add json format support

Signed-off-by: Jeffrey Zhang <[email protected]>

Author: jeffreysfllo24

cyclonedx-ruby.gemspec

@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
   spec.description = 'CycloneDX is a lightweight software bill-of-material (SBOM) specification designed for use in application security contexts and supply chain component analysis. This Gem generates CycloneDX BOMs from Ruby projects.'
   spec.authors     = ['Joseph Kobti', 'Steve Springett']
   spec.email       = '[email protected]'
-  spec.files       = ['lib/bom_builder.rb', 'lib/bom_helpers.rb', 'lib/licenses.json']
+  spec.files       = ['lib/bom_builder.rb', 'lib/bom_helpers.rb', 'lib/licenses.json', 'lib/bom_component.rb']
   spec.homepage    = 'https://github.com/CycloneDX/cyclonedx-ruby-gem'
   spec.license     = 'Apache-2.0'
   spec.executables << 'cyclonedx-ruby'

lib/bom_component.rb

@@ -0,0 +1,45 @@
+
+class BomComponent
+  DEFAULT_TYPE = "library".freeze
+  HASH_ALG = 'SHA-256'.freeze
+
+  def initialize(gem)
+    @name = gem['name']
+    @version = gem['version']
+    @description = gem['description']
+    @hash = gem['hash']
+    @purl = gem['purl']
+    @gem = gem
+  end
+
+  def hash_val
+    component_hash = {
+      "type": DEFAULT_TYPE,
+      "name": @name,
+      "version": @version,
+      "description": @description,
+      "purl": @purl,
+      "hashes": [
+          "alg": HASH_ALG,
+          "content": @hash
+      ]
+    }
+
+    if @gem['license_id']
+      component_hash[:"licenses"] = [
+        "license": {
+          "id": @gem['license_id']
+        }
+      ]
+    elsif @gem['license_name']
+      component_hash[:"licenses"] = [
+        "license": {
+          "name": @gem['license_name']
+        }
+      ]
+    end
+
+    [component_hash]
+
+  end
+end

lib/bom_helpers.rb

@@ -21,6 +21,9 @@
 # Copyright (c) OWASP Foundation. All Rights Reserved.
 #
 # frozen_string_literal: true
+
+require_relative 'bom_component'
+
 def purl(name, version)
   "pkg:gem/#{name}@#{version}"
 end
@@ -30,6 +33,30 @@ def random_urn_uuid
 end
 
 def build_bom(gems, format)
+  if format == 'json'
+    build_json_bom(gems)
+  else
+    build_bom_xml(gems)
+  end
+end
+
+def build_json_bom(gems)
+  bom_hash = {
+    "bomFormat": "CycloneDX",
+    "specVersion": "1.1",
+    "serialNumber": random_urn_uuid,
+    "version": 1,
+    "components": []
+  }
+
+  gems.each do |gem|
+    bom_hash[:components] += BomComponent.new(gem).hash_val()
+  end
+
+  JSON.pretty_generate(bom_hash)
+end
+
+def build_bom_xml(gems)
   builder = Nokogiri::XML::Builder.new(encoding: 'UTF-8') do |xml|
     attributes = { 'xmlns' => 'http://cyclonedx.org/schema/bom/1.1', 'version' => '1', 'serialNumber' => random_urn_uuid }
     xml.bom(attributes) do
@@ -62,15 +89,7 @@ def build_bom(gems, format)
     end
   end
 
-  xml = builder.to_xml
-
-  # Format verified to be either xml (default) or json in setup
-  if format == 'json'
-    JSON.pretty_generate(Hash.from_xml(xml))
-  else
-    xml
-  end
-
+  builder.to_xml
 end
 
 def get_gem(name, version)