Introduce query to capture external libraries

2026-04-25 16:55:19 +02:00 · 2021-07-28 13:19:40 +02:00
parent 32f52ac30d
commit b9f6b60c4d
3 changed files with 57 additions and 1 deletions
--- a/java/ql/src/Telemetry/ExternalLibraryUsage.ql
+++ b/java/ql/src/Telemetry/ExternalLibraryUsage.ql
@@ -0,0 +1,16 @@
+/**
+ * @name External libraries
+ * @description A list of external libraries used in the code
+ * @id java/telemetry/external-libs
+ */
+
+import java
+import ExternalAPI
+
+from ExternalAPI api
+where not api.getDeclaringType() instanceof TestLibrary
+// TODO [bm]: the count is not aggregated and we have the same jar with multiple usages, e.g.
+// 1	protobuf-java-3.17.3.jar	373
+// 2	protobuf-java-3.17.3.jar	48
+select api.jarName() as jarname, count(Call c | c.getCallee() = api) as Usages
+order by Usages desc