db.save_finding
Store vulnerability findings in a database for bug bounty programs, capturing target, type, severity, description, payload, response, and score data.
Instructions
Save a bug finding to the database
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| target | Yes | Target URL or domain | |
| type | Yes | Vulnerability type | |
| severity | Yes | Severity level | |
| description | Yes | Finding description | |
| payload | No | Payload used | |
| response | No | Response data | |
| score | No | Severity score (0-10) |
Implementation Reference
- src/tools/database.ts:36-54 (handler)The core handler function for the 'db.save_finding' MCP tool. It constructs a Finding object from input params, calls the saveFinding helper to persist it to Postgres, and returns a formatted ToolResult.
async (params: any): Promise<ToolResult> => { try { const finding: Finding = { target: params.target, type: params.type, severity: params.severity, description: params.description, payload: params.payload, response: params.response, timestamp: new Date(), score: params.score || 0, }; const id = await saveFinding(finding); return formatToolResult(true, { id, finding }); } catch (error: any) { return formatToolResult(false, null, error.message); } } - src/tools/database.ts:15-55 (registration)Registers the 'db.save_finding' tool on the MCP server, including description, input schema, and the handler function.
'db.save_finding', { description: 'Save a bug finding to the database', inputSchema: { type: 'object', properties: { target: { type: 'string', description: 'Target URL or domain' }, type: { type: 'string', description: 'Vulnerability type' }, severity: { type: 'string', enum: ['low', 'medium', 'high', 'critical'], description: 'Severity level', }, description: { type: 'string', description: 'Finding description' }, payload: { type: 'string', description: 'Payload used' }, response: { type: 'string', description: 'Response data' }, score: { type: 'number', description: 'Severity score (0-10)' }, }, required: ['target', 'type', 'severity', 'description'], }, }, async (params: any): Promise<ToolResult> => { try { const finding: Finding = { target: params.target, type: params.type, severity: params.severity, description: params.description, payload: params.payload, response: params.response, timestamp: new Date(), score: params.score || 0, }; const id = await saveFinding(finding); return formatToolResult(true, { id, finding }); } catch (error: any) { return formatToolResult(false, null, error.message); } } ); - src/tools/database.ts:18-34 (schema)Input schema for the db.save_finding tool, defining parameters like target, type, severity, etc.
inputSchema: { type: 'object', properties: { target: { type: 'string', description: 'Target URL or domain' }, type: { type: 'string', description: 'Vulnerability type' }, severity: { type: 'string', enum: ['low', 'medium', 'high', 'critical'], description: 'Severity level', }, description: { type: 'string', description: 'Finding description' }, payload: { type: 'string', description: 'Payload used' }, response: { type: 'string', description: 'Response data' }, score: { type: 'number', description: 'Severity score (0-10)' }, }, required: ['target', 'type', 'severity', 'description'], }, - src/integrations/postgres.ts:95-117 (helper)Helper function that performs the actual database insertion of the Finding into the Postgres 'findings' table and returns the generated ID.
export async function saveFinding(finding: Finding): Promise<number> { const client = await initPostgres().connect(); try { const result: QueryResult = await client.query( `INSERT INTO findings (target, type, severity, description, payload, response, score, timestamp) VALUES ($1, $2, $3, $4, $5, $6, $7, $8) RETURNING id`, [ finding.target, finding.type, finding.severity, finding.description, finding.payload || null, finding.response || null, finding.score || 0, finding.timestamp, ] ); return result.rows[0].id; } finally { client.release(); } } - src/types/index.ts:44-54 (schema)TypeScript interface defining the structure of a Finding object used by db.save_finding.
export interface Finding { id?: string; target: string; type: string; severity: 'low' | 'medium' | 'high' | 'critical'; description: string; payload?: string; response?: string; timestamp: Date; score?: number; }