参考:https://sumsec.me/2022/CodeQL-Usage-Tricks.html#CodeQL with SCA

https://www.yuque.com/loulan-b47wt/rc30f7/ll3a4z

实操

  1. import java
  2. import semmle.code.java.DependencyCounts
  4. predicate jarDependencyCount(int total, string entity) {
  5.   exists(JarFile targetJar, string jarStem |
  6.     jarStem = targetJar.getStem() and
  7.     jarStem != "rt"
  8.   |
  9.     total =
  10.       sum(RefType r, RefType dep, int num |
  11.         r.fromSource() and
  12.         not dep.fromSource() and
  13.         dep.getFile().getParentContainer*() = targetJar and
  14.         numDepends(r, dep, num)
  15.       |
  16.         num
  17.       ) and
  18.     entity = jarStem
  19.   )
  20. }
  22. from string name, int ndeps
  23. where jarDependencyCount(ndeps, name)
  24. select name, ndeps order by ndeps desc

CodeQL With SCA - 图1