internal/vulncheck: pass SBOM to handlers

Passes the SBOM message to the handlers when in source and binary mode.

Change-Id: Id3ef03eb4294f731a18739477e710edd85ab755e
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/616935
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

Author: Maceo Thompson

cmd/govulncheck/testdata/common/config.json

@@ -39,6 +39,10 @@
     {
       "pattern": "\"timestamp\": (.*),",
       "replace": "\"timestamp\": \"2024-01-01T00:00:00\","
+    },
+    {
+      "pattern": "path\": \"stdlib\",\n *\"version\": \"[^\\s]*\"",
+      "replace": "path\": \"stdlib\",\n        \"version\": \"v1.18.0\""
     }
   ]
 }

cmd/govulncheck/testdata/common/testfiles/binary-call/binary_call_json.ct

@@ -27,6 +27,40 @@ $ govulncheck -format json -mode binary ${common_vuln_binary}
     "message": "Checking the binary against the vulnerabilities..."
   }
 }
+{
+  "SBOM": {
+    "go_version": "go1.18",
+    "modules": [
+      {
+        "path": "golang.org/vuln",
+        "version": "(devel)"
+      },
+      {
+        "path": "github.com/tidwall/gjson",
+        "version": "v1.6.5"
+      },
+      {
+        "path": "github.com/tidwall/match",
+        "version": "v1.1.0"
+      },
+      {
+        "path": "github.com/tidwall/pretty",
+        "version": "v1.2.0"
+      },
+      {
+        "path": "golang.org/x/text",
+        "version": "v0.3.0"
+      },
+      {
+        "path": "stdlib",
+        "version": "v1.18.0"
+      }
+    ],
+    "roots": [
+      "golang.org/vuln"
+    ]
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

cmd/govulncheck/testdata/common/testfiles/binary-call/binary_vendored_json.ct

@@ -27,6 +27,36 @@ $ govulncheck -format json -mode binary ${common_vendored_binary}
     "message": "Checking the binary against the vulnerabilities..."
   }
 }
+{
+  "SBOM": {
+    "go_version": "go1.18",
+    "modules": [
+      {
+        "path": "golang.org/vendored",
+        "version": "(devel)"
+      },
+      {
+        "path": "github.com/tidwall/gjson",
+        "version": "v1.6.5"
+      },
+      {
+        "path": "golang.org/x/text",
+        "version": "v0.3.0"
+      },
+      {
+        "path": "private.com/privateuser/fakemod",
+        "version": "v1.0.0"
+      },
+      {
+        "path": "stdlib",
+        "version": "v1.18.0"
+      }
+    ],
+    "roots": [
+      "golang.org/vendored"
+    ]
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

cmd/govulncheck/testdata/common/testfiles/binary-module/binary_module_json.ct

@@ -27,6 +27,40 @@ $ govulncheck -format json -mode binary -scan module ${common_vuln_binary}
     "message": "Checking the binary against the vulnerabilities..."
   }
 }
+{
+  "SBOM": {
+    "go_version": "go1.18",
+    "modules": [
+      {
+        "path": "golang.org/vuln",
+        "version": "(devel)"
+      },
+      {
+        "path": "github.com/tidwall/gjson",
+        "version": "v1.6.5"
+      },
+      {
+        "path": "github.com/tidwall/match",
+        "version": "v1.1.0"
+      },
+      {
+        "path": "github.com/tidwall/pretty",
+        "version": "v1.2.0"
+      },
+      {
+        "path": "golang.org/x/text",
+        "version": "v0.3.0"
+      },
+      {
+        "path": "stdlib",
+        "version": "v1.18.0"
+      }
+    ],
+    "roots": [
+      "golang.org/vuln"
+    ]
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

cmd/govulncheck/testdata/common/testfiles/binary-package/binary_package_json.ct

@@ -27,6 +27,40 @@ $ govulncheck -format json -mode binary -scan package ${common_vuln_binary}
     "message": "Checking the binary against the vulnerabilities..."
   }
 }
+{
+  "SBOM": {
+    "go_version": "go1.18",
+    "modules": [
+      {
+        "path": "golang.org/vuln",
+        "version": "(devel)"
+      },
+      {
+        "path": "github.com/tidwall/gjson",
+        "version": "v1.6.5"
+      },
+      {
+        "path": "github.com/tidwall/match",
+        "version": "v1.1.0"
+      },
+      {
+        "path": "github.com/tidwall/pretty",
+        "version": "v1.2.0"
+      },
+      {
+        "path": "golang.org/x/text",
+        "version": "v0.3.0"
+      },
+      {
+        "path": "stdlib",
+        "version": "v1.18.0"
+      }
+    ],
+    "roots": [
+      "golang.org/vuln"
+    ]
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

cmd/govulncheck/testdata/common/testfiles/source-call/source_call_json.ct

@@ -27,6 +27,40 @@ $ govulncheck -C ${moddir}/vuln -format json ./...
     "message": "Checking the code against the vulnerabilities..."
   }
 }
+{
+  "SBOM": {
+    "go_version": "go1.18",
+    "modules": [
+      {
+        "path": "golang.org/vuln"
+      },
+      {
+        "path": "github.com/tidwall/gjson",
+        "version": "v1.6.5"
+      },
+      {
+        "path": "github.com/tidwall/match",
+        "version": "v1.1.0"
+      },
+      {
+        "path": "github.com/tidwall/pretty",
+        "version": "v1.2.0"
+      },
+      {
+        "path": "golang.org/x/text",
+        "version": "v0.3.0"
+      },
+      {
+        "path": "stdlib",
+        "version": "v1.18.0"
+      }
+    ],
+    "roots": [
+      "golang.org/vuln",
+      "golang.org/vuln/subdir"
+    ]
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

cmd/govulncheck/testdata/common/testfiles/source-call/source_multientry_json.ct

@@ -28,6 +28,27 @@ $ govulncheck -format json -C ${moddir}/multientry .
     "message": "Checking the code against the vulnerabilities..."
   }
 }
+{
+  "SBOM": {
+    "go_version": "go1.18",
+    "modules": [
+      {
+        "path": "golang.org/multientry"
+      },
+      {
+        "path": "golang.org/x/text",
+        "version": "v0.3.5"
+      },
+      {
+        "path": "stdlib",
+        "version": "v1.18.0"
+      }
+    ],
+    "roots": [
+      "golang.org/multientry"
+    ]
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

cmd/govulncheck/testdata/common/testfiles/source-call/source_replace_json.ct

@@ -28,6 +28,27 @@ $ govulncheck -C ${moddir}/replace -format json ./...
     "message": "Checking the code against the vulnerabilities..."
   }
 }
+{
+  "SBOM": {
+    "go_version": "go1.18",
+    "modules": [
+      {
+        "path": "golang.org/replace"
+      },
+      {
+        "path": "golang.org/x/text",
+        "version": "v0.3.0"
+      },
+      {
+        "path": "stdlib",
+        "version": "v1.18.0"
+      }
+    ],
+    "roots": [
+      "golang.org/replace"
+    ]
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

cmd/govulncheck/testdata/common/testfiles/source-call/source_vendored_json.ct

@@ -28,6 +28,36 @@ $ govulncheck -C ${moddir}/vendored -format json ./...
     "message": "Checking the code against the vulnerabilities..."
   }
 }
+{
+  "SBOM": {
+    "go_version": "go1.18",
+    "modules": [
+      {
+        "path": "golang.org/vendored"
+      },
+      {
+        "path": "github.com/tidwall/gjson",
+        "version": "v1.6.5"
+      },
+      {
+        "path": "golang.org/x/text",
+        "version": "v0.3.0"
+      },
+      {
+        "path": "private.com/privateuser/fakemod",
+        "version": "v1.0.0"
+      },
+      {
+        "path": "stdlib",
+        "version": "v1.18.0"
+      }
+    ],
+    "roots": [
+      "golang.org/vendored",
+      "golang.org/vendored/subdir"
+    ]
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",

cmd/govulncheck/testdata/common/testfiles/source-module/source_module_json.ct

@@ -28,6 +28,27 @@ $ govulncheck -format json -scan module -C ${moddir}/multientry
     "message": "Checking the code against the vulnerabilities..."
   }
 }
+{
+  "SBOM": {
+    "go_version": "go1.18",
+    "modules": [
+      {
+        "path": "golang.org/multientry"
+      },
+      {
+        "path": "golang.org/x/text",
+        "version": "v0.3.5"
+      },
+      {
+        "path": "stdlib",
+        "version": "v1.18.0"
+      }
+    ],
+    "roots": [
+      "golang.org/multientry"
+    ]
+  }
+}
 {
   "osv": {
     "schema_version": "1.3.1",