get_vulnerabilities
Retrieve all vulnerabilities for a specific penetration testing report to analyze security findings and document assessment results.
Instructions
Retrieve all vulnerabilities for a specific report
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| bearerToken | No | Bearer token for authentication (optional if REPORTS_JWT_TOKEN env var is set) | |
| reportId | Yes | The ID of the report to get vulnerabilities from (24-character MongoDB ObjectId) |
Implementation Reference
- server.js:587-652 (handler)The handler function that retrieves all vulnerabilities for a specific report ID by making an authenticated GET request to the /vulnerability/report/{reportId} endpoint. Validates reportId format, handles errors, and returns formatted JSON response.
async function getVulnerabilities(providedToken, reportId) { try { const bearerToken = getBearerToken(providedToken); // Validate reportId format (should be MongoDB ObjectId) if (!reportId || !reportId.match(/^[0-9a-fA-F]{24}$/)) { throw new McpError( ErrorCode.InvalidParams, 'Invalid reportId format. Must be a valid MongoDB ObjectId (24 characters)' ); } const response = await axios.get(`${VULNERABILITY_ENDPOINT}/report/${reportId}`, { headers: { 'Authorization': `Bearer ${bearerToken}`, 'Content-Type': 'application/json', }, timeout: 10000, }); return { content: [ { type: 'text', text: JSON.stringify({ success: true, status: response.status, data: response.data, timestamp: new Date().toISOString(), message: `Retrieved vulnerabilities for report ${reportId}`, }, null, 2), }, ], }; } catch (error) { if (error instanceof McpError) { throw error; } if (error.response) { return { content: [ { type: 'text', text: JSON.stringify({ success: false, status: error.response.status, error: error.response.data || error.message, timestamp: new Date().toISOString(), }, null, 2), }, ], }; } else if (error.request) { throw new McpError( ErrorCode.InternalError, `Network error: Unable to reach the API at ${VULNERABILITY_ENDPOINT}/report/${reportId}` ); } else { throw new McpError( ErrorCode.InternalError, `Request setup error: ${error.message}` ); } } } - server.js:992-1008 (schema)Input schema definition for the get_vulnerabilities tool, specifying parameters bearerToken (optional) and required reportId.
name: 'get_vulnerabilities', description: 'Retrieve all vulnerabilities for a specific report', inputSchema: { type: 'object', properties: { bearerToken: { type: 'string', description: 'Bearer token for authentication (optional if REPORTS_JWT_TOKEN env var is set)', }, reportId: { type: 'string', description: 'The ID of the report to get vulnerabilities from (24-character MongoDB ObjectId)', }, }, required: ['reportId'], }, }, - server.js:1145-1152 (registration)Tool registration and dispatching in the CallToolRequestHandler switch statement, which validates arguments and calls the getVulnerabilities handler.
case 'get_vulnerabilities': if (!args.reportId) { throw new McpError( ErrorCode.InvalidParams, 'Report ID is required' ); } return await getVulnerabilities(args.bearerToken, args.reportId); - server.js:36-52 (helper)Helper function used by getVulnerabilities to obtain the bearer token for API authentication, falling back to environment variable if not provided.
function getBearerToken(providedToken) { // If a token is provided in the request, use it if (providedToken) { return providedToken; } // Otherwise, use the configured JWT token if (JWT_TOKEN) { return JWT_TOKEN; } // If no token is available, throw an error throw new McpError( ErrorCode.InvalidParams, 'No bearer token provided. Either pass bearerToken parameter or set REPORTS_JWT_TOKEN environment variable.' ); }