg/flag/options.go b/pkg/flag/options.go
@@ -43,6 +43,7 @@ type FlagGroup interface {
 type Flags struct {
 	RepoFlagGroup    *RepoFlagGroup
 	ReportFlagGroup  *ReportFlagGroup
+	PolicyFlagGroup  *PolicyFlagGroup
 	ProcessFlagGroup *ProcessFlagGroup
 	ScanFlagGroup    *ScanFlagGroup
 	WorkerFlagGroup  *WorkerFlagGroup
@@ -53,6 +54,7 @@ type Flags struct {
 type Options struct {
 	RepoOptions
 	ReportOptions
+	PolicyOptions
 	WorkerOptions
 	ScanOptions
 	GeneralOptions
@@ -154,6 +156,9 @@ func (f *Flags) groups() []FlagGroup {
 	if f.ProcessFlagGroup != nil {
 		groups = append(groups, f.ProcessFlagGroup)
 	}
+	if f.PolicyFlagGroup != nil {
+		groups = append(groups, f.PolicyFlagGroup)
+	}
 	if f.RepoFlagGroup != nil {
 		groups = append(groups, f.RepoFlagGroup)
 	}
@@ -243,6 +248,10 @@ func (f *Flags) ToOptions(args []string) (Options, error) {
 		opts.ReportOptions = f.ReportFlagGroup.ToOptions()
 	}
 
+	if f.PolicyFlagGroup != nil {
+		opts.PolicyOptions = f.PolicyFlagGroup.ToOptions(args)
+	}
+
 	if f.WorkerFlagGroup != nil {
 		opts.WorkerOptions = f.WorkerFlagGroup.ToOptions()
 	}

diff --git a/pkg/flag/policy_flags.go b/pkg/flag/policy_flags.go
@@ -0,0 +1,62 @@
+package flag
+
+var (
+	SkipPolicyFlag = Flag{
+		Name:       "skip-policy",
+		ConfigName: "policy.skip-policy",
+		Value:      []string{},
+		Usage:      "specify the comma separated ids of the policies you would like to skip. Runs all other policies.",
+	}
+	OnlyPolicyFlag = Flag{
+		Name:       "only-policy",
+		ConfigName: "policy.only-policy",
+		Value:      []string{},
+		Usage:      "specify the comma separated ids of the policies you would like to run. Skips all other policies.",
+	}
+)
+
+type PolicyFlagGroup struct {
+	SkipPolicyFlag *Flag
+	OnlyPolicyFlag *Flag
+}
+
+type PolicyOptions struct {
+	SkipPolicy map[string]bool `json:"skip_policy"`
+	OnlyPolicy map[string]bool `json:"only_policy"`
+}
+
+func NewPolicyFlagGroup() *PolicyFlagGroup {
+	return &PolicyFlagGroup{
+		SkipPolicyFlag: &SkipPolicyFlag,
+		OnlyPolicyFlag: &OnlyPolicyFlag,
+	}
+}
+
+func (f *PolicyFlagGroup) Name() string {
+	return "Policy"
+}
+
+func (f *PolicyFlagGroup) Flags() []*Flag {
+	return []*Flag{
+		f.SkipPolicyFlag,
+		f.OnlyPolicyFlag,
+	}
+}
+
+func (f *PolicyFlagGroup) ToOptions(args []string) PolicyOptions {
+	return PolicyOptions{
+		SkipPolicy: argsToMap(f.SkipPolicyFlag),
+		OnlyPolicy: argsToMap(f.OnlyPolicyFlag),
+	}
+}
+
+func argsToMap(flag *Flag) map[string]bool {
+	strSlice := getStringSlice(flag)
+
+	result := make(map[string]bool)
+	for _, str := range strSlice {
+		result[str] = true
+	}
+
+	return result
+}