🎨 Resolve code duplication and circular dependency issues; fix specs

Signed-off-by: Peter H. Boling <[email protected]>

Author: pboling

features/help.feature

@@ -16,5 +16,6 @@ Scenario: Generate help on demand
           --include-metadata           Include metadata.tools identifying cyclonedx-ruby as the producer
           --enrich-components          Include bom-ref and publisher fields on components (uses purl and first author)
           --gem-server URL             Gem server URL to fetch gem metadata (default: https://gem.coop)
+          --validate                   Validate the BOM against CycloneDX schema (currently a no-op)
       -h, --help                       Show help message
   """

lib/cyclonedx/bom_builder.rb

@@ -75,6 +75,9 @@ def self.setup(path)
         opts.on('--gem-server URL', 'Gem server URL to fetch gem metadata (default: https://gem.coop)') do |gem_server|
           @options[:gem_server] = gem_server
         end
+        opts.on('--validate', 'Validate the BOM against CycloneDX schema (currently a no-op)') do
+          @options[:validate] = true
+        end
         opts.on_tail('-h', '--help', 'Show help message') do
           puts opts
           exit

lib/cyclonedx/bom_component.rb

@@ -1,7 +1,10 @@
 # frozen_string_literal: true
 
+require_relative 'field_accessor'
+
 module Cyclonedx
   class BomComponent
+
     DEFAULT_TYPE = 'library'
     HASH_ALG = 'SHA-256'
 
@@ -63,12 +66,9 @@ def hash_val(include_enrichment: false)
 
     private
 
+    # Safe accessor for Hash or OpenStruct-like objects
     def fetch(key)
-      if @gem.respond_to?(:[]) && @gem[key]
-        @gem[key]
-      elsif @gem.respond_to?(key)
-        @gem.public_send(key)
-      end
+      FieldAccessor._get(@gem, key)
     end
   end
 end

lib/cyclonedx/bom_helpers.rb

@@ -58,12 +58,9 @@ def tool_identity
     end
 
     # Safe accessor for Hash or OpenStruct-like objects
+    # Delegates to FieldAccessor to avoid code duplication
     def _get(obj, key)
-      if obj.respond_to?(:[]) && obj[key]
-        obj[key]
-      elsif obj.respond_to?(key)
-        obj.public_send(key)
-      end
+      FieldAccessor._get(obj, key)
     end
 
     def build_bom(gems, format, spec_version, include_metadata: false, include_enrichment: false)

lib/cyclonedx/field_accessor.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+# This file is part of CycloneDX Ruby Gem.
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+#
+
+module Cyclonedx
+  # Shared utility for safe field access from Hash or OpenStruct-like objects
+  module FieldAccessor
+    module_function
+
+    # Safe accessor for Hash or OpenStruct-like objects
+    def _get(obj, key)
+      if obj.respond_to?(:[]) && obj[key]
+        obj[key]
+      elsif obj.respond_to?(key)
+        obj.public_send(key)
+      end
+    end
+  end
+end
+

lib/cyclonedx/ruby.rb

@@ -14,8 +14,9 @@
 
 # This gem
 require_relative 'ruby/version'
-require_relative 'bom_component' # no dependencies
-require_relative 'bom_helpers' # depends on bom_component
+require_relative 'field_accessor' # shared utility with no dependencies
+require_relative 'bom_component' # depends on field_accessor
+require_relative 'bom_helpers' # depends on field_accessor and bom_component
 require_relative 'bom_builder' # depends on bom_helpers
 
 module Cyclonedx