Skip to content

Python CBOR (de)serializer with extensive tag support

License

Notifications You must be signed in to change notification settings

agronholm/cbor2

Repository files navigation

Testing Status Publish Status Code Coverage Documentation Status

About

This library provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. The specification is fully compatible with the original RFC 7049. Read the docs to learn more.

It is implemented in pure python with an optional C backend.

On PyPy, cbor2 runs with almost identical performance to the C backend.

Features

  • Simple api like json or pickle modules.
  • Support many CBOR tags with stdlib objects.
  • Generic tag decoding.
  • Shared value references including cyclic references.
  • String references compact encoding with repeated strings replaced with indices.
  • Optional C module backend tested on big- and little-endian architectures.
  • Extensible tagged value handling using tag_hook and object_hook on decode and default on encode.
  • Command-line diagnostic tool, converting CBOR file or stream to JSON python -m cbor2.tool (This is a lossy conversion, for diagnostics only)
  • Thorough test suite.

Installation

pip install cbor2

Requirements

  • Python >= 3.9 (or PyPy3 3.9+)
  • C-extension: Any C compiler that can build Python extensions. Any modern libc with the exception of Glibc<2.9

Building the C-Extension

To force building of the optional C-extension, set OS env CBOR2_BUILD_C_EXTENSION=1. To disable building of the optional C-extension, set OS env CBOR2_BUILD_C_EXTENSION=0. If this environment variable is unset, setup.py will default to auto detecting a compatible C library and attempt to compile the extension.

Usage

Basic Usage

Command-line Usage

The provided command line tool (cbor2) converts CBOR data in raw binary or base64 encoding into a representation that allows printing as JSON. This is a lossy transformation as each datatype is converted into something that can be represented as a JSON value.

The tool can alternatively be invoked with python -m cbor2.tool.

Usage:

# Pass hexadecimal through xxd.
$ echo a16568656c6c6f65776f726c64 | xxd -r -ps | cbor2 --pretty
{
    "hello": "world"
}
# Decode Base64 directly
$ echo ggEC | python -m cbor2.tool --decode
[1, 2]
# Read from a file encoded in Base64
$ python -m cbor2.tool -d tests/examples.cbor.b64
{...}

It can be used in a pipeline with json processing tools like jq to allow syntax coloring, field extraction and more.

CBOR data items concatenated into a sequence can be decoded also:

$ echo ggECggMEggUG | cbor2 -d --sequence
[1, 2]
[3, 4]
[5, 6]

Multiple files can also be sent to a single output file:

$ cbor2 -o all_files.json file1.cbor file2.cbor ... fileN.cbor

Security

This library has not been tested against malicious input. In theory it should be as safe as JSON, since unlike pickle the decoder does not execute any code.