From 8ed2c6b0c8326c10e4c247d7eccece1758be66ba Mon Sep 17 00:00:00 2001
From: Arthit Suriyawongkul <arthit@gmail.com>
Date: Mon, 16 Dec 2024 07:40:26 +0000
Subject: [PATCH 1/4] Check if getCreationInfo is null before access

Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
---
 .../spdx/tools/MatchingStandardLicenses.java  |  1 +
 src/main/java/org/spdx/tools/Verify.java      |  7 +++--
 .../org/spdx/tools/compare/CreatorSheet.java  | 22 ++++++++-------
 .../org/spdx/tools/compare/DocumentSheet.java | 27 ++++++++++++-------
 .../org/spdx/tools/compare/PackageSheet.java  |  6 ++++-
 5 files changed, 40 insertions(+), 23 deletions(-)

diff --git a/src/main/java/org/spdx/tools/MatchingStandardLicenses.java b/src/main/java/org/spdx/tools/MatchingStandardLicenses.java
index d47742d..9d0ddc2 100644
--- a/src/main/java/org/spdx/tools/MatchingStandardLicenses.java
+++ b/src/main/java/org/spdx/tools/MatchingStandardLicenses.java
@@ -53,6 +53,7 @@ public static void main(String[] args) {
 			usage();
 			System.exit(ERROR_STATUS);
 		}
+		@SuppressWarnings("null")
 		File textFile = new File(args[0]);
 
 		if (!textFile.exists()) {
diff --git a/src/main/java/org/spdx/tools/Verify.java b/src/main/java/org/spdx/tools/Verify.java
index 33d03ae..136dba3 100644
--- a/src/main/java/org/spdx/tools/Verify.java
+++ b/src/main/java/org/spdx/tools/Verify.java
@@ -86,7 +86,6 @@ public static void main(String[] args) {
 				fileType = SpdxToolsHelper.fileToFileType(new File(args[0]));
 			}
 			verify = verify(args[0], fileType);
-			
 		} catch (SpdxVerificationException e) {
 			System.out.println(e.getMessage());
 			System.exit(ERROR_STATUS);
@@ -95,9 +94,9 @@ public static void main(String[] args) {
 			System.exit(ERROR_STATUS);
 		}
 		// separate out the warning from errors
-		List<String> warnings = new ArrayList<>();
-		List<String> errors = new ArrayList<>();
-		for (String verifyMsg:verify) {
+		List<String> warnings = new ArrayList<String>();
+		List<String> errors = new ArrayList<String>();
+		for (String verifyMsg: verify) {
 			if (verifyMsg.contains(" is deprecated.")) {
 				warnings.add(verifyMsg);
 			} else {
diff --git a/src/main/java/org/spdx/tools/compare/CreatorSheet.java b/src/main/java/org/spdx/tools/compare/CreatorSheet.java
index d67783c..882760b 100644
--- a/src/main/java/org/spdx/tools/compare/CreatorSheet.java
+++ b/src/main/java/org/spdx/tools/compare/CreatorSheet.java
@@ -26,6 +26,7 @@
 import org.apache.poi.ss.usermodel.Sheet;
 import org.apache.poi.ss.usermodel.Workbook;
 import org.spdx.core.InvalidSPDXAnalysisException;
+import org.spdx.library.model.v2.SpdxCreatorInformation;
 import org.spdx.utility.compare.SpdxCompareException;
 import org.spdx.utility.compare.SpdxComparer;
 
@@ -90,17 +91,20 @@ public void importCompareResults(SpdxComparer comparer, List<String> docNames) t
 		for (int i = 0; i < comparer.getNumSpdxDocs(); i++) {
 			Cell headerCell = header.getCell(i);
 			headerCell.setCellValue(docNames.get(i));
-			String[] creators = comparer.getSpdxDoc(i).getCreationInfo().getCreators().toArray(new String[comparer.getSpdxDoc(i).getCreationInfo().getCreators().size()]);
-			Arrays.sort(creators);
-			for (int j = 0; j < creators.length; j++) {
-				Cell creatorCell = null;
-				while (j+1 > this.getNumDataRows()) {
-					this.addRow();
+			SpdxCreatorInformation creationInfo = comparer.getSpdxDoc(i).getCreationInfo();
+			if (creationInfo != null) {
+				String[] creators = creationInfo.getCreators().toArray(new String[creationInfo.getCreators().size()]);
+				Arrays.sort(creators);
+				for (int j = 0; j < creators.length; j++) {
+					Cell creatorCell = null;
+					while (j+1 > this.getNumDataRows()) {
+						this.addRow();
+					}
+					creatorCell = sheet.getRow(j+1).createCell(i);
+					creatorCell.setCellValue(creators[j]);
 				}
-				creatorCell = sheet.getRow(j+1).createCell(i);
-				creatorCell.setCellValue(creators[j]);
 			}
 		}
 	}
 
-}
\ No newline at end of file
+}
diff --git a/src/main/java/org/spdx/tools/compare/DocumentSheet.java b/src/main/java/org/spdx/tools/compare/DocumentSheet.java
index 8dc0e09..bcbb8d2 100644
--- a/src/main/java/org/spdx/tools/compare/DocumentSheet.java
+++ b/src/main/java/org/spdx/tools/compare/DocumentSheet.java
@@ -26,11 +26,12 @@
 import org.apache.poi.ss.usermodel.Sheet;
 import org.apache.poi.ss.usermodel.Workbook;
 import org.spdx.core.InvalidSPDXAnalysisException;
+import org.spdx.library.model.v2.SpdxCreatorInformation;
 import org.spdx.utility.compare.SpdxCompareException;
 import org.spdx.utility.compare.SpdxComparer;
 
 /**
- * Sheet to hold compare information at the docment level:
+ * Sheet to hold compare information at the document level:
  * 		Created, Data License, Document Comment
  * The first row summarizes which fields are different, the subsequent rows are the
  * specific date from each result
@@ -254,9 +255,12 @@ private void importLicenseListVersions(SpdxComparer comparer) throws SpdxCompare
 		// data rows
 		for (int i = 0; i < comparer.getNumSpdxDocs(); i++) {
 			cell = sheet.getRow(getFirstDataRow()+i+1).createCell(LICENSE_LIST_VERSION_COL);
-			Optional<String> licenseListVersion = comparer.getSpdxDoc(i).getCreationInfo().getLicenseListVersion();
-			if (licenseListVersion.isPresent()) {
-				cell.setCellValue(licenseListVersion.get());
+			SpdxCreatorInformation creationInfo = comparer.getSpdxDoc(i).getCreationInfo();
+			if (creationInfo != null) {
+				Optional<String> licenseListVersion = creationInfo.getLicenseListVersion();
+				if (licenseListVersion.isPresent()) {
+					cell.setCellValue(licenseListVersion.get());
+				}
 			}
 		}
 	}
@@ -340,11 +344,13 @@ private void importCreatorComment(SpdxComparer comparer) throws InvalidSPDXAnaly
 		// data rows
 		for (int i = 0; i < comparer.getNumSpdxDocs(); i++) {
 			cell = sheet.getRow(getFirstDataRow()+i+1).createCell(CREATOR_COMMENT_COL);
-			Optional<String> creatorComment = comparer.getSpdxDoc(i).getCreationInfo().getComment();
-			if (creatorComment.isPresent()) {
-				cell.setCellValue(creatorComment.get());
+			SpdxCreatorInformation creationInfo = comparer.getSpdxDoc(i).getCreationInfo();
+			if (creationInfo != null) {
+				Optional<String> creatorComment = creationInfo.getComment();
+				if (creatorComment.isPresent()) {
+					cell.setCellValue(creatorComment.get());
+				}
 			}
-			
 		}
 	}
 
@@ -364,7 +370,10 @@ private void importCreationDate(SpdxComparer comparer) throws InvalidSPDXAnalysi
 		// data rows
 		for (int i = 0; i < comparer.getNumSpdxDocs(); i++) {
 			cell = sheet.getRow(getFirstDataRow()+i+1).createCell(CREATION_DATE_COL);
-			cell.setCellValue(comparer.getSpdxDoc(i).getCreationInfo().getCreated());
+			SpdxCreatorInformation creationInfo = comparer.getSpdxDoc(i).getCreationInfo();
+			if (creationInfo != null) {
+				cell.setCellValue(creationInfo.getCreated());
+			}
 		}
 	}
 
diff --git a/src/main/java/org/spdx/tools/compare/PackageSheet.java b/src/main/java/org/spdx/tools/compare/PackageSheet.java
index 1fcdfb8..e0ac331 100644
--- a/src/main/java/org/spdx/tools/compare/PackageSheet.java
+++ b/src/main/java/org/spdx/tools/compare/PackageSheet.java
@@ -35,6 +35,7 @@
 import org.spdx.library.model.v2.SpdxDocument;
 import org.spdx.library.model.v2.SpdxPackage;
 import org.spdx.library.model.v2.SpdxPackageVerificationCode;
+import org.spdx.library.model.v2.license.AnyLicenseInfo;
 import org.spdx.utility.compare.SpdxCompareException;
 import org.spdx.utility.compare.SpdxComparer;
 import org.spdx.utility.compare.SpdxPackageComparer;
@@ -404,7 +405,10 @@ private void addPackageToSheet(SpdxPackageComparer comparer,
 				}
 				concludedLicenseRow.createCell(FIRST_DOC_COL+i).setCellValue(pkg.getLicenseConcluded().toString());
 				licenseInfosFromFilesRow.createCell(FIRST_DOC_COL+i).setCellValue(CompareHelper.licenseInfosToString(pkg.getLicenseInfoFromFiles()));
-				declaredLicenseRow.createCell(FIRST_DOC_COL+i).setCellValue(pkg.getLicenseDeclared().toString());
+				AnyLicenseInfo licenseDeclared = pkg.getLicenseDeclared();
+				if (licenseDeclared != null) {
+					declaredLicenseRow.createCell(FIRST_DOC_COL+i).setCellValue(licenseDeclared.toString());
+				}
 				Optional<String> licenseComments = pkg.getLicenseComments();
 				if (licenseComments.isPresent()) {
 					licenseCommentRow.createCell(FIRST_DOC_COL+i).setCellValue(licenseComments.get());

From cea9542e49a341766606a975a7b1112290a28426 Mon Sep 17 00:00:00 2001
From: Arthit Suriyawongkul <arthit@gmail.com>
Date: Mon, 16 Dec 2024 07:47:19 +0000
Subject: [PATCH 2/4] Fix small typo

Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
---
 src/main/java/org/spdx/tools/Verify.java     | 2 +-
 testResources/sourcefiles/DocumentSheet.java | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/spdx/tools/Verify.java b/src/main/java/org/spdx/tools/Verify.java
index 136dba3..39616bc 100644
--- a/src/main/java/org/spdx/tools/Verify.java
+++ b/src/main/java/org/spdx/tools/Verify.java
@@ -96,7 +96,7 @@ public static void main(String[] args) {
 		// separate out the warning from errors
 		List<String> warnings = new ArrayList<String>();
 		List<String> errors = new ArrayList<String>();
-		for (String verifyMsg: verify) {
+		for (String verifyMsg : verify) {
 			if (verifyMsg.contains(" is deprecated.")) {
 				warnings.add(verifyMsg);
 			} else {
diff --git a/testResources/sourcefiles/DocumentSheet.java b/testResources/sourcefiles/DocumentSheet.java
index defc8e1..0b9f378 100644
--- a/testResources/sourcefiles/DocumentSheet.java
+++ b/testResources/sourcefiles/DocumentSheet.java
@@ -29,7 +29,7 @@
 import org.spdx.utility.compare.SpdxComparer;
 
 /**
- * Sheet to hold compare information at the docment level:
+ * Sheet to hold compare information at the document level:
  * 		Created, Data License, Document Comment
  * The first row summarizes which fields are different, the subsequent rows are the
  * specific date from each result

From ffa00ad31634c936fd0ee36b1c2d1cb0d5634581 Mon Sep 17 00:00:00 2001
From: Arthit Suriyawongkul <arthit@gmail.com>
Date: Tue, 17 Dec 2024 04:43:23 +0000
Subject: [PATCH 3/4] Update src/main/java/org/spdx/tools/Verify.java

Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>
Co-Authored-By: Gary O'Neall <gary@sourceauditor.com>
---
 src/main/java/org/spdx/tools/Verify.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/spdx/tools/Verify.java b/src/main/java/org/spdx/tools/Verify.java
index 39616bc..abb0dd1 100644
--- a/src/main/java/org/spdx/tools/Verify.java
+++ b/src/main/java/org/spdx/tools/Verify.java
@@ -94,7 +94,7 @@ public static void main(String[] args) {
 			System.exit(ERROR_STATUS);
 		}
 		// separate out the warning from errors
-		List<String> warnings = new ArrayList<String>();
+		List<String> warnings = new ArrayList<>();
 		List<String> errors = new ArrayList<String>();
 		for (String verifyMsg : verify) {
 			if (verifyMsg.contains(" is deprecated.")) {

From ee88fc7dd7b42c5e2104f143c1078f099f3410ab Mon Sep 17 00:00:00 2001
From: Arthit Suriyawongkul <arthit@gmail.com>
Date: Tue, 17 Dec 2024 04:46:41 +0000
Subject: [PATCH 4/4] Update src/main/java/org/spdx/tools/Verify.java

Signed-off-by: Arthit Suriyawongkul <arthit@gmail.com>

Co-authored-by: Gary O'Neall <gary@sourceauditor.com>
---
 src/main/java/org/spdx/tools/Verify.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/spdx/tools/Verify.java b/src/main/java/org/spdx/tools/Verify.java
index abb0dd1..84b9a59 100644
--- a/src/main/java/org/spdx/tools/Verify.java
+++ b/src/main/java/org/spdx/tools/Verify.java
@@ -95,7 +95,7 @@ public static void main(String[] args) {
 		}
 		// separate out the warning from errors
 		List<String> warnings = new ArrayList<>();
-		List<String> errors = new ArrayList<String>();
+		List<String> errors = new ArrayList<>();
 		for (String verifyMsg : verify) {
 			if (verifyMsg.contains(" is deprecated.")) {
 				warnings.add(verifyMsg);