fix(cyclonedx): Avoid a NPE when clearing extensibleTypes

This is a fixup for 023dfb6 which started to conditionally set the `LicenseChoice`. If the condition is not met and `licenses` is `null`, do not try to clear `extensibleTypes` from them. Signed-off-by: Sebastian Schuberth <[email protected]>
oss-review-toolkit · Jul 16, 2024 · 433d817 · 433d817
1 parent 5bce86e
commit 433d817
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt b/plugins/reporters/cyclonedx/src/main/kotlin/CycloneDxReporter.kt
@@ -406,13 +406,15 @@ private fun generateBom(bom: Bom, schemaVersion: Version, fileExtension: String)
                     // Clear the "dependencyType".
                     component.extensibleTypes = null
 
-                    component.licenses.licenses.forEach { license ->
-                        // Clear the "origin".
-                        license.extensibleTypes = null
-                    }
+                    if (component.licenses?.licenses != null) {
+                        component.licenses.licenses.forEach { license ->
+                            // Clear the "origin".
+                            license.extensibleTypes = null
+                        }
 
-                    // Remove duplicates that may occur due to clearing the distinguishing extensive type.
-                    component.licenses.licenses = component.licenses.licenses.distinct()
+                        // Remove duplicates that may occur due to clearing the distinguishing extensive type.
+                        component.licenses.licenses = component.licenses.licenses.distinct()
+                    }
                 }
             }