Skip to content

[Sprint 4] Implement Vulnerabilities API Module #70

New issue
New issue
Closed
#87
Closed
[Sprint 4] Implement Vulnerabilities API Module#70
#87
Labels
api-moduleenhancementNew feature or requesthigh-prioritysprint-4
@talltechy

Description

@talltechy
talltechy
opened on Oct 7, 2025

Overview

Implement comprehensive Vulnerabilities API module following v2.0 BaseAPI pattern for vulnerability discovery, analysis, and management.

Scope

  • Search and filter vulnerabilities
  • Get detailed vulnerability information
  • CVE and CVSS data retrieval
  • Affected assets for vulnerabilities
  • Exploit and malware kit associations
  • External references (CVE, OVAL, etc.)
  • Vulnerability checks and categories
  • Helper methods for common workflows
  • Integration with InsightVMClient
  • Comprehensive docstrings with type hints
  • Error handling
  • Unit tests (when test framework ready)

API Endpoints

  • GET /api/3/vulnerabilities - List vulnerabilities
  • GET /api/3/vulnerabilities/{id} - Get vulnerability details
  • GET /api/3/vulnerabilities/{id}/affected_assets - Get affected assets
  • GET /api/3/vulnerabilities/{id}/exploits - Get exploits
  • GET /api/3/vulnerabilities/{id}/malware_kits - Get malware kits
  • GET /api/3/vulnerabilities/{id}/references - Get references
  • GET /api/3/vulnerabilities/{id}/solutions - Get solutions
  • GET /api/3/vulnerability_categories - List categories
  • GET /api/3/vulnerability_categories/{id} - Get category
  • POST /api/3/vulnerabilities/search - Advanced search

Implementation Checklist

  • Create src/rapid7/api/vulnerabilities.py
  • Implement VulnerabilityAPI class extending BaseAPI
  • Add vulnerabilities sub-client to InsightVMClient
  • Create documentation in docs/VULNERABILITIES_API.md
  • Update Memory Bank (activeContext.md, progress.md)
  • Create feature branch: feature/issue-{number}-vulnerabilities-api

Key Features

  • Search & Filter: By severity, CVSS score, category, status
  • Risk Analysis: CVSS metrics, risk score, PCI severity
  • Exploit Data: Known exploits, malware kits, proof-of-concepts
  • Asset Impact: Find all assets affected by vulnerability
  • References: CVE, BID, OSVDB, MS bulletins
  • Helper Methods: search_by_severity(), get_critical(), get_exploitable()

Estimated Size

~600-700 lines of code

Definition of Done

  • VulnerabilityAPI module implemented with all endpoints
  • Integrated with InsightVMClient as client.vulnerabilities
  • Documented with usage examples
  • Memory Bank updated
  • PR created and ready for review

Related Issues

Replaces #55 (if exists) with more comprehensive implementation

References

  • Context7 API Documentation: /riza/rapid7-insightvm-api-docs
  • BaseAPI Pattern: src/rapid7/api/base.py
  • Similar Implementation: src/rapid7/api/assets.py

Metadata

Metadata

Assignees

No one assigned

    Labels

    api-moduleenhancementNew feature or requesthigh-prioritysprint-4

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions