internal/cveschema: add CVE states
Constants are added for the CVE record states (RESERVED, PUBLISHED, and
REJECTED).
Change-Id: I4b09b779623dee245ecc859a4f3c4021bf81e0ba
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/357011
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
diff --git a/internal/cveschema/cveschema.go b/internal/cveschema/cveschema.go
index 4aa66af..85fb4ed 100644
--- a/internal/cveschema/cveschema.go
+++ b/internal/cveschema/cveschema.go
@@ -6,6 +6,24 @@
// https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema.
package cveschema
+const (
+ // StateReserved is the initial state for a CVE Record; when the associated
+ // CVE ID is Reserved by a CNA.
+ StateReserved = "RESERVED"
+
+ // StatePublished is when a CNA populates the data associated with a CVE ID
+ // as a CVE Record, the state of the CVE Record is Published. The
+ // associated data must contain an identification number (CVE ID), a prose
+ // description, and at least one public reference.
+ StatePublished = "PUBLISHED"
+
+ // StateRejected is when the CVE ID and associated CVE Record should no
+ // longer be used, the CVE Record is placed in the Rejected state. A Rejected
+ // CVE Record remains on the CVE List so that users can know when it is
+ // invalid.
+ StateRejected = "REJECTED"
+)
+
// CVE represents a "Common Vulnerabilities and Exposures" record, which is
// associated with a CVE ID and provided by a CNA.
//