syntax = "proto3";

package resf.apollo.v1;

import "google/protobuf/wrappers.proto";

option go_package = "peridot.resf.org/apollo/pb;apollopb";

message AffectedProduct {
  int64 product_id = 1;
  google.protobuf.StringValue cve_id = 2;
  string version = 3;

  enum State {
    STATE_UNKNOWN = 0;
    // CVE only affects downstream
    STATE_UNDER_INVESTIGATION_DOWNSTREAM = 1;
    // CVE affecting upstream and a fix still hasn't been issued
    STATE_UNDER_INVESTIGATION_UPSTREAM = 2;
    // CVE has been fixed upstream
    STATE_FIXED_UPSTREAM = 3;
    // CVE has been fixed downstream
    // At this stage the CVE can be included in errata
    STATE_FIXED_DOWNSTREAM = 4;
    // CVE will NOT be fixed upstream
    STATE_WILL_NOT_FIX_UPSTREAM = 5;
    // CVE will NOT be fixed downstream
    // This will probably never happen with Core, but may happen for SIGs
    STATE_WILL_NOT_FIX_DOWNSTREAM = 6;
    // CVE is out of support scope
    STATE_OUT_OF_SUPPORT_SCOPE = 7;
    // CVE affects product and upstream is working on a fix
    STATE_AFFECTED_UPSTREAM = 8;
    // CVE affects product and a fix is being worked out
    STATE_AFFECTED_DOWNSTREAM = 9;
  }
  State state = 4;

  string package = 5;
  google.protobuf.StringValue advisory = 6;
}