VulneraMCP

Instructions

Implementation Reference

• src/tools/database.ts:36-54 (handler)

  The core handler function for the 'db.save_finding' MCP tool. It constructs a Finding object from input params, calls the saveFinding helper to persist it to Postgres, and returns a formatted ToolResult.
  async (params: any): Promise<ToolResult> => { try { const finding: Finding = { target: params.target, type: params.type, severity: params.severity, description: params.description, payload: params.payload, response: params.response, timestamp: new Date(), score: params.score || 0, }; const id = await saveFinding(finding); return formatToolResult(true, { id, finding }); } catch (error: any) { return formatToolResult(false, null, error.message); } }
• src/tools/database.ts:15-55 (registration)

  Registers the 'db.save_finding' tool on the MCP server, including description, input schema, and the handler function.
  'db.save_finding', { description: 'Save a bug finding to the database', inputSchema: { type: 'object', properties: { target: { type: 'string', description: 'Target URL or domain' }, type: { type: 'string', description: 'Vulnerability type' }, severity: { type: 'string', enum: ['low', 'medium', 'high', 'critical'], description: 'Severity level', }, description: { type: 'string', description: 'Finding description' }, payload: { type: 'string', description: 'Payload used' }, response: { type: 'string', description: 'Response data' }, score: { type: 'number', description: 'Severity score (0-10)' }, }, required: ['target', 'type', 'severity', 'description'], }, }, async (params: any): Promise<ToolResult> => { try { const finding: Finding = { target: params.target, type: params.type, severity: params.severity, description: params.description, payload: params.payload, response: params.response, timestamp: new Date(), score: params.score || 0, }; const id = await saveFinding(finding); return formatToolResult(true, { id, finding }); } catch (error: any) { return formatToolResult(false, null, error.message); } } );
• src/tools/database.ts:18-34 (schema)

  Input schema for the db.save_finding tool, defining parameters like target, type, severity, etc.
  inputSchema: { type: 'object', properties: { target: { type: 'string', description: 'Target URL or domain' }, type: { type: 'string', description: 'Vulnerability type' }, severity: { type: 'string', enum: ['low', 'medium', 'high', 'critical'], description: 'Severity level', }, description: { type: 'string', description: 'Finding description' }, payload: { type: 'string', description: 'Payload used' }, response: { type: 'string', description: 'Response data' }, score: { type: 'number', description: 'Severity score (0-10)' }, }, required: ['target', 'type', 'severity', 'description'], },
• src/integrations/postgres.ts:95-117 (helper)

  Helper function that performs the actual database insertion of the Finding into the Postgres 'findings' table and returns the generated ID.
  export async function saveFinding(finding: Finding): Promise<number> { const client = await initPostgres().connect(); try { const result: QueryResult = await client.query( `INSERT INTO findings (target, type, severity, description, payload, response, score, timestamp) VALUES ($1, $2, $3, $4, $5, $6, $7, $8) RETURNING id`, [ finding.target, finding.type, finding.severity, finding.description, finding.payload || null, finding.response || null, finding.score || 0, finding.timestamp, ] ); return result.rows[0].id; } finally { client.release(); } }
• src/types/index.ts:44-54 (schema)

  TypeScript interface defining the structure of a Finding object used by db.save_finding.
  export interface Finding { id?: string; target: string; type: string; severity: 'low' | 'medium' | 'high' | 'critical'; description: string; payload?: string; response?: string; timestamp: Date; score?: number; }