path: root/chrome/common/safe_browsing/csd.proto

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// Client side phishing and malware detection request and response
// protocol buffers.  Those protocol messages should be kept in sync
// with the server implementation.
//
// If you want to change this protocol definition or you have questions
// regarding its format please contact chrome-anti-phishing@googlegroups.com.

syntax = "proto2";

option optimize_for = LITE_RUNTIME;

package safe_browsing;

message ClientPhishingRequest {
  // URL that the client visited.  The CGI parameters are stripped by the
  // client.
  optional string url = 1;

  // A 5-byte SHA-256 hash prefix of the URL.  Before hashing the URL is
  // canonicalized, converted to a suffix-prefix expression and broadened
  // (www prefix is removed and everything past the last '/' is stripped).
  //
  // Marked OBSOLETE because the URL is sent for all users, making the hash
  // prefix unnecessary.
  optional bytes OBSOLETE_hash_prefix = 10;

  // Score that was computed on the client.  Value is between 0.0 and 1.0.
  // The larger the value the more likely the url is phishing.
  required float client_score = 2;

  // Note: we're skipping tag 3 because it was previously used.

  // Is true if the features for this URL were classified as phishing.
  // Currently, this will always be true for all client-phishing requests
  // that are sent to the server.
  optional bool is_phishing = 4;

  message Feature {
    // Feature name.  E.g., 'PageHasForms'.
    required string name = 1;

    // Feature value is always in the range [0.0, 1.0].  Boolean features
    // have value 1.0.
    required double value = 2;
  }

  // List of features that were extracted.  Those are the features that were
  // sent to the scorer and which resulted in client_score being computed.
  repeated Feature feature_map = 5;

  // The version number of the model that was used to compute the client-score.
  // Copied from ClientSideModel.version().
  optional int32 model_version = 6;

  // Field 7 is only used on the server.

  // List of features that are extracted in the client but are not used in the
  // machine learning model.
  repeated Feature non_model_feature_map = 8;

  // The referrer URL.  This field might not be set, for example, in the case
  // where the referrer uses HTTPs.
  // OBSOLETE: Use feature 'Referrer=<referrer>' instead.
  optional string OBSOLETE_referrer_url = 9;

  // Field 11 is only used on the server.
}

message ClientPhishingResponse {
  required bool phishy = 1;

  // A list of SafeBrowsing host-suffix / path-prefix expressions that
  // are whitelisted.  The client must match the current top-level URL
  // against these whitelisted expressions and only apply a positive
  // phishing verdict above if the URL does not match any expression
  // on this whitelist.  The client must not cache these whitelisted
  // expressions.  This whitelist will be empty for the vast majority
  // of the responses but might contain up to 100 entries in emergency
  // situations.
  //
  // Marked OBSOLETE because the URL is sent for all users, so the server
  // can do whitelist matching.
  repeated string OBSOLETE_whitelist_expression = 2;
}

message ClientMalwareRequest {
  // URL that the client visited.  The CGI parameters are stripped by the
  // client.
  required string url = 1;

  message Feature {
    // Feature name.  E.g., 'BadIpFetch='.
    required string name = 1;

    // Feature value is always in the range [0.0, 1.0].  Boolean features
    // have value 1.0.
    required double value = 2;

    // Optional meta information about this feature
    repeated string metainfo = 3;
  }

  // List of features that were extracted.
  repeated Feature feature_map = 2;

  // Field 3 is only used on the server.

  // The referrer URL.  This field might not be set, for example, in the case
  // where the referrer uses HTTPS.
  optional string referrer_url = 4;
}

message ClientMalwareResponse {
  required bool blacklist = 1;
  // The confirmed blacklisted bad IP and its url, which will be shown in
  // malware warning, if the blacklist verdict is true.
  // This IP string could be either in IPv4 or IPv6 format, which is the same
  // as the ones client sent to server.
  optional string bad_ip = 2;
  optional string bad_url = 3;
}

message ClientDownloadRequest {
  // The final URL of the download (after all redirects).
  required string url = 1;

  // This message contains various binary digests of the download payload.
  message Digests {
    optional bytes sha256 = 1;
    optional bytes sha1 = 2;
    optional bytes md5 = 3;
  }
  required Digests digests = 2;

  // This is the length in bytes of the download payload.
  required int64 length = 3;

  // Type of the resources stored below.
  enum ResourceType {
    // The final URL of the download payload.  The resource URL should
    // correspond to the URL field above.
    DOWNLOAD_URL = 0;
    // A redirect URL that was fetched before hitting the final DOWNLOAD_URL.
    DOWNLOAD_REDIRECT = 1;
    // The final top-level URL of the tab that triggered the download.
    TAB_URL = 2;
    // A redirect URL thas was fetched before hitting the final TAB_URL.
    TAB_REDIRECT = 3;
  }

  message Resource {
    required string url = 1;
    required ResourceType type = 2;
    optional bytes remote_ip = 3;
    // This will only be set if the referrer is available and if the
    // resource type is either TAB_URL or DOWNLOAD_URL.
    optional string referrer = 4;

    // TODO(noelutz): add the transition type?
  }

  // This repeated field will store all the redirects as well as the
  // final URLs for the top-level tab URL (i.e., the URL that
  // triggered the download) as well as for the download URL itself.
  repeated Resource resources = 4;

  // A trust chain of certificates.  Each chain begins with the signing
  // certificate of the binary, and ends with a self-signed certificate,
  // typically from a trusted root CA.  This structure is analogous to
  // CERT_CHAIN_CONTEXT on Windows.
  message CertificateChain {
    // A single link in the chain.
    message Element {
      // DER-encoded X.509 representation of the certificate.
      optional bytes certificate = 1;
      // Fields 2 - 7 are only used on the server.
    }
    repeated Element element = 1;
  }

  message SignatureInfo {
    // All of the certificate chains for the binary's signing certificate.
    // If no chains are present, the binary is not signed.  Multiple chains
    // may be present if any certificate has multiple signers.
    repeated CertificateChain certificate_chain = 1;

    // True if the signature was trusted on the client.
    optional bool trusted = 2;
  }

  // This field will only be set if the binary is signed.
  optional SignatureInfo signature = 5;

  // True if the download was user initiated.
  optional bool user_initiated = 6;

  // Fields 7 and 8 are only used on the server.

  // Name of the file where the download would be stored if the
  // download completes.  E.g., "bla.exe".
  optional string file_basename = 9;

  // Starting with Chrome M19 we're also sending back pings for Chrome
  // extensions that get downloaded by users.
  enum DownloadType {
    WIN_EXECUTABLE = 0;    // Currently all .exe, .cab and .msi files.
    CHROME_EXTENSION = 1;  // .crx files.
    ANDROID_APK = 2;       // .apk files.
    // .zip files containing one of the above executable types.
    ZIPPED_EXECUTABLE = 3;
  }
  optional DownloadType download_type = 10 [default = WIN_EXECUTABLE];

  // Locale of the device, eg en, en_US.
  optional string locale = 11;

  // Field 12 is only used on the server.
}

message ClientDownloadResponse {
  enum Verdict {
    // Download is considered safe.
    SAFE = 0;
    // Download is considered dangerous.  Chrome should show a warning to the
    // user.
    DANGEROUS = 1;
    // Download is unknown.  Chrome should display a less severe warning.
    UNCOMMON = 2;
    // The download is potentially unwanted.
    POTENTIALLY_UNWANTED = 3;
    // The download is from a dangerous host.
    DANGEROUS_HOST = 4;
  }
  required Verdict verdict = 1;

  message MoreInfo {
    // A human-readable string describing the nature of the warning.
    // Only if verdict != SAFE. Localized based on request.locale.
    optional string description = 1;

    // A URL to get more information about this warning, if available.
    optional string url = 2;
  }
  optional MoreInfo more_info = 2;

  // An arbitrary token that should be sent along for further server requests.
  optional bytes token = 3;
}

// The following protocol buffer holds the feedback report gathered
// from the user regarding the download.
message ClientDownloadReport {
  // The information of user who provided the feedback.
  // This is going to be useful for handling appeals.
  message UserInformation {
    optional string email = 1;
  }

  enum Reason {
    SHARE = 0;
    FALSE_POSITIVE = 1;
    APPEAL = 2;
  }

  // The type of feedback for this report.
  optional Reason reason = 1;

  // The original download ping
  optional ClientDownloadRequest download_request = 2;

  // Stores the information of the user who provided the feedback.
  optional UserInformation user_information = 3;

  // Unstructed comments provided by the user.
  optional bytes comment = 4;

  // The original download response sent from the verdict server.
  optional ClientDownloadResponse download_response = 5;
}

// This is used to send back upload status to the client after upload completion
message ClientUploadResponse {
  enum UploadStatus {
    // The upload was successful and a complete response can be expected
    SUCCESS = 0;

    // The upload was unsuccessful and the response is incomplete.
    UPLOAD_FAILURE = 1;
  }

  // Holds the upload status
  optional UploadStatus status = 1;

  // Holds the permalink where the results of scanning the binary are available
  optional string permalink = 2;
}