From 0202bc11d4b13b2c571151884cea32000ab28d17 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 3 Dec 2016 17:39:57 -0500
Subject: [PATCH] null checking proposed by coverity

---
 .../org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
index 6c88d6f17..2a675353b 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java
@@ -248,7 +248,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
         //make a copy
         final List<Dependency> dependencySet = findMoreDependencies(engine, tmpDir);
 
-        if (!dependencySet.isEmpty()) {
+        if (dependencySet != null && !dependencySet.isEmpty()) {
             for (Dependency d : dependencySet) {
                 if (d.getFilePath().startsWith(tmpDir.getAbsolutePath())) {
                     //fix the dependency's display name and path
@@ -314,7 +314,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
                 dependency.setSha1sum("");
                 org.apache.commons.io.FileUtils.copyFile(dependency.getActualFile(), tmpLoc);
                 final List<Dependency> dependencySet = findMoreDependencies(engine, tmpLoc);
-                if (!dependencySet.isEmpty()) {
+                if (dependencySet != null && !dependencySet.isEmpty()) {
                     for (Dependency d : dependencySet) {
                         //fix the dependency's display name and path
                         if (d.getActualFile().equals(tmpLoc)) {