The following pseudo code (Bash sciprt syntax) lists all search patterns and the query command used by the crawler for the six attack surfaces in evaluation.
The PATTERN of each attack surface is shown in the Python regex syntax. src is a command line tool provided by SourceGraph. In practice, the <QUERY> contains several statements written in GraphQL query language. It specifies what kinds of information should be returned from SourceGraph for the matched PATTERN, e.g., the project name, link, Github stars, etc.
# apachetar
"org\.apache\.commons\.compress\.archivers\.tar\."
# apachepoi
"org\.apache\.poi\.hssf\."
# itextpdf
"com\.itextpdf\.kernel\.pdf\."
# junrar
"com\.github\.junrar\."
# pdfbox
"org\.apache\.pdfbox\.pdmodel\."
# zip4j
"net\.lingala\.zip4j\."
export PATTERN="one of the above strings"
export SRC_ACCESS_TOKEN="your token"
export SRC_ENDPOINT=https://sourcegraph.com
src login
echo -e 'fragment FileMatchFields on FileMatch {\n\t\t\t\trepository {\n\t\t\t\t\tname\n\t\t\t\t\turl\n\t\t\t\tstars\n\t\t\t\t}\n\t\t\t\tfile {\n\t\t\t\t\tname\n\t\t\t\t\tpath\n\t\t\t\t\turl\n\t\t\t\t\tcontent\n\t\t\t\t\tcommit {\n\t\t\t\t\t\toid\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tlineMatches {\n\t\t\t\t\tpreview\n\t\t\t\t\tlineNumber\n\t\t\t\t\toffsetAndLengths\n\t\t\t\t\tlimitHit\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tfragment CommitSearchResultFields on CommitSearchResult {\n\t\t\t\tmessagePreview {\n\t\t\t\t\tvalue\n\t\t\t\t\thighlights{\n\t\t\t\t\t\tline\n\t\t\t\t\t\tcharacter\n\t\t\t\t\t\tlength\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tdiffPreview {\n\t\t\t\t\tvalue\n\t\t\t\t\thighlights {\n\t\t\t\t\t\tline\n\t\t\t\t\t\tcharacter\n\t\t\t\t\t\tlength\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tlabel {\n\t\t\t\t\thtml\n\t\t\t\t}\n\t\t\t\turl\n\t\t\t\tmatches {\n\t\t\t\t\turl\n\t\t\t\t\tbody {\n\t\t\t\t\t\thtml\n\t\t\t\t\t\ttext\n\t\t\t\t\t}\n\t\t\t\t\thighlights {\n\t\t\t\t\t\tcharacter\n\t\t\t\t\t\tline\n\t\t\t\t\t\tlength\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tcommit {\n\t\t\t\t\trepository {\n\t\t\t\t\t\tname\n\t\t\t\t\t}\n\t\t\t\t\toid\n\t\t\t\t\turl\n\t\t\t\t\tsubject\n\t\t\t\t\tauthor {\n\t\t\t\t\t\tdate\n\t\t\t\t\t\tperson {\n\t\t\t\t\t\t\tdisplayName\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t fragment RepositoryFields on Repository {\n\t\t\tname\n\t\t\turl\n\t\t\texternalURLs {\n\t\t\t serviceType\n\t\t\t url\n\t\t\t}\n\t\t\tlabel {\n\t\t\t\thtml\n\t\t\t}\n\t\t }\n\n\t\t query ($query: String!) {\n\t\t\tsite {\n\t\t\t\tbuildVersion\n\t\t\t}\n\t\t\tsearch(query: $query) {\n\t\t\t results {\n\t\t\t\tresults{\n\t\t\t\t __typename\n\t\t\t\t ... on FileMatch {\n\t\t\t\t\t...FileMatchFields\n\t\t\t\t }\n\t\t\t\t ... on CommitSearchResult {\n\t\t\t\t\t...CommitSearchResultFields\n\t\t\t\t }\n\t\t\t\t ... on Repository {\n\t\t\t\t\t...RepositoryFields\n\t\t\t\t }\n\t\t\t\t}\n\t\t\t\tlimitHit\n\t\t\t\tcloning {\n\t\t\t\t name\n\t\t\t\t}\n\t\t\t\tmissing {\n\t\t\t\t name\n\t\t\t\t}\n\t\t\t\ttimedout {\n\t\t\t\t name\n\t\t\t\t}\n\t\t\t\tresultCount\n\t\t\t\telapsedMilliseconds\n\t\t\t\t...SearchResultsAlertFields\n\t\t\t }\n\t\t\t}\n\t\t }\n\t\t\n\tfragment SearchResultsAlertFields on SearchResults {\n\t\talert {\n\t\t\ttitle\n\t\t\tdescription\n\t\t\tproposedQueries {\n\t\t\t\tdescription\n\t\t\t\tquery\n\t\t\t}\n\t\t}\n\t}' | src api -vars '{"query": "'${PATTERN}' language:java count:all patternType:regexp"}' > out.json