[ViewVC] Diff of: cvs/CBOR-XS/XS.pm

Comparing CBOR-XS/XS.pm (file contents):
Revision 1.19 by root, Wed Nov 20 01:09:46 2013 UTC vs.
Revision 1.79 by root, Fri Dec 11 06:03:40 2020 UTC

…		…
26	substr $many_cbor_strings, 0, $length, ""; # remove decoded cbor string	26	substr $many_cbor_strings, 0, $length, ""; # remove decoded cbor string
27	}	27	}
28		28
29	=head1 DESCRIPTION	29	=head1 DESCRIPTION
30		30
31	WARNING! This module is very new, and not very well tested (that's up to
32	you to do). Furthermore, details of the implementation might change freely
33	before version 1.0. And lastly, the object serialisation protocol depends
34	on a pending IANA assignment, and until that assignment is official, this
35	implementation is not interoperable with other implementations (even
36	future versions of this module) until the assignment is done.
37
38	You are still invited to try out CBOR, and this module.
39
40	This module converts Perl data structures to the Concise Binary Object	31	This module converts Perl data structures to the Concise Binary Object
41	Representation (CBOR) and vice versa. CBOR is a fast binary serialisation	32	Representation (CBOR) and vice versa. CBOR is a fast binary serialisation
42	format that aims to use a superset of the JSON data model, i.e. when you	33	format that aims to use an (almost) superset of the JSON data model, i.e.
43	can represent something in JSON, you should be able to represent it in	34	when you can represent something useful in JSON, you should be able to
44	CBOR.	35	represent it in CBOR.
45		36
46	In short, CBOR is a faster and very compact binary alternative to JSON,	37	In short, CBOR is a faster and quite compact binary alternative to JSON,
47	with the added ability of supporting serialisation of Perl objects. (JSON	38	with the added ability of supporting serialisation of Perl objects. (JSON
48	often compresses better than CBOR though, so if you plan to compress the	39	often compresses better than CBOR though, so if you plan to compress the
49	data later you might want to compare both formats first).	40	data later and speed is less important you might want to compare both
		41	formats first).
		42
		43	The primary goal of this module is to be I<correct> and the secondary goal
		44	is to be I<fast>. To reach the latter goal it was written in C.
50		45
51	To give you a general idea about speed, with texts in the megabyte range,	46	To give you a general idea about speed, with texts in the megabyte range,
52	C<CBOR::XS> usually encodes roughly twice as fast as L<Storable> or	47	C<CBOR::XS> usually encodes roughly twice as fast as L<Storable> or
53	L<JSON::XS> and decodes about 15%-30% faster than those. The shorter the	48	L<JSON::XS> and decodes about 15%-30% faster than those. The shorter the
54	data, the worse L<Storable> performs in comparison.	49	data, the worse L<Storable> performs in comparison.
55		50
56	As for compactness, C<CBOR::XS> encoded data structures are usually about	51	Regarding compactness, C<CBOR::XS>-encoded data structures are usually
57	20% smaller than the same data encoded as (compact) JSON or L<Storable>.	52	about 20% smaller than the same data encoded as (compact) JSON or
		53	L<Storable>.
58		54
59	The primary goal of this module is to be I<correct> and the secondary goal	55	In addition to the core CBOR data format, this module implements a
60	is to be I<fast>. To reach the latter goal it was written in C.	56	number of extensions, to support cyclic and shared data structures
		57	(see C<allow_sharing> and C<allow_cycles>), string deduplication (see
		58	C<pack_strings>) and scalar references (always enabled).
61		59
62	See MAPPING, below, on how CBOR::XS maps perl values to CBOR values and	60	See MAPPING, below, on how CBOR::XS maps perl values to CBOR values and
63	vice versa.	61	vice versa.
64		62
65	=cut	63	=cut
66		64
67	package CBOR::XS;	65	package CBOR::XS;
68		66
69	use common::sense;	67	use common::sense;
70		68
71	our $VERSION = 0.08;	69	our $VERSION = 1.83;
72	our @ISA = qw(Exporter);	70	our @ISA = qw(Exporter);
73		71
74	our @EXPORT = qw(encode_cbor decode_cbor);	72	our @EXPORT = qw(encode_cbor decode_cbor);
75		73
76	use Exporter;	74	use Exporter;
…		…
113	strings. All boolean flags described below are by default I<disabled>.	111	strings. All boolean flags described below are by default I<disabled>.
114		112
115	The mutators for flags all return the CBOR object again and thus calls can	113	The mutators for flags all return the CBOR object again and thus calls can
116	be chained:	114	be chained:
117		115
118	#TODO
119	my $cbor = CBOR::XS->new->encode ({a => [1,2]});	116	my $cbor = CBOR::XS->new->encode ({a => [1,2]});
		117
		118	=item $cbor = new_safe CBOR::XS
		119
		120	Create a new, safe/secure CBOR::XS object. This is similar to C<new>,
		121	but configures the coder object to be safe to use with untrusted
		122	data. Currently, this is equivalent to:
		123
		124	my $cbor = CBOR::XS
		125	->new
		126	->forbid_objects
		127	->filter (\&CBOR::XS::safe_filter)
		128	->max_size (1e8);
		129
		130	But is more future proof (it is better to crash because of a change than
		131	to be exploited in other ways).
		132
		133	=cut
		134
		135	sub new_safe {
		136	CBOR::XS
		137	->new
		138	->forbid_objects
		139	->filter (\&CBOR::XS::safe_filter)
		140	->max_size (1e8)
		141	}
120		142
121	=item $cbor = $cbor->max_depth ([$maximum_nesting_depth])	143	=item $cbor = $cbor->max_depth ([$maximum_nesting_depth])
122		144
123	=item $max_depth = $cbor->get_max_depth	145	=item $max_depth = $cbor->get_max_depth
124		146
…		…
140		162
141	Note that nesting is implemented by recursion in C. The default value has	163	Note that nesting is implemented by recursion in C. The default value has
142	been chosen to be as large as typical operating systems allow without	164	been chosen to be as large as typical operating systems allow without
143	crashing.	165	crashing.
144		166
145	See SECURITY CONSIDERATIONS, below, for more info on why this is useful.	167	See L<SECURITY CONSIDERATIONS>, below, for more info on why this is useful.
146		168
147	=item $cbor = $cbor->max_size ([$maximum_string_size])	169	=item $cbor = $cbor->max_size ([$maximum_string_size])
148		170
149	=item $max_size = $cbor->get_max_size	171	=item $max_size = $cbor->get_max_size
150		172
…		…
155	effect on C<encode> (yet).	177	effect on C<encode> (yet).
156		178
157	If no argument is given, the limit check will be deactivated (same as when	179	If no argument is given, the limit check will be deactivated (same as when
158	C<0> is specified).	180	C<0> is specified).
159		181
160	See SECURITY CONSIDERATIONS, below, for more info on why this is useful.	182	See L<SECURITY CONSIDERATIONS>, below, for more info on why this is useful.
161		183
162	=item $cbor = $cbor->allow_unknown ([$enable])	184	=item $cbor = $cbor->allow_unknown ([$enable])
163		185
164	=item $enabled = $cbor->get_allow_unknown	186	=item $enabled = $cbor->get_allow_unknown
165		187
…		…
171	exception when it encounters anything it cannot encode as CBOR.	193	exception when it encounters anything it cannot encode as CBOR.
172		194
173	This option does not affect C<decode> in any way, and it is recommended to	195	This option does not affect C<decode> in any way, and it is recommended to
174	leave it off unless you know your communications partner.	196	leave it off unless you know your communications partner.
175		197
176	=item $cbor = $cbor->allow_sharable ([$enable])	198	=item $cbor = $cbor->allow_sharing ([$enable])
177		199
178	=item $enabled = $cbor->get_allow_sharable	200	=item $enabled = $cbor->get_allow_sharing
179		201
180	If C<$enable> is true (or missing), then C<encode> will not double-encode	202	If C<$enable> is true (or missing), then C<encode> will not double-encode
181	values that have been seen before (e.g. when the same object, such as an	203	values that have been referenced before (e.g. when the same object, such
182	array, is referenced multiple times), but instead will emit a reference to	204	as an array, is referenced multiple times), but instead will emit a
183	the earlier value.	205	reference to the earlier value.
184		206
185	This means that such values will only be encoded once, and will not result	207	This means that such values will only be encoded once, and will not result
186	in a deep cloning of the value on decode, in decoders supporting the value	208	in a deep cloning of the value on decode, in decoders supporting the value
187	sharing extension.	209	sharing extension. This also makes it possible to encode cyclic data
		210	structures (which need C<allow_cycles> to be enabled to be decoded by this
		211	module).
		212
		213	It is recommended to leave it off unless you know your
		214	communication partner supports the value sharing extensions to CBOR
		215	(L<http://cbor.schmorp.de/value-sharing>), as without decoder support, the
		216	resulting data structure might be unusable.
188		217
189	Detecting shared values incurs a runtime overhead when values are encoded	218	Detecting shared values incurs a runtime overhead when values are encoded
190	that have a reference counter large than one, and might unnecessarily	219	that have a reference counter large than one, and might unnecessarily
191	increase the encoded size, as potentially shared values are encode as	220	increase the encoded size, as potentially shared values are encoded as
192	sharable whether or not they are actually shared.	221	shareable whether or not they are actually shared.
193		222
194	At the moment, all shared values will be detected, even weird and unusual	223	At the moment, only targets of references can be shared (e.g. scalars,
195	cases, such as an array with multiple "copies" of the I<same> scalar,	224	arrays or hashes pointed to by a reference). Weirder constructs, such as
196	which are hard but not impossible to create in Perl (L<Storable> for	225	an array with multiple "copies" of the I<same> string, which are hard but
197	example doesn't handle these cases). If this turns out ot be a performance	226	not impossible to create in Perl, are not supported (this is the same as
198	issue then future versions might limit the shared value detection to	227	with L<Storable>).
199	references only.
200		228
201	If C<$enable> is false (the default), then C<encode> will encode	229	If C<$enable> is false (the default), then C<encode> will encode shared
202	exception when it encounters anything it cannot encode as CBOR.	230	data structures repeatedly, unsharing them in the process. Cyclic data
		231	structures cannot be encoded in this mode.
203		232
204	This option does not affect C<decode> in any way - shared values and	233	This option does not affect C<decode> in any way - shared values and
205	references will always be decoded properly if present. It is recommended	234	references will always be decoded properly if present.
206	to leave it off unless you know your communications partner supports the	235
207	value sharing extensions to CBOR (http://cbor.schmorp.de/value-sharing).	236	=item $cbor = $cbor->allow_cycles ([$enable])
		237
		238	=item $enabled = $cbor->get_allow_cycles
		239
		240	If C<$enable> is true (or missing), then C<decode> will happily decode
		241	self-referential (cyclic) data structures. By default these will not be
		242	decoded, as they need manual cleanup to avoid memory leaks, so code that
		243	isn't prepared for this will not leak memory.
		244
		245	If C<$enable> is false (the default), then C<decode> will throw an error
		246	when it encounters a self-referential/cyclic data structure.
		247
		248	FUTURE DIRECTION: the motivation behind this option is to avoid I<real>
		249	cycles - future versions of this module might chose to decode cyclic data
		250	structures using weak references when this option is off, instead of
		251	throwing an error.
		252
		253	This option does not affect C<encode> in any way - shared values and
		254	references will always be encoded properly if present.
		255
		256	=item $cbor = $cbor->forbid_objects ([$enable])
		257
		258	=item $enabled = $cbor->get_forbid_objects
		259
		260	Disables the use of the object serialiser protocol.
		261
		262	If C<$enable> is true (or missing), then C<encode> will will throw an
		263	exception when it encounters perl objects that would be encoded using the
		264	perl-object tag (26). When C<decode> encounters such tags, it will fall
		265	back to the general filter/tagged logic as if this were an unknown tag (by
		266	default resulting in a C<CBOR::XC::Tagged> object).
		267
		268	If C<$enable> is false (the default), then C<encode> will use the
		269	L<Types::Serialiser> object serialisation protocol to serialise objects
		270	into perl-object tags, and C<decode> will do the same to decode such tags.
		271
		272	See L<SECURITY CONSIDERATIONS>, below, for more info on why forbidding this
		273	protocol can be useful.
		274
		275	=item $cbor = $cbor->pack_strings ([$enable])
		276
		277	=item $enabled = $cbor->get_pack_strings
		278
		279	If C<$enable> is true (or missing), then C<encode> will try not to encode
		280	the same string twice, but will instead encode a reference to the string
		281	instead. Depending on your data format, this can save a lot of space, but
		282	also results in a very large runtime overhead (expect encoding times to be
		283	2-4 times as high as without).
		284
		285	It is recommended to leave it off unless you know your
		286	communications partner supports the stringref extension to CBOR
		287	(L<http://cbor.schmorp.de/stringref>), as without decoder support, the
		288	resulting data structure might not be usable.
		289
		290	If C<$enable> is false (the default), then C<encode> will encode strings
		291	the standard CBOR way.
		292
		293	This option does not affect C<decode> in any way - string references will
		294	always be decoded properly if present.
		295
		296	=item $cbor = $cbor->text_keys ([$enable])
		297
		298	=item $enabled = $cbor->get_text_keys
		299
		300	If C<$enabled> is true (or missing), then C<encode> will encode all
		301	perl hash keys as CBOR text strings/UTF-8 string, upgrading them as needed.
		302
		303	If C<$enable> is false (the default), then C<encode> will encode hash keys
		304	normally - upgraded perl strings (strings internally encoded as UTF-8) as
		305	CBOR text strings, and downgraded perl strings as CBOR byte strings.
		306
		307	This option does not affect C<decode> in any way.
		308
		309	This option is useful for interoperability with CBOR decoders that don't
		310	treat byte strings as a form of text. It is especially useful as Perl
		311	gives very little control over hash keys.
		312
		313	Enabling this option can be slow, as all downgraded hash keys that are
		314	encoded need to be scanned and converted to UTF-8.
		315
		316	=item $cbor = $cbor->text_strings ([$enable])
		317
		318	=item $enabled = $cbor->get_text_strings
		319
		320	This option works similar to C<text_keys>, above, but works on all strings
		321	(including hash keys), so C<text_keys> has no further effect after
		322	enabling C<text_strings>.
		323
		324	If C<$enabled> is true (or missing), then C<encode> will encode all perl
		325	strings as CBOR text strings/UTF-8 strings, upgrading them as needed.
		326
		327	If C<$enable> is false (the default), then C<encode> will encode strings
		328	normally (but see C<text_keys>) - upgraded perl strings (strings
		329	internally encoded as UTF-8) as CBOR text strings, and downgraded perl
		330	strings as CBOR byte strings.
		331
		332	This option does not affect C<decode> in any way.
		333
		334	This option has similar advantages and disadvantages as C<text_keys>. In
		335	addition, this option effectively removes the ability to automatically
		336	encode byte strings, which might break some C<FREEZE> and C<TO_CBOR>
		337	methods that rely on this.
		338
		339	A workaround is to use explicit type casts, which are unaffected by this option.
		340
		341	=item $cbor = $cbor->validate_utf8 ([$enable])
		342
		343	=item $enabled = $cbor->get_validate_utf8
		344
		345	If C<$enable> is true (or missing), then C<decode> will validate that
		346	elements (text strings) containing UTF-8 data in fact contain valid UTF-8
		347	data (instead of blindly accepting it). This validation obviously takes
		348	extra time during decoding.
		349
		350	The concept of "valid UTF-8" used is perl's concept, which is a superset
		351	of the official UTF-8.
		352
		353	If C<$enable> is false (the default), then C<decode> will blindly accept
		354	UTF-8 data, marking them as valid UTF-8 in the resulting data structure
		355	regardless of whether that's true or not.
		356
		357	Perl isn't too happy about corrupted UTF-8 in strings, but should
		358	generally not crash or do similarly evil things. Extensions might be not
		359	so forgiving, so it's recommended to turn on this setting if you receive
		360	untrusted CBOR.
		361
		362	This option does not affect C<encode> in any way - strings that are
		363	supposedly valid UTF-8 will simply be dumped into the resulting CBOR
		364	string without checking whether that is, in fact, true or not.
		365
		366	=item $cbor = $cbor->filter ([$cb->($tag, $value)])
		367
		368	=item $cb_or_undef = $cbor->get_filter
		369
		370	Sets or replaces the tagged value decoding filter (when C<$cb> is
		371	specified) or clears the filter (if no argument or C<undef> is provided).
		372
		373	The filter callback is called only during decoding, when a non-enforced
		374	tagged value has been decoded (see L<TAG HANDLING AND EXTENSIONS> for a
		375	list of enforced tags). For specific tags, it's often better to provide a
		376	default converter using the C<%CBOR::XS::FILTER> hash (see below).
		377
		378	The first argument is the numerical tag, the second is the (decoded) value
		379	that has been tagged.
		380
		381	The filter function should return either exactly one value, which will
		382	replace the tagged value in the decoded data structure, or no values,
		383	which will result in default handling, which currently means the decoder
		384	creates a C<CBOR::XS::Tagged> object to hold the tag and the value.
		385
		386	When the filter is cleared (the default state), the default filter
		387	function, C<CBOR::XS::default_filter>, is used. This function simply
		388	looks up the tag in the C<%CBOR::XS::FILTER> hash. If an entry exists
		389	it must be a code reference that is called with tag and value, and is
		390	responsible for decoding the value. If no entry exists, it returns no
		391	values. C<CBOR::XS> provides a number of default filter functions already,
		392	the the C<%CBOR::XS::FILTER> hash can be freely extended with more.
		393
		394	C<CBOR::XS> additionally provides an alternative filter function that is
		395	supposed to be safe to use with untrusted data (which the default filter
		396	might not), called C<CBOR::XS::safe_filter>, which works the same as
		397	the C<default_filter> but uses the C<%CBOR::XS::SAFE_FILTER> variable
		398	instead. It is prepopulated with the tag decoding functions that are
		399	deemed safe (basically the same as C<%CBOR::XS::FILTER> without all
		400	the bignum tags), and can be extended by user code as wlel, although,
		401	obviously, one should be very careful about adding decoding functions
		402	here, since the expectation is that they are safe to use on untrusted
		403	data, after all.
		404
		405	Example: decode all tags not handled internally into C<CBOR::XS::Tagged>
		406	objects, with no other special handling (useful when working with
		407	potentially "unsafe" CBOR data).
		408
		409	CBOR::XS->new->filter (sub { })->decode ($cbor_data);
		410
		411	Example: provide a global filter for tag 1347375694, converting the value
		412	into some string form.
		413
		414	$CBOR::XS::FILTER{1347375694} = sub {
		415	my ($tag, $value);
		416
		417	"tag 1347375694 value $value"
		418	};
		419
		420	Example: provide your own filter function that looks up tags in your own
		421	hash:
		422
		423	my %my_filter = (
		424	998347484 => sub {
		425	my ($tag, $value);
		426
		427	"tag 998347484 value $value"
		428	};
		429	);
		430
		431	my $coder = CBOR::XS->new->filter (sub {
		432	&{ $my_filter{$_[0]} or return }
		433	});
		434
		435
		436	Example: use the safe filter function (see L<SECURITY CONSIDERATIONS> for
		437	more considerations on security).
		438
		439	CBOR::XS->new->filter (\&CBOR::XS::safe_filter)->decode ($cbor_data);
208		440
209	=item $cbor_data = $cbor->encode ($perl_scalar)	441	=item $cbor_data = $cbor->encode ($perl_scalar)
210		442
211	Converts the given Perl data structure (a scalar value) to its CBOR	443	Converts the given Perl data structure (a scalar value) to its CBOR
212	representation.	444	representation.
…		…
222	when there is trailing garbage after the CBOR string, it will silently	454	when there is trailing garbage after the CBOR string, it will silently
223	stop parsing there and return the number of characters consumed so far.	455	stop parsing there and return the number of characters consumed so far.
224		456
225	This is useful if your CBOR texts are not delimited by an outer protocol	457	This is useful if your CBOR texts are not delimited by an outer protocol
226	and you need to know where the first CBOR string ends amd the next one	458	and you need to know where the first CBOR string ends amd the next one
227	starts.	459	starts - CBOR strings are self-delimited, so it is possible to concatenate
		460	CBOR strings without any delimiters or size fields and recover their data.
228		461
229	CBOR::XS->new->decode_prefix ("......")	462	CBOR::XS->new->decode_prefix ("......")
230	=> ("...", 3)	463	=> ("...", 3)
		464
		465	=back
		466
		467	=head2 INCREMENTAL PARSING
		468
		469	In some cases, there is the need for incremental parsing of JSON
		470	texts. While this module always has to keep both CBOR text and resulting
		471	Perl data structure in memory at one time, it does allow you to parse a
		472	CBOR stream incrementally, using a similar to using "decode_prefix" to see
		473	if a full CBOR object is available, but is much more efficient.
		474
		475	It basically works by parsing as much of a CBOR string as possible - if
		476	the CBOR data is not complete yet, the pasrer will remember where it was,
		477	to be able to restart when more data has been accumulated. Once enough
		478	data is available to either decode a complete CBOR value or raise an
		479	error, a real decode will be attempted.
		480
		481	A typical use case would be a network protocol that consists of sending
		482	and receiving CBOR-encoded messages. The solution that works with CBOR and
		483	about anything else is by prepending a length to every CBOR value, so the
		484	receiver knows how many octets to read. More compact (and slightly slower)
		485	would be to just send CBOR values back-to-back, as C<CBOR::XS> knows where
		486	a CBOR value ends, and doesn't need an explicit length.
		487
		488	The following methods help with this:
		489
		490	=over 4
		491
		492	=item @decoded = $cbor->incr_parse ($buffer)
		493
		494	This method attempts to decode exactly one CBOR value from the beginning
		495	of the given C<$buffer>. The value is removed from the C<$buffer> on
		496	success. When C<$buffer> doesn't contain a complete value yet, it returns
		497	nothing. Finally, when the C<$buffer> doesn't start with something
		498	that could ever be a valid CBOR value, it raises an exception, just as
		499	C<decode> would. In the latter case the decoder state is undefined and
		500	must be reset before being able to parse further.
		501
		502	This method modifies the C<$buffer> in place. When no CBOR value can be
		503	decoded, the decoder stores the current string offset. On the next call,
		504	continues decoding at the place where it stopped before. For this to make
		505	sense, the C<$buffer> must begin with the same octets as on previous
		506	unsuccessful calls.
		507
		508	You can call this method in scalar context, in which case it either
		509	returns a decoded value or C<undef>. This makes it impossible to
		510	distinguish between CBOR null values (which decode to C<undef>) and an
		511	unsuccessful decode, which is often acceptable.
		512
		513	=item @decoded = $cbor->incr_parse_multiple ($buffer)
		514
		515	Same as C<incr_parse>, but attempts to decode as many CBOR values as
		516	possible in one go, instead of at most one. Calls to C<incr_parse> and
		517	C<incr_parse_multiple> can be interleaved.
		518
		519	=item $cbor->incr_reset
		520
		521	Resets the incremental decoder. This throws away any saved state, so that
		522	subsequent calls to C<incr_parse> or C<incr_parse_multiple> start to parse
		523	a new CBOR value from the beginning of the C<$buffer> again.
		524
		525	This method can be called at any time, but it I<must> be called if you want
		526	to change your C<$buffer> or there was a decoding error and you want to
		527	reuse the C<$cbor> object for future incremental parsings.
231		528
232	=back	529	=back
233		530
234		531
235	=head1 MAPPING	532	=head1 MAPPING
…		…
253	CBOR integers become (numeric) perl scalars. On perls without 64 bit	550	CBOR integers become (numeric) perl scalars. On perls without 64 bit
254	support, 64 bit integers will be truncated or otherwise corrupted.	551	support, 64 bit integers will be truncated or otherwise corrupted.
255		552
256	=item byte strings	553	=item byte strings
257		554
258	Byte strings will become octet strings in Perl (the byte values 0..255	555	Byte strings will become octet strings in Perl (the Byte values 0..255
259	will simply become characters of the same value in Perl).	556	will simply become characters of the same value in Perl).
260		557
261	=item UTF-8 strings	558	=item UTF-8 strings
262		559
263	UTF-8 strings in CBOR will be decoded, i.e. the UTF-8 octets will be	560	UTF-8 strings in CBOR will be decoded, i.e. the UTF-8 octets will be
…		…
281	C<Types:Serialiser::false> and C<Types::Serialiser::error>,	578	C<Types:Serialiser::false> and C<Types::Serialiser::error>,
282	respectively. They are overloaded to act almost exactly like the numbers	579	respectively. They are overloaded to act almost exactly like the numbers
283	C<1> and C<0> (for true and false) or to throw an exception on access (for	580	C<1> and C<0> (for true and false) or to throw an exception on access (for
284	error). See the L<Types::Serialiser> manpage for details.	581	error). See the L<Types::Serialiser> manpage for details.
285		582
286	=item CBOR tag 256 (perl object)	583	=item tagged values
287		584
288	The tag value C<256> (TODO: pending iana registration) will be used
289	to deserialise a Perl object serialised with C<FREEZE>. See L<OBJECT
290	SERIALISATION>, below, for details.
291
292	=item CBOR tag 55799 (magic header)
293
294	The tag 55799 is ignored (this tag implements the magic header).
295
296	=item other CBOR tags
297
298	Tagged items consists of a numeric tag and another CBOR value. Tags not	585	Tagged items consists of a numeric tag and another CBOR value.
299	handled internally are currently converted into a L<CBOR::XS::Tagged>
300	object, which is simply a blessed array reference consisting of the
301	numeric tag value followed by the (decoded) CBOR value.
302		586
303	In the future, support for user-supplied conversions might get added.	587	See L<TAG HANDLING AND EXTENSIONS> and the description of C<< ->filter >>
		588	for details on which tags are handled how.
304		589
305	=item anything else	590	=item anything else
306		591
307	Anything else (e.g. unsupported simple values) will raise a decoding	592	Anything else (e.g. unsupported simple values) will raise a decoding
308	error.	593	error.
…		…
311		596
312		597
313	=head2 PERL -> CBOR	598	=head2 PERL -> CBOR
314		599
315	The mapping from Perl to CBOR is slightly more difficult, as Perl is a	600	The mapping from Perl to CBOR is slightly more difficult, as Perl is a
316	truly typeless language, so we can only guess which CBOR type is meant by	601	typeless language. That means this module can only guess which CBOR type
317	a Perl value.	602	is meant by a perl value.
318		603
319	=over 4	604	=over 4
320		605
321	=item hash references	606	=item hash references
322		607
323	Perl hash references become CBOR maps. As there is no inherent ordering in	608	Perl hash references become CBOR maps. As there is no inherent ordering in
324	hash keys (or CBOR maps), they will usually be encoded in a pseudo-random	609	hash keys (or CBOR maps), they will usually be encoded in a pseudo-random
325	order.	610	order. This order can be different each time a hash is encoded.
326		611
327	Currently, tied hashes will use the indefinite-length format, while normal	612	Currently, tied hashes will use the indefinite-length format, while normal
328	hashes will use the fixed-length format.	613	hashes will use the fixed-length format.
329		614
330	=item array references	615	=item array references
331		616
332	Perl array references become fixed-length CBOR arrays.	617	Perl array references become fixed-length CBOR arrays.
333		618
334	=item other references	619	=item other references
335		620
336	Other unblessed references are generally not allowed and will cause an	621	Other unblessed references will be represented using
337	exception to be thrown, except for references to the integers C<0> and	622	the indirection tag extension (tag value C<22098>,
338	C<1>, which get turned into false and true in CBOR.	623	L<http://cbor.schmorp.de/indirection>). CBOR decoders are guaranteed
		624	to be able to decode these values somehow, by either "doing the right
		625	thing", decoding into a generic tagged object, simply ignoring the tag, or
		626	something else.
339		627
340	=item CBOR::XS::Tagged objects	628	=item CBOR::XS::Tagged objects
341		629
342	Objects of this type must be arrays consisting of a single C<[tag, value]>	630	Objects of this type must be arrays consisting of a single C<[tag, value]>
343	pair. The (numerical) tag will be encoded as a CBOR tag, the value will	631	pair. The (numerical) tag will be encoded as a CBOR tag, the value will
344	be encoded as appropriate for the value. You cna use C<CBOR::XS::tag> to	632	be encoded as appropriate for the value. You must use C<CBOR::XS::tag> to
345	create such objects.	633	create such objects.
346		634
347	=item Types::Serialiser::true, Types::Serialiser::false, Types::Serialiser::error	635	=item Types::Serialiser::true, Types::Serialiser::false, Types::Serialiser::error
348		636
349	These special values become CBOR true, CBOR false and CBOR undefined	637	These special values become CBOR true, CBOR false and CBOR undefined
…		…
351	if you want.	639	if you want.
352		640
353	=item other blessed objects	641	=item other blessed objects
354		642
355	Other blessed objects are serialised via C<TO_CBOR> or C<FREEZE>. See	643	Other blessed objects are serialised via C<TO_CBOR> or C<FREEZE>. See
356	L<OBJECT SERIALISATION>, below, for details.	644	L<TAG HANDLING AND EXTENSIONS> for specific classes handled by this
		645	module, and L<OBJECT SERIALISATION> for generic object serialisation.
357		646
358	=item simple scalars	647	=item simple scalars
359		648
360	TODO
361	Simple Perl scalars (any scalar that is not a reference) are the most	649	Simple Perl scalars (any scalar that is not a reference) are the most
362	difficult objects to encode: CBOR::XS will encode undefined scalars as	650	difficult objects to encode: CBOR::XS will encode undefined scalars as
363	CBOR null values, scalars that have last been used in a string context	651	CBOR null values, scalars that have last been used in a string context
364	before encoding as CBOR strings, and anything else as number value:	652	before encoding as CBOR strings, and anything else as number value:
365		653
366	# dump as number	654	# dump as number
367	encode_cbor [2] # yields [2]	655	encode_cbor [2] # yields [2]
368	encode_cbor [-3.0e17] # yields [-3e+17]	656	encode_cbor [-3.0e17] # yields [-3e+17]
369	my $value = 5; encode_cbor [$value] # yields [5]	657	my $value = 5; encode_cbor [$value] # yields [5]
370		658
371	# used as string, so dump as string	659	# used as string, so dump as string (either byte or text)
372	print $value;	660	print $value;
373	encode_cbor [$value] # yields ["5"]	661	encode_cbor [$value] # yields ["5"]
374		662
375	# undef becomes null	663	# undef becomes null
376	encode_cbor [undef] # yields [null]	664	encode_cbor [undef] # yields [null]
…		…
379		667
380	my $x = 3.1; # some variable containing a number	668	my $x = 3.1; # some variable containing a number
381	"$x"; # stringified	669	"$x"; # stringified
382	$x .= ""; # another, more awkward way to stringify	670	$x .= ""; # another, more awkward way to stringify
383	print $x; # perl does it for you, too, quite often	671	print $x; # perl does it for you, too, quite often
		672
		673	You can force whether a string is encoded as byte or text string by using
		674	C<utf8::upgrade> and C<utf8::downgrade> (if C<text_strings> is disabled).
		675
		676	utf8::upgrade $x; # encode $x as text string
		677	utf8::downgrade $x; # encode $x as byte string
		678
		679	More options are available, see L<TYPE CASTS>, below, and the C<text_keys>
		680	and C<text_strings> options.
		681
		682	Perl doesn't define what operations up- and downgrade strings, so if the
		683	difference between byte and text is important, you should up- or downgrade
		684	your string as late as possible before encoding. You can also force the
		685	use of CBOR text strings by using C<text_keys> or C<text_strings>.
384		686
385	You can force the type to be a CBOR number by numifying it:	687	You can force the type to be a CBOR number by numifying it:
386		688
387	my $x = "3"; # some variable containing a string	689	my $x = "3"; # some variable containing a string
388	$x += 0; # numify it, ensuring it will be dumped as a number	690	$x += 0; # numify it, ensuring it will be dumped as a number
…		…
399	represent numerical values are supported, but might suffer loss of	701	represent numerical values are supported, but might suffer loss of
400	precision.	702	precision.
401		703
402	=back	704	=back
403		705
		706	=head2 TYPE CASTS
		707
		708	B<EXPERIMENTAL>: As an experimental extension, C<CBOR::XS> allows you to
		709	force specific cbor types to be used when encoding. That allows you to
		710	encode types not normally accessible (e.g. half floats) as well as force
		711	string types even when C<text_strings> is in effect.
		712
		713	Type forcing is done by calling a special "cast" function which keeps a
		714	copy of the value and returns a new value that can be handed over to any
		715	CBOR encoder function.
		716
		717	The following casts are currently available (all of which are unary
		718	operators, that is, have a prototype of C<$>):
		719
		720	=over
		721
		722	=item CBOR::XS::as_int $value
		723
		724	Forces the value to be encoded as some form of (basic, not bignum) integer
		725	type.
		726
		727	=item CBOR::XS::as_text $value
		728
		729	Forces the value to be encoded as (UTF-8) text values.
		730
		731	=item CBOR::XS::as_bytes $value
		732
		733	Forces the value to be encoded as a (binary) string value.
		734
		735	Example: encode a perl string as binary even though C<text_strings> is in
		736	effect.
		737
		738	CBOR::XS->new->text_strings->encode ([4, "text", CBOR::XS::bytes "bytevalue"]);
		739
		740	=item CBOR::XS::as_bool $value
		741
		742	Converts a Perl boolean (which can be any kind of scalar) into a CBOR
		743	boolean. Strictly the same, but shorter to write, than:
		744
		745	$value ? Types::Serialiser::true : Types::Serialiser::false
		746
		747	=item CBOR::XS::as_float16 $value
		748
		749	Forces half-float (IEEE 754 binary16) encoding of the given value.
		750
		751	=item CBOR::XS::as_float32 $value
		752
		753	Forces single-float (IEEE 754 binary32) encoding of the given value.
		754
		755	=item CBOR::XS::as_float64 $value
		756
		757	Forces double-float (IEEE 754 binary64) encoding of the given value.
		758
		759	=item CBOR::XS::as_cbor $cbor_text
		760
		761	Not a type cast per-se, this type cast forces the argument to eb encoded
		762	as-is. This can be used to embed pre-encoded CBOR data.
		763
		764	Note that no checking on the validity of the C<$cbor_text> is done - it's
		765	the callers responsibility to correctly encode values.
		766
		767	=item CBOR::XS::as_map [key => value...]
		768
		769	Treat the array reference as key value pairs and output a CBOR map. This
		770	allows you to generate CBOR maps with arbitrary key types (or, if you
		771	don't care about semantics, duplicate keys or prairs in a custom order),
		772	which is otherwise hard to do with Perl.
		773
		774	The single argument must be an array reference with an even number of
		775	elements.
		776
		777	Example: encode a CBOR map with a string and an integer as keys.
		778
		779	encode_cbor CBOR::XS::as_map [string => "value", 5 => "value"]
		780
		781	=back
		782
		783	=cut
		784
		785	sub CBOR::XS::as_cbor ($) { bless [$_[0], 0, undef], CBOR::XS::Tagged:: }
		786	sub CBOR::XS::as_int ($) { bless [$_[0], 1, undef], CBOR::XS::Tagged:: }
		787	sub CBOR::XS::as_bytes ($) { bless [$_[0], 2, undef], CBOR::XS::Tagged:: }
		788	sub CBOR::XS::as_text ($) { bless [$_[0], 3, undef], CBOR::XS::Tagged:: }
		789	sub CBOR::XS::as_float16 ($) { bless [$_[0], 4, undef], CBOR::XS::Tagged:: }
		790	sub CBOR::XS::as_float32 ($) { bless [$_[0], 5, undef], CBOR::XS::Tagged:: }
		791	sub CBOR::XS::as_float64 ($) { bless [$_[0], 6, undef], CBOR::XS::Tagged:: }
		792
		793	sub CBOR::XS::as_bool ($) { $_[0] ? $Types::Serialiser::true : $Types::Serialiser::false }
		794
		795	sub CBOR::XS::as_map ($) {
		796	ARRAY:: eq ref $_[0]
		797	and $#{ $_[0] } & 1
		798	or do { require Carp; Carp::croak ("CBOR::XS::as_map only acepts array references with an even number of elements, caught") };
		799
		800	bless [$_[0], 7, undef], CBOR::XS::Tagged::
		801	}
		802
404	=head2 OBJECT SERIALISATION	803	=head2 OBJECT SERIALISATION
		804
		805	This module implements both a CBOR-specific and the generic
		806	L<Types::Serialier> object serialisation protocol. The following
		807	subsections explain both methods.
		808
		809	=head3 ENCODING
405		810
406	This module knows two way to serialise a Perl object: The CBOR-specific	811	This module knows two way to serialise a Perl object: The CBOR-specific
407	way, and the generic way.	812	way, and the generic way.
408		813
409	Whenever the encoder encounters a Perl object that it cnanot serialise	814	Whenever the encoder encounters a Perl object that it cannot serialise
410	directly (most of them), it will first look up the C<TO_CBOR> method on	815	directly (most of them), it will first look up the C<TO_CBOR> method on
411	it.	816	it.
412		817
413	If it has a C<TO_CBOR> method, it will call it with the object as only	818	If it has a C<TO_CBOR> method, it will call it with the object as only
414	argument, and expects exactly one return value, which it will then	819	argument, and expects exactly one return value, which it will then
…		…
420		825
421	The C<FREEZE> method can return any number of values (i.e. zero or	826	The C<FREEZE> method can return any number of values (i.e. zero or
422	more). These will be encoded as CBOR perl object, together with the	827	more). These will be encoded as CBOR perl object, together with the
423	classname.	828	classname.
424		829
		830	These methods I<MUST NOT> change the data structure that is being
		831	serialised. Failure to comply to this can result in memory corruption -
		832	and worse.
		833
425	If an object supports neither C<TO_CBOR> nor C<FREEZE>, encoding will fail	834	If an object supports neither C<TO_CBOR> nor C<FREEZE>, encoding will fail
426	with an error.	835	with an error.
427		836
		837	=head3 DECODING
		838
428	Objects encoded via C<TO_CBOR> cannot be automatically decoded, but	839	Objects encoded via C<TO_CBOR> cannot (normally) be automatically decoded,
429	objects encoded via C<FREEZE> can be decoded using the following protocol:	840	but objects encoded via C<FREEZE> can be decoded using the following
		841	protocol:
430		842
431	When an encoded CBOR perl object is encountered by the decoder, it will	843	When an encoded CBOR perl object is encountered by the decoder, it will
432	look up the C<THAW> method, by using the stored classname, and will fail	844	look up the C<THAW> method, by using the stored classname, and will fail
433	if the method cannot be found.	845	if the method cannot be found.
434		846
435	After the lookup it will call the C<THAW> method with the stored classname	847	After the lookup it will call the C<THAW> method with the stored classname
436	as first argument, the constant string C<CBOR> as second argument, and all	848	as first argument, the constant string C<CBOR> as second argument, and all
437	values returned by C<FREEZE> as remaining arguments.	849	values returned by C<FREEZE> as remaining arguments.
438		850
439	=head4 EXAMPLES	851	=head3 EXAMPLES
440		852
441	Here is an example C<TO_CBOR> method:	853	Here is an example C<TO_CBOR> method:
442		854
443	sub My::Object::TO_CBOR {	855	sub My::Object::TO_CBOR {
444	my ($obj) = @_;	856	my ($obj) = @_;
…		…
455		867
456	sub URI::TO_CBOR {	868	sub URI::TO_CBOR {
457	my ($self) = @_;	869	my ($self) = @_;
458	my $uri = "$self"; # stringify uri	870	my $uri = "$self"; # stringify uri
459	utf8::upgrade $uri; # make sure it will be encoded as UTF-8 string	871	utf8::upgrade $uri; # make sure it will be encoded as UTF-8 string
460	CBOR::XS::tagged 32, "$_[0]"	872	CBOR::XS::tag 32, "$_[0]"
461	}	873	}
462		874
463	This will encode URIs as a UTF-8 string with tag 32, which indicates an	875	This will encode URIs as a UTF-8 string with tag 32, which indicates an
464	URI.	876	URI.
465		877
…		…
476	"$self" # encode url string	888	"$self" # encode url string
477	}	889	}
478		890
479	sub URI::THAW {	891	sub URI::THAW {
480	my ($class, $serialiser, $uri) = @_;	892	my ($class, $serialiser, $uri) = @_;
481
482	$class->new ($uri)	893	$class->new ($uri)
483	}	894	}
484		895
485	Unlike C<TO_CBOR>, multiple values can be returned by C<FREEZE>. For	896	Unlike C<TO_CBOR>, multiple values can be returned by C<FREEZE>. For
486	example, a C<FREEZE> method that returns "type", "id" and "variant" values	897	example, a C<FREEZE> method that returns "type", "id" and "variant" values
…		…
601	CBOR::XS::tag 24,	1012	CBOR::XS::tag 24,
602	encode_cbor [1, 2, 3];	1013	encode_cbor [1, 2, 3];
603		1014
604	=head1 TAG HANDLING AND EXTENSIONS	1015	=head1 TAG HANDLING AND EXTENSIONS
605		1016
606	This section describes how this module handles specific tagged values and	1017	This section describes how this module handles specific tagged values
607	extensions. If a tag is not mentioned here, then the default handling	1018	and extensions. If a tag is not mentioned here and no additional filters
		1019	are provided for it, then the default handling applies (creating a
608	applies (creating a CBOR::XS::Tagged object on decoding, and only encoding	1020	CBOR::XS::Tagged object on decoding, and only encoding the tag when
609	the tag when explicitly requested).	1021	explicitly requested).
		1022
		1023	Tags not handled specifically are currently converted into a
		1024	L<CBOR::XS::Tagged> object, which is simply a blessed array reference
		1025	consisting of the numeric tag value followed by the (decoded) CBOR value.
610		1026
611	Future versions of this module reserve the right to special case	1027	Future versions of this module reserve the right to special case
612	additional tags (such as bigfloat or base64url).	1028	additional tags (such as base64url).
		1029
		1030	=head2 ENFORCED TAGS
		1031
		1032	These tags are always handled when decoding, and their handling cannot be
		1033	overridden by the user.
613		1034
614	=over 4	1035	=over 4
615		1036
616	=item <unassigned> (perl-object, L<http://cbor.schmorp.de/perl-object>)	1037	=item 26 (perl-object, L<http://cbor.schmorp.de/perl-object>)
617		1038
618	These tags are automatically created for serialisable objects using the	1039	These tags are automatically created (and decoded) for serialisable
619	C<FREEZE/THAW> methods (the L<Types::Serialier> object serialisation	1040	objects using the C<FREEZE/THAW> methods (the L<Types::Serialier> object
620	protocol).	1041	serialisation protocol). See L<OBJECT SERIALISATION> for details.
621		1042
622	=item <unassigned>, <unassigned> (sharable, sharedref, L <http://cbor.schmorp.de/value-sharing>)	1043	=item 28, 29 (shareable, sharedref, L<http://cbor.schmorp.de/value-sharing>)
623		1044
624	These tags are automatically decoded when encountered, resulting in	1045	These tags are automatically decoded when encountered (and they do not
		1046	result in a cyclic data structure, see C<allow_cycles>), resulting in
625	shared values in the decoded object. They are only encoded, however, when	1047	shared values in the decoded object. They are only encoded, however, when
626	C<allow_sharable> is enabled.	1048	C<allow_sharing> is enabled.
		1049
		1050	Not all shared values can be successfully decoded: values that reference
		1051	themselves will I<currently> decode as C<undef> (this is not the same
		1052	as a reference pointing to itself, which will be represented as a value
		1053	that contains an indirect reference to itself - these will be decoded
		1054	properly).
		1055
		1056	Note that considerably more shared value data structures can be decoded
		1057	than will be encoded - currently, only values pointed to by references
		1058	will be shared, others will not. While non-reference shared values can be
		1059	generated in Perl with some effort, they were considered too unimportant
		1060	to be supported in the encoder. The decoder, however, will decode these
		1061	values as shared values.
		1062
		1063	=item 256, 25 (stringref-namespace, stringref, L<http://cbor.schmorp.de/stringref>)
		1064
		1065	These tags are automatically decoded when encountered. They are only
		1066	encoded, however, when C<pack_strings> is enabled.
627		1067
628	=item 22098 (indirection, L<http://cbor.schmorp.de/indirection>)	1068	=item 22098 (indirection, L<http://cbor.schmorp.de/indirection>)
629		1069
630	This tag is automatically generated when a reference are encountered (with	1070	This tag is automatically generated when a reference are encountered (with
631	the exception of hash and array refernces). It is converted to a reference	1071	the exception of hash and array references). It is converted to a reference
632	when decoding.	1072	when decoding.
633		1073
634	=item 55799 (self-describe CBOR, RFC 7049)	1074	=item 55799 (self-describe CBOR, RFC 7049)
635		1075
636	This value is not generated on encoding (unless explicitly requested by	1076	This value is not generated on encoding (unless explicitly requested by
637	the user), and is simply ignored when decoding.	1077	the user), and is simply ignored when decoding.
638		1078
639	=back	1079	=back
640		1080
		1081	=head2 NON-ENFORCED TAGS
		1082
		1083	These tags have default filters provided when decoding. Their handling can
		1084	be overridden by changing the C<%CBOR::XS::FILTER> entry for the tag, or by
		1085	providing a custom C<filter> callback when decoding.
		1086
		1087	When they result in decoding into a specific Perl class, the module
		1088	usually provides a corresponding C<TO_CBOR> method as well.
		1089
		1090	When any of these need to load additional modules that are not part of the
		1091	perl core distribution (e.g. L<URI>), it is (currently) up to the user to
		1092	provide these modules. The decoding usually fails with an exception if the
		1093	required module cannot be loaded.
		1094
		1095	=over 4
		1096
		1097	=item 0, 1 (date/time string, seconds since the epoch)
		1098
		1099	These tags are decoded into L<Time::Piece> objects. The corresponding
		1100	C<Time::Piece::TO_CBOR> method always encodes into tag 1 values currently.
		1101
		1102	The L<Time::Piece> API is generally surprisingly bad, and fractional
		1103	seconds are only accidentally kept intact, so watch out. On the plus side,
		1104	the module comes with perl since 5.10, which has to count for something.
		1105
		1106	=item 2, 3 (positive/negative bignum)
		1107
		1108	These tags are decoded into L<Math::BigInt> objects. The corresponding
		1109	C<Math::BigInt::TO_CBOR> method encodes "small" bigints into normal CBOR
		1110	integers, and others into positive/negative CBOR bignums.
		1111
		1112	=item 4, 5, 264, 265 (decimal fraction/bigfloat)
		1113
		1114	Both decimal fractions and bigfloats are decoded into L<Math::BigFloat>
		1115	objects. The corresponding C<Math::BigFloat::TO_CBOR> method I<always>
		1116	encodes into a decimal fraction (either tag 4 or 264).
		1117
		1118	NaN and infinities are not encoded properly, as they cannot be represented
		1119	in CBOR.
		1120
		1121	See L<BIGNUM SECURITY CONSIDERATIONS> for more info.
		1122
		1123	=item 30 (rational numbers)
		1124
		1125	These tags are decoded into L<Math::BigRat> objects. The corresponding
		1126	C<Math::BigRat::TO_CBOR> method encodes rational numbers with denominator
		1127	C<1> via their numerator only, i.e., they become normal integers or
		1128	C<bignums>.
		1129
		1130	See L<BIGNUM SECURITY CONSIDERATIONS> for more info.
		1131
		1132	=item 21, 22, 23 (expected later JSON conversion)
		1133
		1134	CBOR::XS is not a CBOR-to-JSON converter, and will simply ignore these
		1135	tags.
		1136
		1137	=item 32 (URI)
		1138
		1139	These objects decode into L<URI> objects. The corresponding
		1140	C<URI::TO_CBOR> method again results in a CBOR URI value.
		1141
		1142	=back
		1143
		1144	=cut
641		1145
642	=head1 CBOR and JSON	1146	=head1 CBOR and JSON
643		1147
644	CBOR is supposed to implement a superset of the JSON data model, and is,	1148	CBOR is supposed to implement a superset of the JSON data model, and is,
645	with some coercion, able to represent all JSON texts (something that other	1149	with some coercion, able to represent all JSON texts (something that other
…		…
654	CBOR intact.	1158	CBOR intact.
655		1159
656		1160
657	=head1 SECURITY CONSIDERATIONS	1161	=head1 SECURITY CONSIDERATIONS
658		1162
659	When you are using CBOR in a protocol, talking to untrusted potentially	1163	Tl;dr... if you want to decode or encode CBOR from untrusted sources, you
660	hostile creatures requires relatively few measures.	1164	should start with a coder object created via C<new_safe> (which implements
		1165	the mitigations explained below):
661		1166
		1167	my $coder = CBOR::XS->new_safe;
		1168
		1169	my $data = $coder->decode ($cbor_text);
		1170	my $cbor = $coder->encode ($data);
		1171
		1172	Longer version: When you are using CBOR in a protocol, talking to
		1173	untrusted potentially hostile creatures requires some thought:
		1174
		1175	=over 4
		1176
		1177	=item Security of the CBOR decoder itself
		1178
662	First of all, your CBOR decoder should be secure, that is, should not have	1179	First and foremost, your CBOR decoder should be secure, that is, should
		1180	not have any buffer overflows or similar bugs that could potentially be
663	any buffer overflows. Obviously, this module should ensure that and I am	1181	exploited. Obviously, this module should ensure that and I am trying hard
664	trying hard on making that true, but you never know.	1182	on making that true, but you never know.
665		1183
		1184	=item CBOR::XS can invoke almost arbitrary callbacks during decoding
		1185
		1186	CBOR::XS supports object serialisation - decoding CBOR can cause calls
		1187	to I<any> C<THAW> method in I<any> package that exists in your process
		1188	(that is, CBOR::XS will not try to load modules, but any existing C<THAW>
		1189	method or function can be called, so they all have to be secure).
		1190
		1191	Less obviously, it will also invoke C<TO_CBOR> and C<FREEZE> methods -
		1192	even if all your C<THAW> methods are secure, encoding data structures from
		1193	untrusted sources can invoke those and trigger bugs in those.
		1194
		1195	So, if you are not sure about the security of all the modules you
		1196	have loaded (you shouldn't), you should disable this part using
		1197	C<forbid_objects> or using C<new_safe>.
		1198
		1199	=item CBOR can be extended with tags that call library code
		1200
		1201	CBOR can be extended with tags, and C<CBOR::XS> has a registry of
		1202	conversion functions for many existing tags that can be extended via
		1203	third-party modules (see the C<filter> method).
		1204
		1205	If you don't trust these, you should configure the "safe" filter function,
		1206	C<CBOR::XS::safe_filter> (C<new_safe> does this), which by default only
		1207	includes conversion functions that are considered "safe" by the author
		1208	(but again, they can be extended by third party modules).
		1209
		1210	Depending on your level of paranoia, you can use the "safe" filter:
		1211
		1212	$cbor->filter (\&CBOR::XS::safe_filter);
		1213
		1214	... your own filter...
		1215
		1216	$cbor->filter (sub { ... do your stuffs here ... });
		1217
		1218	... or even no filter at all, disabling all tag decoding:
		1219
		1220	$cbor->filter (sub { });
		1221
		1222	This is never a problem for encoding, as the tag mechanism only exists in
		1223	CBOR texts.
		1224
		1225	=item Resource-starving attacks: object memory usage
		1226
666	Second, you need to avoid resource-starving attacks. That means you should	1227	You need to avoid resource-starving attacks. That means you should limit
667	limit the size of CBOR data you accept, or make sure then when your	1228	the size of CBOR data you accept, or make sure then when your resources
668	resources run out, that's just fine (e.g. by using a separate process that	1229	run out, that's just fine (e.g. by using a separate process that can
669	can crash safely). The size of a CBOR string in octets is usually a good	1230	crash safely). The size of a CBOR string in octets is usually a good
670	indication of the size of the resources required to decode it into a Perl	1231	indication of the size of the resources required to decode it into a Perl
671	structure. While CBOR::XS can check the size of the CBOR text, it might be	1232	structure. While CBOR::XS can check the size of the CBOR text (using
672	too late when you already have it in memory, so you might want to check	1233	C<max_size> - done by C<new_safe>), it might be too late when you already
673	the size before you accept the string.	1234	have it in memory, so you might want to check the size before you accept
		1235	the string.
674		1236
		1237	As for encoding, it is possible to construct data structures that are
		1238	relatively small but result in large CBOR texts (for example by having an
		1239	array full of references to the same big data structure, which will all be
		1240	deep-cloned during encoding by default). This is rarely an actual issue
		1241	(and the worst case is still just running out of memory), but you can
		1242	reduce this risk by using C<allow_sharing>.
		1243
		1244	=item Resource-starving attacks: stack overflows
		1245
675	Third, CBOR::XS recurses using the C stack when decoding objects and	1246	CBOR::XS recurses using the C stack when decoding objects and arrays. The
676	arrays. The C stack is a limited resource: for instance, on my amd64	1247	C stack is a limited resource: for instance, on my amd64 machine with 8MB
677	machine with 8MB of stack size I can decode around 180k nested arrays but	1248	of stack size I can decode around 180k nested arrays but only 14k nested
678	only 14k nested CBOR objects (due to perl itself recursing deeply on croak	1249	CBOR objects (due to perl itself recursing deeply on croak to free the
679	to free the temporary). If that is exceeded, the program crashes. To be	1250	temporary). If that is exceeded, the program crashes. To be conservative,
680	conservative, the default nesting limit is set to 512. If your process	1251	the default nesting limit is set to 512. If your process has a smaller
681	has a smaller stack, you should adjust this setting accordingly with the	1252	stack, you should adjust this setting accordingly with the C<max_depth>
682	C<max_depth> method.	1253	method.
		1254
		1255	=item Resource-starving attacks: CPU en-/decoding complexity
		1256
		1257	CBOR::XS will use the L<Math::BigInt>, L<Math::BigFloat> and
		1258	L<Math::BigRat> libraries to represent encode/decode bignums. These can be
		1259	very slow (as in, centuries of CPU time) and can even crash your program
		1260	(and are generally not very trustworthy). See the next section on bignum
		1261	security for details.
		1262
		1263	=item Data breaches: leaking information in error messages
		1264
		1265	CBOR::XS might leak contents of your Perl data structures in its error
		1266	messages, so when you serialise sensitive information you might want to
		1267	make sure that exceptions thrown by CBOR::XS will not end up in front of
		1268	untrusted eyes.
		1269
		1270	=item Something else...
683		1271
684	Something else could bomb you, too, that I forgot to think of. In that	1272	Something else could bomb you, too, that I forgot to think of. In that
685	case, you get to keep the pieces. I am always open for hints, though...	1273	case, you get to keep the pieces. I am always open for hints, though...
686		1274
687	Also keep in mind that CBOR::XS might leak contents of your Perl data	1275	=back
688	structures in its error messages, so when you serialise sensitive	1276
689	information you might want to make sure that exceptions thrown by CBOR::XS	1277
690	will not end up in front of untrusted eyes.	1278	=head1 BIGNUM SECURITY CONSIDERATIONS
		1279
		1280	CBOR::XS provides a C<TO_CBOR> method for both L<Math::BigInt> and
		1281	L<Math::BigFloat> that tries to encode the number in the simplest possible
		1282	way, that is, either a CBOR integer, a CBOR bigint/decimal fraction (tag
		1283	4) or an arbitrary-exponent decimal fraction (tag 264). Rational numbers
		1284	(L<Math::BigRat>, tag 30) can also contain bignums as members.
		1285
		1286	CBOR::XS will also understand base-2 bigfloat or arbitrary-exponent
		1287	bigfloats (tags 5 and 265), but it will never generate these on its own.
		1288
		1289	Using the built-in L<Math::BigInt::Calc> support, encoding and decoding
		1290	decimal fractions is generally fast. Decoding bigints can be slow for very
		1291	big numbers (tens of thousands of digits, something that could potentially
		1292	be caught by limiting the size of CBOR texts), and decoding bigfloats or
		1293	arbitrary-exponent bigfloats can be I<extremely> slow (minutes, decades)
		1294	for large exponents (roughly 40 bit and longer).
		1295
		1296	Additionally, L<Math::BigInt> can take advantage of other bignum
		1297	libraries, such as L<Math::GMP>, which cannot handle big floats with large
		1298	exponents, and might simply abort or crash your program, due to their code
		1299	quality.
		1300
		1301	This can be a concern if you want to parse untrusted CBOR. If it is, you
		1302	might want to disable decoding of tag 2 (bigint) and 3 (negative bigint)
		1303	types. You should also disable types 5 and 265, as these can be slow even
		1304	without bigints.
		1305
		1306	Disabling bigints will also partially or fully disable types that rely on
		1307	them, e.g. rational numbers that use bignums.
		1308
691		1309
692	=head1 CBOR IMPLEMENTATION NOTES	1310	=head1 CBOR IMPLEMENTATION NOTES
693		1311
694	This section contains some random implementation notes. They do not	1312	This section contains some random implementation notes. They do not
695	describe guaranteed behaviour, but merely behaviour as-is implemented	1313	describe guaranteed behaviour, but merely behaviour as-is implemented
…		…
704	Only the double data type is supported for NV data types - when Perl uses	1322	Only the double data type is supported for NV data types - when Perl uses
705	long double to represent floating point values, they might not be encoded	1323	long double to represent floating point values, they might not be encoded
706	properly. Half precision types are accepted, but not encoded.	1324	properly. Half precision types are accepted, but not encoded.
707		1325
708	Strict mode and canonical mode are not implemented.	1326	Strict mode and canonical mode are not implemented.
		1327
		1328
		1329	=head1 LIMITATIONS ON PERLS WITHOUT 64-BIT INTEGER SUPPORT
		1330
		1331	On perls that were built without 64 bit integer support (these are rare
		1332	nowadays, even on 32 bit architectures, as all major Perl distributions
		1333	are built with 64 bit integer support), support for any kind of 64 bit
		1334	value in CBOR is very limited - most likely, these 64 bit values will
		1335	be truncated, corrupted, or otherwise not decoded correctly. This also
		1336	includes string, float, array and map sizes that are stored as 64 bit
		1337	integers.
709		1338
710		1339
711	=head1 THREADS	1340	=head1 THREADS
712		1341
713	This module is I<not> guaranteed to be thread safe and there are no	1342	This module is I<not> guaranteed to be thread safe and there are no
…		…
727	Please refrain from using rt.cpan.org or any other bug reporting	1356	Please refrain from using rt.cpan.org or any other bug reporting
728	service. I put the contact address into my modules for a reason.	1357	service. I put the contact address into my modules for a reason.
729		1358
730	=cut	1359	=cut
731		1360
		1361	# clumsy and slow hv_store-in-hash helper function
		1362	sub _hv_store {
		1363	$_[0]{$_[1]} = $_[2];
		1364	}
		1365
		1366	our %FILTER = (
		1367	0 => sub { # rfc4287 datetime, utf-8
		1368	require Time::Piece;
		1369	# Time::Piece::Strptime uses the "incredibly flexible date parsing routine"
		1370	# from FreeBSD, which can't parse ISO 8601, RFC3339, RFC4287 or much of anything
		1371	# else either. Whats incredibe over standard strptime totally escapes me.
		1372	# doesn't do fractional times, either. sigh.
		1373	# In fact, it's all a lie, it uses whatever strptime it wants, and of course,
		1374	# they are all incompatible. The openbsd one simply ignores %z (but according to the
		1375	# docs, it would be much more incredibly flexible indeed. If it worked, that is.).
		1376	scalar eval {
		1377	my $s = $_[1];
		1378
		1379	$s =~ s/Z$/+00:00/;
		1380	$s =~ s/(\.[0-9]+)?([+-][0-9][0-9]):([0-9][0-9])$//
		1381	or die;
		1382
		1383	my $b = $1 - ($2 * 60 + $3) * 60; # fractional part + offset. hopefully
		1384	my $d = Time::Piece->strptime ($s, "%Y-%m-%dT%H:%M:%S");
		1385
		1386	Time::Piece::gmtime ($d->epoch + $b)
		1387	} \|\| die "corrupted CBOR date/time string ($_[0])";
		1388	},
		1389
		1390	1 => sub { # seconds since the epoch, possibly fractional
		1391	require Time::Piece;
		1392	scalar Time::Piece::gmtime (pop)
		1393	},
		1394
		1395	2 => sub { # pos bigint
		1396	require Math::BigInt;
		1397	Math::BigInt->new ("0x" . unpack "H*", pop)
		1398	},
		1399
		1400	3 => sub { # neg bigint
		1401	require Math::BigInt;
		1402	-Math::BigInt->new ("0x" . unpack "H*", pop)
		1403	},
		1404
		1405	4 => sub { # decimal fraction, array
		1406	require Math::BigFloat;
		1407	Math::BigFloat->new ($_[1][1] . "E" . $_[1][0])
		1408	},
		1409
		1410	264 => sub { # decimal fraction with arbitrary exponent
		1411	require Math::BigFloat;
		1412	Math::BigFloat->new ($_[1][1] . "E" . $_[1][0])
		1413	},
		1414
		1415	5 => sub { # bigfloat, array
		1416	require Math::BigFloat;
		1417	scalar Math::BigFloat->new ($_[1][1]) * Math::BigFloat->new (2)->bpow ($_[1][0])
		1418	},
		1419
		1420	265 => sub { # bigfloat with arbitrary exponent
		1421	require Math::BigFloat;
		1422	scalar Math::BigFloat->new ($_[1][1]) * Math::BigFloat->new (2)->bpow ($_[1][0])
		1423	},
		1424
		1425	30 => sub { # rational number
		1426	require Math::BigRat;
		1427	Math::BigRat->new ("$_[1][0]/$_[1][1]") # separate parameters only work in recent versons
		1428	},
		1429
		1430	21 => sub { pop }, # expected conversion to base64url encoding
		1431	22 => sub { pop }, # expected conversion to base64 encoding
		1432	23 => sub { pop }, # expected conversion to base16 encoding
		1433
		1434	# 24 # embedded cbor, byte string
		1435
		1436	32 => sub {
		1437	require URI;
		1438	URI->new (pop)
		1439	},
		1440
		1441	# 33 # base64url rfc4648, utf-8
		1442	# 34 # base64 rfc46484, utf-8
		1443	# 35 # regex pcre/ecma262, utf-8
		1444	# 36 # mime message rfc2045, utf-8
		1445	);
		1446
		1447	sub default_filter {
		1448	&{ $FILTER{$_[0]} or return }
		1449	}
		1450
		1451	our %SAFE_FILTER = map { $_ => $FILTER{$_} } 0, 1, 21, 22, 23, 32;
		1452
		1453	sub safe_filter {
		1454	&{ $SAFE_FILTER{$_[0]} or return }
		1455	}
		1456
		1457	sub URI::TO_CBOR {
		1458	my $uri = $_[0]->as_string;
		1459	utf8::upgrade $uri;
		1460	tag 32, $uri
		1461	}
		1462
		1463	sub Math::BigInt::TO_CBOR {
		1464	if (-2147483648 <= $_[0] && $_[0] <= 2147483647) {
		1465	$_[0]->numify
		1466	} else {
		1467	my $hex = substr $_[0]->as_hex, 2;
		1468	$hex = "0$hex" if 1 & length $hex; # sigh
		1469	tag $_[0] >= 0 ? 2 : 3, pack "H*", $hex
		1470	}
		1471	}
		1472
		1473	sub Math::BigFloat::TO_CBOR {
		1474	my ($m, $e) = $_[0]->parts;
		1475
		1476	-9223372036854775808 <= $e && $e <= 18446744073709551615
		1477	? tag 4, [$e->numify, $m]
		1478	: tag 264, [$e, $m]
		1479	}
		1480
		1481	sub Math::BigRat::TO_CBOR {
		1482	my ($n, $d) = $_[0]->parts;
		1483
		1484	# older versions of BigRat need *1, as they not always return numbers
		1485
		1486	$d*1 == 1
		1487	? $n*1
		1488	: tag 30, [$n1, $d1]
		1489	}
		1490
		1491	sub Time::Piece::TO_CBOR {
		1492	tag 1, 0 + $_[0]->epoch
		1493	}
		1494
732	XSLoader::load "CBOR::XS", $VERSION;	1495	XSLoader::load "CBOR::XS", $VERSION;
733		1496
734	=head1 SEE ALSO	1497	=head1 SEE ALSO
735		1498
736	The L<JSON> and L<JSON::XS> modules that do similar, but human-readable,	1499	The L<JSON> and L<JSON::XS> modules that do similar, but human-readable,

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing CBOR-XS/XS.pm (file contents): Revision 1.19 by root, Wed Nov 20 01:09:46 2013 UTC vs. Revision 1.79 by root, Fri Dec 11 06:03:40 2020 UTC

Diff Legend

Comparing CBOR-XS/XS.pm (file contents):
Revision 1.19 by root, Wed Nov 20 01:09:46 2013 UTC vs.
Revision 1.79 by root, Fri Dec 11 06:03:40 2020 UTC