package models

import "time"

// VulnerabilityFinding records a known vulnerability found in a dependency.
type VulnerabilityFinding struct {
	ID           int64      `xorm:"'id' pk autoincr"              json:"id"`
	RepoID       int64      `xorm:"'repo_id' notnull index"       json:"repoId"`
	VulnID       string     `xorm:"'vuln_id' varchar(50)"         json:"vulnId"`      // e.g. "GHSA-xxxx" or "CVE-2024-..."
	PURL         string     `xorm:"'purl' varchar(255)"           json:"purl"`        // package URL
	Version      string     `xorm:"'version' varchar(100)"        json:"version"`     // affected version
	Summary      string     `xorm:"'summary' varchar(500)"        json:"summary"`
	Details      string     `xorm:"'details' text"                json:"details,omitempty"`
	CVSSScore    float64    `xorm:"'cvss_score'"                  json:"cvssScore"`
	FixedVersion string     `xorm:"'fixed_version' varchar(100)"  json:"fixedVersion"`
	Dismissed    bool       `xorm:"'dismissed'"                   json:"dismissed"`
	DismissedBy  string     `xorm:"'dismissed_by' varchar(100)"   json:"dismissedBy,omitempty"`
	DismissedAt  *time.Time `xorm:"'dismissed_at'"                json:"dismissedAt,omitempty"`
	DetectedAt   time.Time  `xorm:"'detected_at'"                 json:"detectedAt"`
}