CycloneDX · nscuro · Mar 12, 2025 · Mar 12, 2025
@@ -19,6 +19,7 @@
 package org.cyclonedx.util;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.io.IOUtils;
 import org.cyclonedx.model.License;
 import org.cyclonedx.model.LicenseChoice;
@@ -111,7 +112,7 @@ private static LicenseChoice resolveLicenseString(String licenseString, LicenseT
           licenses = mapper.readValue(is, LicenseList.class);        
         }
 
-        if (licenses != null && licenses.licenses != null && !licenses.licenses.isEmpty()) {
+        if (licenses != null && CollectionUtils.isNotEmpty(licenses.licenses)) {
             for (LicenseDetail licenseDetail : licenses.licenses) {
 
                 final String primaryLicenseUrl = (licenseDetail.seeAlso != null && !licenseDetail.seeAlso.isEmpty()) ? licenseDetail.seeAlso.get(0) : null;
@@ -162,7 +163,7 @@ private static LicenseChoice resolveFuzzyMatching(final String licenseString, fi
 
         if (mappings != null) {
             for (final SpdxLicenseMapping licenseMapping : mappings) {
-                if (licenseMapping.names != null && !licenseMapping.names.isEmpty()) {
+                if (CollectionUtils.isNotEmpty(licenseMapping.names)) {
                     for (final String name : licenseMapping.names) {
                         if (licenseString.equalsIgnoreCase(name)) {
                             if (licenseMapping.exp.startsWith("(") && licenseMapping.exp.endsWith(")")) {

@@ -18,6 +18,7 @@
  */
 package org.cyclonedx.util;
 
+import org.apache.commons.collections4.CollectionUtils;
 import org.cyclonedx.model.Bom;
 import org.cyclonedx.model.Component;
 import org.cyclonedx.model.Service;
@@ -102,7 +103,7 @@ private static Component findComponent(final List<Component> components, final S
         for (final Component component: components) {
             if (bomRef.equals(component.getBomRef())) {
                 return component;
-            } else if (component.getComponents() != null) {
+            } else if (CollectionUtils.isNotEmpty(component.getComponents())) {
                 final Component child = findComponent(component.getComponents(), bomRef);
                 if (child != null) return child;
             }
@@ -115,7 +116,7 @@ private static Service findService(final List<Service> services, final String bo
         for (final Service service: services) {
             if (bomRef.equals(service.getBomRef())) {
                 return service;
-            } else if (service.getServices() != null) {
+            } else if (CollectionUtils.isNotEmpty(service.getServices())) {
                 final Service child = findService(service.getServices(), bomRef);
                 if (child != null) return child;
             }

@@ -28,6 +28,7 @@
 import com.fasterxml.jackson.databind.SerializerProvider;
 import com.fasterxml.jackson.databind.ser.std.StdSerializer;
 import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator;
+import org.apache.commons.collections4.CollectionUtils;
 import org.cyclonedx.model.Attribute;
 import org.cyclonedx.model.ExtensibleType;
 
@@ -52,9 +53,9 @@ public void serialize(
     final ToXmlGenerator toXmlGenerator = (ToXmlGenerator) generator;
     final XMLStreamWriter staxWriter = toXmlGenerator.getStaxWriter();
     try {
-      if (extensibleTypes != null && !extensibleTypes.isEmpty()) {
+      if (CollectionUtils.isNotEmpty(extensibleTypes)) {
         for (ExtensibleType ext : extensibleTypes) {
-          if (ext.getAttributes() != null && !ext.getAttributes().isEmpty()) {
+          if (CollectionUtils.isNotEmpty(ext.getAttributes())) {
             Attribute xmlNS = ext.getAttributes().stream()
                 .filter(a -> a.getKey().contains(XMLNS))
                 .findAny()
@@ -71,7 +72,7 @@ public void serialize(
             staxWriter.writeStartElement(ext.getNamespace(), ext.getName(), "http://www.w3.org/1999/xhtml");
           }
 
-          if (ext.getExtensibleTypes() != null && !ext.getExtensibleTypes().isEmpty()) {
+          if (CollectionUtils.isNotEmpty(ext.getExtensibleTypes())) {
             serialize(ext.getExtensibleTypes(), generator, provider);
           }
           if (ext.getValue() != null) {

@@ -27,6 +27,7 @@
 import com.fasterxml.jackson.databind.SerializerProvider;
 import com.fasterxml.jackson.databind.ser.std.StdSerializer;
 import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator;
+import org.apache.commons.collections4.CollectionUtils;
 import org.cyclonedx.model.ExtensibleType;
 import org.cyclonedx.model.Extension;
 import org.cyclonedx.model.Extension.ExtensionType;
@@ -91,7 +92,7 @@ private void serializeVulnerabilities(final ToXmlGenerator gen, final Extension
   private void processAdvisories(final XMLStreamWriter staxWriter, final Vulnerability10 vuln)
       throws XMLStreamException
   {
-    if (vuln.getAdvisories() != null && !vuln.getAdvisories().isEmpty()) {
+    if (CollectionUtils.isNotEmpty(vuln.getAdvisories())) {
       staxWriter.writeStartElement(Vulnerability10.PREFIX, Vulnerability10.ADVISORIES, Vulnerability10.NAMESPACE_URI);
       for (Advisory a : vuln.getAdvisories()) {
         generateTextNode(staxWriter, Vulnerability10.ADVISORY, a.getText(), Vulnerability10.NAMESPACE_URI, Vulnerability10.PREFIX);
@@ -103,7 +104,7 @@ private void processAdvisories(final XMLStreamWriter staxWriter, final Vulnerabi
   private void processRecommendations(final XMLStreamWriter staxWriter, final Vulnerability10 vuln)
       throws XMLStreamException
   {
-    if (vuln.getRecommendations() != null && !vuln.getRecommendations().isEmpty()) {
+    if (CollectionUtils.isNotEmpty(vuln.getRecommendations())) {
       staxWriter.writeStartElement(Vulnerability10.PREFIX, Vulnerability10.RECOMMENDATIONS, Vulnerability10.NAMESPACE_URI);
       for (Recommendation r : vuln.getRecommendations()) {
         generateTextNode(staxWriter, Vulnerability10.RECOMMENDATION, r.getText(), Vulnerability10.NAMESPACE_URI, Vulnerability10.PREFIX);
@@ -115,7 +116,7 @@ private void processRecommendations(final XMLStreamWriter staxWriter, final Vuln
   private void processCwes(final XMLStreamWriter staxWriter, final Vulnerability10 vuln)
       throws XMLStreamException
   {
-    if (vuln.getCwes() != null && !vuln.getCwes().isEmpty()) {
+    if (CollectionUtils.isNotEmpty(vuln.getCwes())) {
       staxWriter.writeStartElement(Vulnerability10.PREFIX, Vulnerability10.CWES, Vulnerability10.NAMESPACE_URI);
       for (Cwe c : vuln.getCwes()) {
         generateTextNodeFromNumber(staxWriter, Vulnerability10.CWE, c.getText(), Vulnerability10.NAMESPACE_URI, Vulnerability10.PREFIX);
@@ -141,7 +142,7 @@ private void processSource(final XMLStreamWriter staxWriter, final Vulnerability
   private void processRatings(final XMLStreamWriter staxWriter, final Vulnerability10 vuln)
       throws XMLStreamException
   {
-    if (vuln.getRatings() != null && !vuln.getRatings().isEmpty()) {
+    if (CollectionUtils.isNotEmpty(vuln.getRatings())) {
       staxWriter.writeStartElement(Vulnerability10.PREFIX, Vulnerability10.RATINGS, Vulnerability10.NAMESPACE_URI);
       for (Rating r : vuln.getRatings()) {
         staxWriter.writeStartElement(Vulnerability10.PREFIX, Vulnerability10.RATING, Vulnerability10.NAMESPACE_URI);

@@ -6,6 +6,7 @@
 import com.fasterxml.jackson.databind.SerializerProvider;
 import com.fasterxml.jackson.databind.ser.std.StdSerializer;
 import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator;
+import org.apache.commons.collections4.CollectionUtils;
 import org.cyclonedx.model.formulation.common.InputType;
 
 public class InputTypeSerializer
@@ -42,7 +43,7 @@ private void createInputChoice(final InputType input, final JsonGenerator jsonGe
       jsonGenerator.writeFieldName("resource");
       jsonGenerator.writeObject(input.getResource());
     }
-    else if (input.getParameters() != null && !input.getParameters().isEmpty()) {
+    else if (CollectionUtils.isNotEmpty(input.getParameters())) {
       jsonGenerator.writeFieldName("parameters");
       jsonGenerator.writeObject(input.getParameters());
     }

@@ -6,6 +6,7 @@
 import com.fasterxml.jackson.databind.SerializerProvider;
 import com.fasterxml.jackson.databind.ser.std.StdSerializer;
 import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator;
+import org.apache.commons.collections4.CollectionUtils;
 import org.cyclonedx.model.formulation.common.OutputType;
 
 public class OutputTypeSerializer
@@ -86,7 +87,7 @@ else if (output.getData() != null) {
       xmlGenerator.writeFieldName("target");
       xmlGenerator.writeObject(output.getTarget());
     }
-    if (output.getProperties() != null) {
+    if (CollectionUtils.isNotEmpty(output.getProperties())) {
       xmlGenerator.writeFieldName("properties");
       xmlGenerator.writeObject( output.getProperties());
     }

@@ -24,6 +24,7 @@
 import java.util.List;
 import java.util.Objects;
 
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.io.IOUtils;
 import org.cyclonedx.Version;
 import org.cyclonedx.exception.ParseException;
@@ -333,7 +334,7 @@ private void assertInputData(InputType inputType) {
       assertNull(inputType.getData());
       assertNull(inputType.getEnvironmentVars());
     }
-    else if (inputType.getParameters() != null) {
+    else if (CollectionUtils.isNotEmpty(inputType.getParameters())) {
       assertNull(inputType.getResource());
       assertNull(inputType.getData());
       assertNull(inputType.getEnvironmentVars());
@@ -426,7 +427,7 @@ private void assertCommands(List<Command> commands) {
   }
 
   private void assertProperties(List<Property> properties) {
-    if (properties != null) {
+    if (CollectionUtils.isNotEmpty(properties)) {
       Property property = properties.get(0);
       assertNotNull(property.getName());
       assertNotNull(property.getValue());