Vendor cfssl and cfssljson

vendor/github.com/cloudflare/cfssl/api/scan/BUILD

@@ -0,0 +1,29 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["scan.go"],
+    importmap = "k8s.io/kubernetes/vendor/github.com/cloudflare/cfssl/api/scan",
+    importpath = "github.com/cloudflare/cfssl/api/scan",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//vendor/github.com/cloudflare/cfssl/api:go_default_library",
+        "//vendor/github.com/cloudflare/cfssl/errors:go_default_library",
+        "//vendor/github.com/cloudflare/cfssl/log:go_default_library",
+        "//vendor/github.com/cloudflare/cfssl/scan:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)

vendor/github.com/cloudflare/cfssl/api/scan/scan.go

@@ -0,0 +1,76 @@
+package scan
+
+import (
+	"encoding/json"
+	"net/http"
+	"time"
+
+	"github.com/cloudflare/cfssl/api"
+	"github.com/cloudflare/cfssl/errors"
+	"github.com/cloudflare/cfssl/log"
+	"github.com/cloudflare/cfssl/scan"
+)
+
+// scanHandler is an HTTP handler that accepts GET parameters for host (required)
+// family and scanner, and uses these to perform scans, returning a JSON blob result.
+func scanHandler(w http.ResponseWriter, r *http.Request) error {
+	if err := r.ParseForm(); err != nil {
+		log.Warningf("failed to parse body: %v", err)
+		return errors.NewBadRequest(err)
+	}
+
+	family := r.Form.Get("family")
+	scanner := r.Form.Get("scanner")
+	ip := r.Form.Get("ip")
+	timeoutStr := r.Form.Get("timeout")
+	var timeout time.Duration
+	var err error
+	if timeoutStr != "" {
+		if timeout, err = time.ParseDuration(timeoutStr); err != nil {
+			return errors.NewBadRequest(err)
+		}
+		if timeout < time.Second || timeout > 5*time.Minute {
+			return errors.NewBadRequestString("invalid timeout given")
+		}
+	} else {
+		timeout = time.Minute
+	}
+
+	host := r.Form.Get("host")
+	if host == "" {
+		log.Warningf("no host given")
+		return errors.NewBadRequestString("no host given")
+	}
+
+	results, err := scan.Default.RunScans(host, ip, family, scanner, timeout)
+	if err != nil {
+		return errors.NewBadRequest(err)
+	}
+
+	return json.NewEncoder(w).Encode(api.NewSuccessResponse(results))
+}
+
+// NewHandler returns a new http.Handler that handles a scan request.
+func NewHandler(caBundleFile string) (http.Handler, error) {
+	return api.HTTPHandler{
+		Handler: api.HandlerFunc(scanHandler),
+		Methods: []string{"GET"},
+	}, scan.LoadRootCAs(caBundleFile)
+}
+
+// scanInfoHandler is an HTTP handler that returns a JSON blob result describing
+// the possible families and scans to be run.
+func scanInfoHandler(w http.ResponseWriter, r *http.Request) error {
+	log.Info("setting up scaninfo handler")
+	response := api.NewSuccessResponse(scan.Default)
+	enc := json.NewEncoder(w)
+	return enc.Encode(response)
+}
+
+// NewInfoHandler returns a new http.Handler that handles a request for scan info.
+func NewInfoHandler() http.Handler {
+	return api.HTTPHandler{
+		Handler: api.HandlerFunc(scanInfoHandler),
+		Methods: []string{"GET"},
+	}
+}