// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // // Client side phishing and malware detection request and response // protocol buffers. Those protocol messages should be kept in sync // with the server implementation. // // If you want to change this protocol definition or you have questions // regarding its format please contact chrome-anti-phishing@googlegroups.com. syntax = "proto2"; option optimize_for = LITE_RUNTIME; package safe_browsing; message ClientPhishingRequest { // URL that the client visited. The CGI parameters are stripped by the // client. optional string url = 1; // A 5-byte SHA-256 hash prefix of the URL. Before hashing the URL is // canonicalized, converted to a suffix-prefix expression and broadened // (www prefix is removed and everything past the last '/' is stripped). // // Marked OBSOLETE because the URL is sent for all users, making the hash // prefix unnecessary. optional bytes OBSOLETE_hash_prefix = 10; // Score that was computed on the client. Value is between 0.0 and 1.0. // The larger the value the more likely the url is phishing. required float client_score = 2; // Note: we're skipping tag 3 because it was previously used. // Is true if the features for this URL were classified as phishing. // Currently, this will always be true for all client-phishing requests // that are sent to the server. optional bool is_phishing = 4; message Feature { // Feature name. E.g., 'PageHasForms'. required string name = 1; // Feature value is always in the range [0.0, 1.0]. Boolean features // have value 1.0. required double value = 2; } // List of features that were extracted. Those are the features that were // sent to the scorer and which resulted in client_score being computed. repeated Feature feature_map = 5; // The version number of the model that was used to compute the client-score. // Copied from ClientSideModel.version(). optional int32 model_version = 6; // Field 7 is only used on the server. // List of features that are extracted in the client but are not used in the // machine learning model. repeated Feature non_model_feature_map = 8; // The referrer URL. This field might not be set, for example, in the case // where the referrer uses HTTPs. // OBSOLETE: Use feature 'Referrer=' instead. optional string OBSOLETE_referrer_url = 9; // Field 11 is only used on the server. } message ClientPhishingResponse { required bool phishy = 1; // A list of SafeBrowsing host-suffix / path-prefix expressions that // are whitelisted. The client must match the current top-level URL // against these whitelisted expressions and only apply a positive // phishing verdict above if the URL does not match any expression // on this whitelist. The client must not cache these whitelisted // expressions. This whitelist will be empty for the vast majority // of the responses but might contain up to 100 entries in emergency // situations. // // Marked OBSOLETE because the URL is sent for all users, so the server // can do whitelist matching. repeated string OBSOLETE_whitelist_expression = 2; } message ClientMalwareRequest { // URL that the client visited. The CGI parameters are stripped by the // client. required string url = 1; message Feature { // Feature name. E.g., 'BadIpFetch='. required string name = 1; // Feature value is always in the range [0.0, 1.0]. Boolean features // have value 1.0. required double value = 2; // Optional meta information about this feature repeated string metainfo = 3; } // List of features that were extracted. repeated Feature feature_map = 2; // Field 3 is only used on the server. // The referrer URL. This field might not be set, for example, in the case // where the referrer uses HTTPS. optional string referrer_url = 4; } message ClientMalwareResponse { required bool blacklist = 1; // The confirmed blacklisted bad IP, which will be shown in malware warning. // This IP string could be either in IPv4 or IPv6 format, which is the same // as the ones client sent to server. optional string bad_ip = 2; } message ClientDownloadRequest { // The final URL of the download (after all redirects). required string url = 1; // This message contains various binary digests of the download payload. message Digests { optional bytes sha256 = 1; optional bytes sha1 = 2; optional bytes md5 = 3; } required Digests digests = 2; // This is the length in bytes of the download payload. required int64 length = 3; // Type of the resources stored below. enum ResourceType { // The final URL of the download payload. The resource URL should // correspond to the URL field above. DOWNLOAD_URL = 0; // A redirect URL that was fetched before hitting the final DOWNLOAD_URL. DOWNLOAD_REDIRECT = 1; // The final top-level URL of the tab that triggered the download. TAB_URL = 2; // A redirect URL thas was fetched before hitting the final TAB_URL. TAB_REDIRECT = 3; } message Resource { required string url = 1; required ResourceType type = 2; optional bytes remote_ip = 3; // This will only be set if the referrer is available and if the // resource type is either TAB_URL or DOWNLOAD_URL. optional string referrer = 4; // TODO(noelutz): add the transition type? } // This repeated field will store all the redirects as well as the // final URLs for the top-level tab URL (i.e., the URL that // triggered the download) as well as for the download URL itself. repeated Resource resources = 4; // A trust chain of certificates. Each chain begins with the signing // certificate of the binary, and ends with a self-signed certificate, // typically from a trusted root CA. This structure is analogous to // CERT_CHAIN_CONTEXT on Windows. message CertificateChain { // A single link in the chain. message Element { // DER-encoded X.509 representation of the certificate. optional bytes certificate = 1; // Fields 2 - 7 are only used on the server. } repeated Element element = 1; } message SignatureInfo { // All of the certificate chains for the binary's signing certificate. // If no chains are present, the binary is not signed. Multiple chains // may be present if any certificate has multiple signers. repeated CertificateChain certificate_chain = 1; // True if the signature was trusted on the client. optional bool trusted = 2; } // This field will only be set if the binary is signed. optional SignatureInfo signature = 5; // True if the download was user initiated. optional bool user_initiated = 6; // Fields 7 and 8 are only used on the server. // Name of the file where the download would be stored if the // download completes. E.g., "bla.exe". optional string file_basename = 9; // Starting with Chrome M19 we're also sending back pings for Chrome // extensions that get downloaded by users. enum DownloadType { WIN_EXECUTABLE = 0; // Currently all .exe, .cab and .msi files. CHROME_EXTENSION = 1; // .crx files. ANDROID_APK = 2; // .apk files. // .zip files containing one of the above executable types. ZIPPED_EXECUTABLE = 3; } optional DownloadType download_type = 10 [default = WIN_EXECUTABLE]; // Locale of the device, eg en, en_US. optional string locale = 11; // Field 12 is only used on the server. } message ClientDownloadResponse { enum Verdict { // Download is considered safe. SAFE = 0; // Download is considered dangerous. Chrome should show a warning to the // user. DANGEROUS = 1; // Download is unknown. Chrome should display a less severe warning. UNCOMMON = 2; // The download is potentially unwanted. POTENTIALLY_UNWANTED = 3; // The download is from a dangerous host. DANGEROUS_HOST = 4; } required Verdict verdict = 1; message MoreInfo { // A human-readable string describing the nature of the warning. // Only if verdict != SAFE. Localized based on request.locale. optional string description = 1; // A URL to get more information about this warning, if available. optional string url = 2; } optional MoreInfo more_info = 2; // An arbitrary token that should be sent along for further server requests. optional bytes token = 3; } // The following protocol buffer holds the feedback report gathered // from the user regarding the download. message ClientDownloadReport { // The information of user who provided the feedback. // This is going to be useful for handling appeals. message UserInformation { optional string email = 1; } enum Reason { SHARE = 0; FALSE_POSITIVE = 1; APPEAL = 2; } // The type of feedback for this report. optional Reason reason = 1; // The original download ping optional ClientDownloadRequest download_request = 2; // Stores the information of the user who provided the feedback. optional UserInformation user_information = 3; // Unstructed comments provided by the user. optional bytes comment = 4; // The original download response sent from the verdict server. optional ClientDownloadResponse download_response = 5; } // This is used to send back upload status to the client after upload completion message ClientUploadResponse { enum UploadStatus { // The upload was successful and a complete response can be expected SUCCESS = 0; // The upload was unsuccessful and the response is incomplete. UPLOAD_FAILURE = 1; } // Holds the upload status optional UploadStatus status = 1; // Holds the permalink where the results of scanning the binary are available optional string permalink = 2; }