|
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
namespace Microsoft.DotNet.Cli.SdkVulnerability;
/// <summary>
/// Contains vulnerability and end-of-life status for a resolved SDK version.
/// </summary>
internal sealed class SdkVulnerabilityInfo
{
public bool IsEol { get; init; }
public DateTime? EolDate { get; init; }
public IReadOnlyList<SdkCveInfo> Cves { get; init; } = [];
/// <summary>
/// The recommended SDK version to update to. When <see cref="FeatureBandDiscontinued"/>
/// is false, this is the latest SDK in the same feature band. When it is true,
/// this is the channel's latest SDK (in a different feature band).
/// </summary>
public string? LatestSdkVersion { get; init; }
/// <summary>
/// True when there is no newer SDK in the user's feature band, but the channel
/// has a newer SDK in a different band. Callers should phrase the upgrade
/// recommendation as a band switch in that case.
/// </summary>
public bool FeatureBandDiscontinued { get; init; }
public bool HasVulnerabilities => Cves.Count > 0;
}
/// <summary>
/// Represents a single CVE that affects an SDK version.
/// </summary>
internal sealed class SdkCveInfo
{
public required string Id { get; init; }
public required string Url { get; init; }
}
|