From e23b24099dd5c22fc5cad835ca1f3ef754c1b1c0 Mon Sep 17 00:00:00 2001
From: nikirby <nikirby@amazon.com>
Date: Wed, 6 Oct 2021 10:41:40 -0400
Subject: [PATCH 1/2] Added `-C` option to provide a file with the checklist to
 be checked against. Also added checklist.txt to provide a sample file

---
 checklist.txt |  6 ++++++
 prowler       | 20 +++++++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 checklist.txt

diff --git a/checklist.txt b/checklist.txt
new file mode 100644
index 00000000..d00f60e8
--- /dev/null
+++ b/checklist.txt
@@ -0,0 +1,6 @@
+# You can add a comma seperated list of checks like this:
+check11, check12
+extra72 # You can also use newlines for each check
+check13 # This way allows you to add inline comments
+# Both of these can be combined if you have a standard list and want to add
+# inline comments for other checks.
\ No newline at end of file
diff --git a/prowler b/prowler
index 8022ba0b..1bd7febd 100755
--- a/prowler
+++ b/prowler
@@ -72,6 +72,8 @@ USAGE:
                             (i.e.: us-east-1), all regions are checked anyway if the check requires it
       -c <check_id>       specify one or multiple check ids separated by commas, to see all available checks use "-l" option
                             (i.e.: "check11" for check 1.1 or "extra71,extra72" for extra check 71 and extra check 72)
+      -C                  Checklist file. See checklist.txt for reference and format.
+                            (i.e.: checklist.txt)
       -g <group_id>       specify a group of checks by id, to see all available group of checks use "-L"
                             (i.e.: "group3" for entire section 3, "cislevel1" for CIS Level 1 Profile Definitions or "forensics-ready")
       -f <filterregion>   specify an AWS region to run checks against
@@ -115,7 +117,7 @@ USAGE:
   exit
 }
 
-while getopts ":hlLkqp:r:c:g:f:m:M:E:x:enbVsSI:A:R:T:w:N:o:B:F:zZ:" OPTION; do
+while getopts ":hlLkqp:r:c:C:g:f:m:M:E:x:enbVsSI:A:R:T:w:N:o:B:F:zZ:" OPTION; do
    case $OPTION in
      h )
         usage
@@ -140,6 +142,9 @@ while getopts ":hlLkqp:r:c:g:f:m:M:E:x:enbVsSI:A:R:T:w:N:o:B:F:zZ:" OPTION; do
      c )
         CHECK_ID=$OPTARG
         ;;
+     C )
+        CHECK_FILE=$OPTARG
+        ;;
      g )
         GROUP_ID_READ=$OPTARG
         ;;
@@ -279,6 +284,19 @@ unset AWS_DEFAULT_OUTPUT
 . $PROWLER_DIR/include/securityhub_integration
 . $PROWLER_DIR/include/junit_integration
 
+# Parses the check file into CHECK_ID's.
+if [[ -n "$CHECK_FILE" ]]; then
+  if [[ -f $CHECK_FILE ]]; then
+    # Parses the file, converting it to a comma seperated list. Ignores all # comments and removes extra blank spaces
+    CHECK_ID="$(awk '!/^[[:space:]]*#/{print }' <(cat $CHECK_FILE | sed 's/[[:space:]]*#.*$//g;/^$/d' | sed 'H;1h;$!d;x;y/\n/,/' | tr -d ' '))"
+  else
+    # If the file doesn't exist, exits Prowler
+    echo "$CHECK_FILE does not exist"
+    EXITCODE=1
+    exit $EXITCODE
+  fi
+fi
+
 # Pre-process whitelist file if supplied
 if [[ -n "$WHITELIST_FILE" ]]; then
   # ignore lines starting with # (comments)

From 6874fa4793ea62bc1bd5aeff9141c92f2785c679 Mon Sep 17 00:00:00 2001
From: nikirby <nikirby@amazon.com>
Date: Wed, 6 Oct 2021 10:48:13 -0400
Subject: [PATCH 2/2] Fixed sample file to be what it's looking for.

---
 checklist.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checklist.txt b/checklist.txt
index d00f60e8..83e556a2 100644
--- a/checklist.txt
+++ b/checklist.txt
@@ -1,5 +1,5 @@
 # You can add a comma seperated list of checks like this:
-check11, check12
+check11,check12
 extra72 # You can also use newlines for each check
 check13 # This way allows you to add inline comments
 # Both of these can be combined if you have a standard list and want to add