problem: json report is missing fields.

go json encoder ignores conflicting fields, which was preventing
Hostport from showing up. Also some of the fields weren't even
being selected AND the hostport conflict also existed when the join
results were deserialized.  To fix that, fully qualify the 'host'
fields.

cmd/report.go

@@ -24,6 +24,10 @@ var reportJSONCmd = &cobra.Command{
 	Run: func(cmd *cobra.Command, args []string) {
 		auditor := sshauditor.New(store)
 		report, err := auditor.GetReport()
+		if err != nil {
+			log.Error(err.Error())
+			os.Exit(1)
+		}
 		w := json.NewEncoder(os.Stdout)
 		w.SetIndent("", "  ")
 		err = w.Encode(report)

sshauditor/auditor.go

@@ -355,8 +355,7 @@ func (a *SSHAuditor) LogcheckReport(ls LogSearcher) error {
 }
 
 func (a *SSHAuditor) Vulnerabilities() ([]Vulnerability, error) {
-	vulns, err := a.store.GetVulnerabilities()
-	return vulns, errors.Wrap(err, "GetVulnerabilities failed")
+	return a.store.GetVulnerabilities()
 }
 
 func (a *SSHAuditor) GetReport() (AuditReport, error) {

sshauditor/store.go

@@ -75,7 +75,7 @@ func (c Credential) String() string {
 }
 
 type HostCredential struct {
-	Hostport     string
+	Hostport     string `json:"-"`
 	User         string
 	Password     string
 	LastTested   string `db:"last_tested"`
@@ -85,7 +85,7 @@ type HostCredential struct {
 
 type Vulnerability struct {
 	HostCredential
-	Host
+	Host `db:"host"`
 }
 
 type SQLiteStore struct {
@@ -364,7 +364,9 @@ func (s *SQLiteStore) updateBruteResult(br BruteForceResult) error {
 func (s *SQLiteStore) GetVulnerabilities() ([]Vulnerability, error) {
 	creds := []Vulnerability{}
 	q := `select
-			hc.hostport, hc.user, hc.password, hc.result, hc.last_tested, h.version
+			hc.hostport, hc.user, hc.password, hc.result, hc.last_tested,
+			h.version "host.version", h.hostport "host.hostport",
+			h.seen_first "host.seen_first", h.seen_last "host.seen_last", h.fingerprint "host.fingerprint"
 		from
 			host_creds hc, hosts h
 		where