Skip to main content

osv_db/types/
range.rs

1use serde::Deserialize;
2use serde_json::Value;
3
4/// A version range describing when a package is vulnerable.
5#[derive(Debug, Clone, Deserialize)]
6pub struct Range {
7    /// The versioning scheme used for [`Range::events`].
8    #[serde(rename = "type")]
9    pub range_type: RangeType,
10    /// Repository URL — required when `range_type` is [`RangeType::GIT`].
11    pub repo: Option<String>,
12    /// Ordered list of version events that define the affected range.
13    ///
14    /// Must contain at least one [`Event::Introduced`] entry.
15    pub events: Vec<Event>,
16    /// Database-specific additional data.
17    pub database_specific: Option<Value>,
18}
19
20/// Versioning scheme for a [`Range`].
21#[derive(Debug, Clone, PartialEq, Eq, Deserialize)]
22pub enum RangeType {
23    /// Git commit hashes (full 40- or 64-character hex strings, or `"0"`).
24    GIT,
25    /// Semantic versioning (<https://semver.org/>).
26    SEMVER,
27    /// Ecosystem-specific versioning (e.g. Maven, `PyPI`).
28    ECOSYSTEM,
29}
30
31/// A version event that bounds an affected [`Range`].
32///
33/// Each variant is deserialised from a JSON object with a single key, matching
34/// the OSV `oneOf` constraint.
35#[derive(Debug, Clone, Deserialize)]
36#[serde(untagged)]
37pub enum Event {
38    /// The (inclusive) version at which the vulnerability was introduced.
39    Introduced {
40        /// Version string or commit hash at which the vulnerability was introduced.
41        introduced: String,
42    },
43    /// The (exclusive) version at which the vulnerability was fixed.
44    Fixed {
45        /// Version string or commit hash at which the fix was released.
46        fixed: String,
47    },
48    /// The last (inclusive) version that is affected.
49    ///
50    /// Mutually exclusive with [`Event::Fixed`] within the same range.
51    LastAffected {
52        /// Version string or commit hash of the last affected version.
53        last_affected: String,
54    },
55    /// An exclusive upper bound that limits the range regardless of other events.
56    Limit {
57        /// Version string or commit hash acting as the upper limit.
58        limit: String,
59    },
60}