Fixed prompts to be more optimized to Llama 3.1 and more general

Signed-off-by: Theodor Mihalache <tmihalac@tmihalac-thinkpadp1gen7.rmtusfl.csb>

Author: tmihalac

kustomize/base/exploit-iq-config.yml

@@ -67,6 +67,8 @@ functions:
     enable_functions_usage_search: true
   Function Locator:
     _type: package_and_function_locator
+  Function Library Version Finder:
+    _type: calling_function_library_version_finder
   Code Semantic Search:
     _type: local_vdb_retriever
     embedder_name: nim_embedder
@@ -98,6 +100,7 @@ functions:
       - Call Chain Analyzer
       - Function Caller Finder
       - Function Locator
+      - Function Library Version Finder
     max_concurrency: null
     max_iterations: 10
     prompt_examples: false
@@ -135,7 +138,7 @@ functions:
     # vex_format: csaf
   cve_http_output:
     _type: cve_http_output
-    url: CALLBACK_URL_PLACEHOLDER
+    url: https://exploit-iq-client.theodor-test.svc:8443
     endpoint: /api/v1/reports
     auth_type: bearer
     token_path: /var/run/secrets/kubernetes.io/serviceaccount/token

kustomize/config-http-openai-local.yml

@@ -83,6 +83,8 @@ functions:
      max_retries: 5
   Container Analysis Data:
     _type: container_image_analysis_data
+  Function Library Version Finder:
+    _type: calling_function_library_version_finder
   cve_agent_executor:
     _type: cve_agent_executor
     llm_name: cve_agent_executor_llm
@@ -94,6 +96,7 @@ functions:
       - Call Chain Analyzer
       - Function Caller Finder
       - Function Locator
+      - Function Library Version Finder
     max_concurrency: null
     max_iterations: 10
     prompt_examples: false

src/exploit_iq_commons/utils/functions_parsers/java_functions_parsers.py

@@ -1113,6 +1113,7 @@ def _process_call(start_idx: int, open_paren_pos: int) -> bool:
                     documents_of_functions=documents_of_functions,
                     callee_function_name=callee_function_name,
                     type_inheritance=type_inheritance,
+                    callee_declaring_fqcn=declaring_fqcn,
             ):
                 logger.debug(
                     "__check_identifier_resolved_to_callee_function_package resolved successfully - "
@@ -1160,6 +1161,7 @@ def _process_method_ref(dc_idx: int, ref_len: int, make_ctor: bool) -> bool:
                 documents_of_functions=documents_of_functions,
                 callee_function_name=callee_function_name,
                 type_inheritance=type_inheritance,
+                callee_declaring_fqcn=declaring_fqcn,
             )
 
         # ---------------------------
@@ -1214,7 +1216,8 @@ def __check_identifier_resolved_to_callee_function_package(
             target_class_names: frozenset[str],
             documents_of_functions: list[Document],
             callee_function_name: str,
-            type_inheritance: dict[Tuple[str, str], List[Tuple[str, str]]]
+            type_inheritance: dict[Tuple[str, str], List[Tuple[str, str]]],
+            callee_declaring_fqcn: str = "",
     ) -> bool:
         """
         Decide if the found call expression (`identifier_function`) in `function` actually targets
@@ -1658,16 +1661,28 @@ def _extract_ctor_type(expr: str) -> str:
                 if _type_matches_callee(iface_type):
                     return True
 
-            if recv_trim == 'super':
-                try:
-                    caller_inheritance_list = get_target_class_names(type_inheritance[(caller_fqcn, caller_src)])
-                except KeyError:
-                    caller_inheritance_list = []
-                for cand in caller_inheritance_list:
-                    if cand == caller_fqcn:
-                        continue
-                    if _type_token_matches_callee(cand):  # cand is already FQCN (CHANGED: fqcn-only)
-                        return True
+            if recv_trim == 'super' and callee_declaring_fqcn:
+                # Don't match super calls from root-package functions.
+                # super delegates to the parent's own implementation which is
+                # self-contained.  Allowing it at the app→dependency boundary
+                # lets the CCA's backtracking route through the entire
+                # dependency hierarchy via polymorphic dispatch, producing
+                # false-positive chains (e.g. handler.handle() hops).
+                if self.is_root_package(function):
+                    pass  # skip – super from app code is not a valid entry point
+                else:
+                    try:
+                        caller_inheritance = type_inheritance[(caller_fqcn, caller_src)]
+                    except KeyError:
+                        caller_inheritance = []
+                    # super resolves to the direct parent class only; match only if the
+                    # direct parent IS the callee's declaring class (exact match).
+                    for cand_fqcn, _cand_src in caller_inheritance:
+                        if cand_fqcn == caller_fqcn:
+                            continue
+                        if cand_fqcn == callee_declaring_fqcn or cand_fqcn == callee_declaring_fqcn.replace('$', '.'):
+                            return True
+                        break
 
             if recv_trim == 'this':
                 if caller_fqcn and _type_token_matches_callee(caller_fqcn):
@@ -1728,16 +1743,23 @@ def _extract_ctor_type(expr: str) -> str:
             if _type_matches_callee(iface_type):
                 return True
 
-        if recv_raw == 'super':
-            try:
-                caller_inheritance_list = get_target_class_names(type_inheritance[(caller_fqcn, caller_src)])
-            except KeyError:
-                caller_inheritance_list = []
-            for cand in caller_inheritance_list:
-                if cand == caller_fqcn:
-                    continue
-                if _type_token_matches_callee(cand):  # fqcn-only
-                    return True
+        if recv_raw == 'super' and callee_declaring_fqcn:
+            # Don't match super calls from root-package functions (see early-path comment).
+            if self.is_root_package(function):
+                pass  # skip
+            else:
+                try:
+                    caller_inheritance = type_inheritance[(caller_fqcn, caller_src)]
+                except KeyError:
+                    caller_inheritance = []
+                # super resolves to the direct parent class only; match only if the
+                # direct parent IS the callee's declaring class (exact match).
+                for cand_fqcn, _cand_src in caller_inheritance:
+                    if cand_fqcn == caller_fqcn:
+                        continue
+                    if cand_fqcn == callee_declaring_fqcn or cand_fqcn == callee_declaring_fqcn.replace('$', '.'):
+                        return True
+                    break
         elif recv_raw == 'this':
             if caller_fqcn and _type_token_matches_callee(caller_fqcn):
                 return True

src/exploit_iq_commons/utils/java_chain_of_calls_retriever.py

@@ -414,10 +414,10 @@ def get_relevant_documents(self, query: str) -> tuple[List[Document], bool]:
         return matching_documents, self.found_path
 
     def extract_from_query(self, query: str) -> tuple[str, str, str]:
-        (package_name, function) = tuple( query.splitlines()[0].strip('"\'').replace("#", ".").split(","))
+        (package_name, function) = tuple( query.splitlines()[0].strip('"\'\u2018\u2019\u201c\u201d').replace("#", ".").split(","))
 
         class_name = function.rpartition('.')[0]
-        method_name = function.rpartition('.')[2]
+        method_name = re.sub(r'\(.*\)$', '', function.rpartition('.')[2])
 
         if not class_name and self.is_java_fqcn(package_name):
             class_name = package_name

src/vuln_analysis/configs/config-http-nim.yml

@@ -56,6 +56,8 @@ functions:
     enable_functions_usage_search: true
   Function Locator:
     _type: package_and_function_locator
+  Function Library Version Finder:
+    _type: calling_function_library_version_finder
   Code Semantic Search:
     _type: local_vdb_retriever
     embedder_name: nim_embedder
@@ -87,6 +89,7 @@ functions:
       - Call Chain Analyzer
       - Function Caller Finder
       - Function Locator
+      - Function Library Version Finder
     max_concurrency: null
     max_iterations: 10
     prompt_examples: false

src/vuln_analysis/configs/config-http-openai.yml

@@ -63,6 +63,8 @@ functions:
     enable_functions_usage_search: true
   Function Locator:
     _type: package_and_function_locator
+  Function Library Version Finder:
+    _type: calling_function_library_version_finder
   Code Semantic Search:
     _type: local_vdb_retriever
     embedder_name: nim_embedder
@@ -94,6 +96,7 @@ functions:
       - Call Chain Analyzer
       - Function Caller Finder
       - Function Locator
+      - Function Library Version Finder
     max_concurrency: null
     max_iterations: 10
     prompt_examples: false

src/vuln_analysis/configs/config-tracing.yml

@@ -67,6 +67,8 @@ functions:
     enable_functions_usage_search: true
   Function Locator:
     _type: package_and_function_locator
+  Function Library Version Finder:
+    _type: calling_function_library_version_finder
   Code Semantic Search:
     _type: local_vdb_retriever
     embedder_name: nim_embedder
@@ -98,6 +100,7 @@ functions:
       - Call Chain Analyzer
       - Function Caller Finder
       - Function Locator
+      - Function Library Version Finder
     max_concurrency: null
     max_iterations: 10
     prompt_examples: false

src/vuln_analysis/configs/config.yml

@@ -60,6 +60,8 @@ functions:
      max_retries: 5
   Container Analysis Data:
     _type: container_image_analysis_data
+  Function Library Version Finder:
+    _type: calling_function_library_version_finder
   cve_agent_executor:
     _type: cve_agent_executor
     llm_name: cve_agent_executor_llm
@@ -68,6 +70,7 @@ functions:
       - Docs Semantic Search
       # - Code Keyword Search  # Uncomment to enable keyword search
       - CVE Web Search
+      - Function Library Version Finder
     max_concurrency: null
     max_iterations: 10
     prompt_examples: false

src/vuln_analysis/functions/cve_agent.py

@@ -88,13 +88,16 @@ async def _create_agent(config: CVEAgentExecutorToolConfig, builder: Builder,
                 (tool.name == ToolNames.FUNCTION_CALLER_FINDER and (not config.transitive_search_tool_enabled or
                                                                 state.code_index_path is None)) or
                 (tool.name == ToolNames.FUNCTION_LOCATOR and (not config.transitive_search_tool_enabled or
+                                                                state.code_index_path is None)) or
+                (tool.name == ToolNames.FUNCTION_LIBRARY_VERSION_FINDER and (not config.transitive_search_tool_enabled or
                                                                 state.code_index_path is None))
                 )
     ]
 
     tools = [
         tool for tool in tools
-        if not (tool.name == ToolNames.FUNCTION_CALLER_FINDER and state.original_input.input.image.ecosystem != Ecosystem.GO)
+        if not ((tool.name == ToolNames.FUNCTION_CALLER_FINDER and state.original_input.input.image.ecosystem != Ecosystem.GO) or
+                (tool.name == ToolNames.FUNCTION_LIBRARY_VERSION_FINDER and state.original_input.input.image.ecosystem != Ecosystem.JAVA))
     ]
     # Get tool names after filtering for dynamic guidance
     enabled_tool_names = [tool.name for tool in tools]

src/vuln_analysis/functions/cve_checklist.py

@@ -58,13 +58,14 @@ async def cve_checklist(config: CVEChecklistToolConfig, builder: Builder):
     agent_config = builder.get_function_config(config.agent_name)
     agent_tool_names = agent_config.tool_names if hasattr(agent_config, 'tool_names') else None
 
-    async def generate_checklist_for_cve(cve_intel):
+    async def generate_checklist_for_cve(cve_intel, ecosystem=None):
 
         checklist = await generate_checklist(prompt=config.prompt,
                                              llm=llm,
                                              input_dict=cve_intel,
                                              tool_names=agent_tool_names,
-                                             enable_llm_list_parsing=False)
+                                             enable_llm_list_parsing=False,
+                                             ecosystem=ecosystem)
 
         checklist = await _parse_list([checklist])
 
@@ -75,7 +76,15 @@ async def _arun(state: AgentMorpheusEngineState) -> AgentMorpheusEngineState:
         intel_df = data_utils.merge_intel_and_plugin_data_convert_to_dataframe(state.cve_intel)
         workflow_cve_intel = intel_df.to_dict(orient='records')
 
-        results = await asyncio.gather(*(generate_checklist_for_cve(cve_intel) for cve_intel in workflow_cve_intel))
+        # Extract ecosystem for ecosystem-aware example selection
+        ecosystem = None
+        if (state.original_input and state.original_input.input
+                and state.original_input.input.image
+                and state.original_input.input.image.ecosystem):
+            ecosystem = state.original_input.input.image.ecosystem.value
+
+        results = await asyncio.gather(*(generate_checklist_for_cve(cve_intel, ecosystem=ecosystem)
+                                         for cve_intel in workflow_cve_intel))
 
         state.checklist_plans = dict(results)
         return state