microsoft
diff --git a/‎src/Microsoft.Sbom.Parsers.Spdx30SbomParser/Parser/SPDX30Parser.cs‎
Lines changed: 5 additions & 6 deletions b/‎src/Microsoft.Sbom.Parsers.Spdx30SbomParser/Parser/SPDX30Parser.cs‎
Lines changed: 5 additions & 6 deletions
@@ -41,10 +41,9 @@ public class SPDX30Parser : ISbomParser
     {
         "SpdxDocument",
         "File",
-        "Package",
     };
 
-    private IReadOnlyCollection<string>? entitiesToEnforceComplianceStandardsFor;
+    private IReadOnlyCollection<string>? entititesRequiringDeserializationWithNTIA;
     private SpdxMetadata metadata = new SpdxMetadata();
     private readonly LargeJsonParser parser;
     private readonly IList<string> observedFieldNames = new List<string>();
@@ -161,7 +160,7 @@ public void SetComplianceStandard(string? complianceStandardFromCli)
             {
                 case ComplianceStandard.NTIA:
                     RequiredComplianceStandard = complianceStandardAsEnum;
-                    entitiesToEnforceComplianceStandardsFor = EntitiesWithDifferentNTIARequirements;
+                    entititesRequiringDeserializationWithNTIA = EntitiesWithDifferentNTIARequirements;
                     break;
                 default:
                     break;
@@ -262,7 +261,7 @@ private Type GetEntityType(JsonObject jsonObject, ComplianceStandard? requiredCo
         switch (requiredComplianceStandard)
         {
             case ComplianceStandard.NTIA:
-                if (this.entitiesToEnforceComplianceStandardsFor?.Contains(entityType) == true)
+                if (this.entititesRequiringDeserializationWithNTIA?.Contains(entityType) == true)
                 {
                     entityType = "NTIA" + entityType;
                 }
@@ -337,10 +336,10 @@ private void ValidateSbomPackagesForNTIA(List<Element> elementsList)
         {
             var packageSpdxId = packageElement.SpdxId;
 
-            var packageHasSha256Hash = packageElement.VerifiedUsing.
+            var packageHasSha256Hash = packageElement.VerifiedUsing?.
                 Any(packageVerificationCode => packageVerificationCode.Algorithm == HashAlgorithm.sha256);
 
-            if (!packageHasSha256Hash)
+            if (packageHasSha256Hash is null || packageHasSha256Hash == false)
             {
                 throw new ParserException($"SBOM document is not NTIA compliant because package with SPDX ID {packageSpdxId} does not have a SHA256 hash.");
             }
Original file line number	Diff line number	Diff line change
`@@ -41,10 +41,9 @@ public class SPDX30Parser : ISbomParser`
`41`	`41`	`{`
`42`	`42`	`"SpdxDocument",`
`43`	`43`	`"File",`
`44`		`- "Package",`
`45`	`44`	`};`
`46`	`45`
`47`		`- private IReadOnlyCollection<string>? entitiesToEnforceComplianceStandardsFor;`
	`46`	`+ private IReadOnlyCollection<string>? entititesRequiringDeserializationWithNTIA;`
`48`	`47`	`private SpdxMetadata metadata = new SpdxMetadata();`
`49`	`48`	`private readonly LargeJsonParser parser;`
`50`	`49`	`private readonly IList<string> observedFieldNames = new List<string>();`
`@@ -161,7 +160,7 @@ public void SetComplianceStandard(string? complianceStandardFromCli)`
`161`	`160`	`{`
`162`	`161`	`case ComplianceStandard.NTIA:`
`163`	`162`	`RequiredComplianceStandard = complianceStandardAsEnum;`
`164`		`- entitiesToEnforceComplianceStandardsFor = EntitiesWithDifferentNTIARequirements;`
	`163`	`+ entititesRequiringDeserializationWithNTIA = EntitiesWithDifferentNTIARequirements;`
`165`	`164`	`break;`
`166`	`165`	`default:`
`167`	`166`	`break;`
`@@ -262,7 +261,7 @@ private Type GetEntityType(JsonObject jsonObject, ComplianceStandard? requiredCo`
`262`	`261`	`switch (requiredComplianceStandard)`
`263`	`262`	`{`
`264`	`263`	`case ComplianceStandard.NTIA:`
`265`		`- if (this.entitiesToEnforceComplianceStandardsFor?.Contains(entityType) == true)`
	`264`	`+ if (this.entititesRequiringDeserializationWithNTIA?.Contains(entityType) == true)`
`266`	`265`	`{`
`267`	`266`	`entityType = "NTIA" + entityType;`
`268`	`267`	`}`
`@@ -337,10 +336,10 @@ private void ValidateSbomPackagesForNTIA(List<Element> elementsList)`
`337`	`336`	`{`
`338`	`337`	`var packageSpdxId = packageElement.SpdxId;`
`339`	`338`
`340`		`- var packageHasSha256Hash = packageElement.VerifiedUsing.`
	`339`	`+ var packageHasSha256Hash = packageElement.VerifiedUsing?.`
`341`	`340`	`Any(packageVerificationCode => packageVerificationCode.Algorithm == HashAlgorithm.sha256);`
`342`	`341`
`343`		`- if (!packageHasSha256Hash)`
	`342`	`+ if (packageHasSha256Hash is null \|\| packageHasSha256Hash == false)`
`344`	`343`	`{`
`345`	`344`	`throw new ParserException($"SBOM document is not NTIA compliant because package with SPDX ID {packageSpdxId} does not have a SHA256 hash.");`
`346`	`345`	`}`