get_vulnerability

Retrieve a specific vulnerability by its ID from penetration testing reports to access detailed security assessment documentation, including CVSS 3.1 scoring and HTML formatting.

Instructions

Retrieve a specific vulnerability by ID

Input Schema

TableJSON Schema

Name	Required	Description	Default
`bearerToken`	No	Bearer token for authentication (optional if REPORTS_JWT_TOKEN env var is set)
`vulnerabilityId`	Yes	The ID of the vulnerability to retrieve (24-character MongoDB ObjectId)

Implementation Reference

server.js:330-395 (handler)

The core handler function that implements the logic for retrieving a specific vulnerability by ID from the API endpoint. It validates the ID, makes an authenticated GET request, and returns formatted JSON response or error content.

async function getVulnerability(providedToken, vulnerabilityId) {
  try {
    const bearerToken = getBearerToken(providedToken);
    
    // Validate vulnerabilityId format (should be MongoDB ObjectId)
    if (!vulnerabilityId || !vulnerabilityId.match(/^[0-9a-fA-F]{24}$/)) {
      throw new McpError(
        ErrorCode.InvalidParams,
        'Invalid vulnerabilityId format. Must be a valid MongoDB ObjectId (24 characters)'
      );
    }

    const response = await axios.get(`${VULNERABILITY_ENDPOINT}/${vulnerabilityId}`, {
      headers: {
        'Authorization': `Bearer ${bearerToken}`,
        'Content-Type': 'application/json',
      },
      timeout: 10000,
    });

    return {
      content: [
        {
          type: 'text',
          text: JSON.stringify({
            success: true,
            status: response.status,
            data: response.data,
            timestamp: new Date().toISOString(),
            message: `Retrieved vulnerability ${vulnerabilityId}`,
          }, null, 2),
        },
      ],
    };
  } catch (error) {
    if (error instanceof McpError) {
      throw error;
    }
    
    if (error.response) {
      return {
        content: [
          {
            type: 'text',
            text: JSON.stringify({
              success: false,
              status: error.response.status,
              error: error.response.data || error.message,
              timestamp: new Date().toISOString(),
            }, null, 2),
          },
        ],
      };
    } else if (error.request) {
      throw new McpError(
        ErrorCode.InternalError,
        `Network error: Unable to reach the API at ${VULNERABILITY_ENDPOINT}/${vulnerabilityId}`
      );
    } else {
      throw new McpError(
        ErrorCode.InternalError,
        `Request setup error: ${error.message}`
      );
    }
  }
}

server.js:898-915 (schema)

The input schema and description for the 'get_vulnerability' tool as exposed in the listTools MCP endpoint.

{
  name: 'get_vulnerability',
  description: 'Retrieve a specific vulnerability by ID',
  inputSchema: {
    type: 'object',
    properties: {
      bearerToken: {
        type: 'string',
        description: 'Bearer token for authentication (optional if REPORTS_JWT_TOKEN env var is set)',
      },
      vulnerabilityId: {
        type: 'string',
        description: 'The ID of the vulnerability to retrieve (24-character MongoDB ObjectId)',
      },
    },
    required: ['vulnerabilityId'],
  },
},

server.js:1154-1161 (registration)

The dispatch case in the central tool call handler that validates arguments and invokes the getVulnerability handler function.

case 'get_vulnerability':
  if (!args.vulnerabilityId) {
    throw new McpError(
      ErrorCode.InvalidParams,
      'Vulnerability ID is required'
    );
  }
  return await getVulnerability(args.bearerToken, args.vulnerabilityId);

Reports MCP Server