github-codeql/java/ql/src/Telemetry/ExternalLibraryUsage.ql at dependabot/github_actions/github/codeql-action-main · DEVBOX10/github-codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
/**
 * @name External libraries
 * @description A list of external libraries used in the code
 * @kind metric
 * @tags summary telemetry
 * @id java/telemetry/external-libs
 */

import java
import ExternalApi

private predicate getRelevantUsages(string jarname, int usages) {
  usages =
    strictcount(Call c, ExternalApi a |
      c.getCallee().getSourceDeclaration() = a and
      not c.getFile() instanceof GeneratedFile and
      a.jarContainer() = jarname
    )
}

private int getOrder(string jarname) {
  jarname =
    rank[result](string jar, int usages |
      getRelevantUsages(jar, usages)
    |
      jar order by usages desc, jar
    )
}

from ExternalApi api, string jarname, int usages
where
  jarname = api.jarContainer() and
  getRelevantUsages(jarname, usages) and
  getOrder(jarname) <= resultLimit()
select jarname, usages order by usages desc