Home | History | Annotate | Download | only in safe_browsing 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 //
      5 // Client side phishing and malware detection request and response
      6 // protocol buffers.  Those protocol messages should be kept in sync
      7 // with the server implementation.
      8 //
      9 // If you want to change this protocol definition or you have questions
     10 // regarding its format please contact chrome-anti-phishing (a] googlegroups.com.
     11 
     12 syntax = "proto2";
     13 
     14 option optimize_for = LITE_RUNTIME;
     15 
     16 package safe_browsing;
     17 
     18 message ClientPhishingRequest {
     19   // URL that the client visited.  The CGI parameters are stripped by the
     20   // client.
     21   optional string url = 1;
     22 
     23   // A 5-byte SHA-256 hash prefix of the URL.  Before hashing the URL is
     24   // canonicalized, converted to a suffix-prefix expression and broadened
     25   // (www prefix is removed and everything past the last '/' is stripped).
     26   //
     27   // Marked OBSOLETE because the URL is sent for all users, making the hash
     28   // prefix unnecessary.
     29   optional bytes OBSOLETE_hash_prefix = 10;
     30 
     31   // Score that was computed on the client.  Value is between 0.0 and 1.0.
     32   // The larger the value the more likely the url is phishing.
     33   required float client_score = 2;
     34 
     35   // Note: we're skipping tag 3 because it was previously used.
     36 
     37   // Is true if the features for this URL were classified as phishing.
     38   // Currently, this will always be true for all client-phishing requests
     39   // that are sent to the server.
     40   optional bool is_phishing = 4;
     41 
     42   message Feature {
     43     // Feature name.  E.g., 'PageHasForms'.
     44     required string name = 1;
     45 
     46     // Feature value is always in the range [0.0, 1.0].  Boolean features
     47     // have value 1.0.
     48     required double value = 2;
     49   }
     50 
     51   // List of features that were extracted.  Those are the features that were
     52   // sent to the scorer and which resulted in client_score being computed.
     53   repeated Feature feature_map = 5;
     54 
     55   // The version number of the model that was used to compute the client-score.
     56   // Copied from ClientSideModel.version().
     57   optional int32 model_version = 6;
     58 
     59   // Field 7 is only used on the server.
     60 
     61   // List of features that are extracted in the client but are not used in the
     62   // machine learning model.
     63   repeated Feature non_model_feature_map = 8;
     64 
     65   // The referrer URL.  This field might not be set, for example, in the case
     66   // where the referrer uses HTTPs.
     67   // OBSOLETE: Use feature 'Referrer=<referrer>' instead.
     68   optional string OBSOLETE_referrer_url = 9;
     69 
     70   // Field 11 is only used on the server.
     71 }
     72 
     73 message ClientPhishingResponse {
     74   required bool phishy = 1;
     75 
     76   // A list of SafeBrowsing host-suffix / path-prefix expressions that
     77   // are whitelisted.  The client must match the current top-level URL
     78   // against these whitelisted expressions and only apply a positive
     79   // phishing verdict above if the URL does not match any expression
     80   // on this whitelist.  The client must not cache these whitelisted
     81   // expressions.  This whitelist will be empty for the vast majority
     82   // of the responses but might contain up to 100 entries in emergency
     83   // situations.
     84   //
     85   // Marked OBSOLETE because the URL is sent for all users, so the server
     86   // can do whitelist matching.
     87   repeated string OBSOLETE_whitelist_expression = 2;
     88 }
     89 
     90 message ClientMalwareRequest {
     91   // URL that the client visited.  The CGI parameters are stripped by the
     92   // client.
     93   required string url = 1;
     94 
     95   message Feature {
     96     // Feature name.  E.g., 'BadIpFetch='.
     97     required string name = 1;
     98 
     99     // Feature value is always in the range [0.0, 1.0].  Boolean features
    100     // have value 1.0.
    101     required double value = 2;
    102 
    103     // Optional meta information about this feature
    104     repeated string metainfo = 3;
    105   }
    106 
    107   // List of features that were extracted.
    108   repeated Feature feature_map = 2;
    109 
    110   // Field 3 is only used on the server.
    111 
    112   // The referrer URL.  This field might not be set, for example, in the case
    113   // where the referrer uses HTTPS.
    114   optional string referrer_url = 4;
    115 }
    116 
    117 message ClientMalwareResponse {
    118     required bool blacklist = 1;
    119     // The confirmed blacklisted bad IP, which will be shown in malware warning.
    120     // This IP string could be either in IPv4 or IPv6 format, which is the same
    121     // as the ones client sent to server.
    122     optional string bad_ip = 2;
    123 }
    124 
    125 message ClientDownloadRequest {
    126   // The final URL of the download (after all redirects).
    127   required string url = 1;
    128 
    129   // This message contains various binary digests of the download payload.
    130   message Digests {
    131     optional bytes sha256 = 1;
    132     optional bytes sha1 = 2;
    133     optional bytes md5 = 3;
    134   }
    135   required Digests digests = 2;
    136 
    137   // This is the length in bytes of the download payload.
    138   required int64 length = 3;
    139 
    140   // Type of the resources stored below.
    141   enum ResourceType {
    142     // The final URL of the download payload.  The resource URL should
    143     // correspond to the URL field above.
    144     DOWNLOAD_URL = 0;
    145     // A redirect URL that was fetched before hitting the final DOWNLOAD_URL.
    146     DOWNLOAD_REDIRECT = 1;
    147     // The final top-level URL of the tab that triggered the download.
    148     TAB_URL = 2;
    149     // A redirect URL thas was fetched before hitting the final TAB_URL.
    150     TAB_REDIRECT = 3;
    151   }
    152 
    153   message Resource {
    154     required string url = 1;
    155     required ResourceType type = 2;
    156     optional bytes remote_ip = 3;
    157     // This will only be set if the referrer is available and if the
    158     // resource type is either TAB_URL or DOWNLOAD_URL.
    159     optional string referrer = 4;
    160 
    161     // TODO(noelutz): add the transition type?
    162   }
    163 
    164   // This repeated field will store all the redirects as well as the
    165   // final URLs for the top-level tab URL (i.e., the URL that
    166   // triggered the download) as well as for the download URL itself.
    167   repeated Resource resources = 4;
    168 
    169   // A trust chain of certificates.  Each chain begins with the signing
    170   // certificate of the binary, and ends with a self-signed certificate,
    171   // typically from a trusted root CA.  This structure is analogous to
    172   // CERT_CHAIN_CONTEXT on Windows.
    173   message CertificateChain {
    174     // A single link in the chain.
    175     message Element {
    176       // DER-encoded X.509 representation of the certificate.
    177       optional bytes certificate = 1;
    178       // Fields 2 - 7 are only used on the server.
    179     }
    180     repeated Element element = 1;
    181   }
    182 
    183   message SignatureInfo {
    184     // All of the certificate chains for the binary's signing certificate.
    185     // If no chains are present, the binary is not signed.  Multiple chains
    186     // may be present if any certificate has multiple signers.
    187     repeated CertificateChain certificate_chain = 1;
    188 
    189     // True if the signature was trusted on the client.
    190     optional bool trusted = 2;
    191   }
    192 
    193   // This field will only be set if the binary is signed.
    194   optional SignatureInfo signature = 5;
    195 
    196   // True if the download was user initiated.
    197   optional bool user_initiated = 6;
    198 
    199   // Fields 7 and 8 are only used on the server.
    200 
    201   // Name of the file where the download would be stored if the
    202   // download completes.  E.g., "bla.exe".
    203   optional string file_basename = 9;
    204 
    205   // Starting with Chrome M19 we're also sending back pings for Chrome
    206   // extensions that get downloaded by users.
    207   enum DownloadType {
    208     WIN_EXECUTABLE = 0;    // Currently all .exe, .cab and .msi files.
    209     CHROME_EXTENSION = 1;  // .crx files.
    210     ANDROID_APK = 2;       // .apk files.
    211     // .zip files containing one of the above executable types.
    212     ZIPPED_EXECUTABLE = 3;
    213   }
    214   optional DownloadType download_type = 10 [default = WIN_EXECUTABLE];
    215 
    216   // Locale of the device, eg en, en_US.
    217   optional string locale = 11;
    218 
    219   // Field 12 is only used on the server.
    220 }
    221 
    222 message ClientDownloadResponse {
    223   enum Verdict {
    224     // Download is considered safe.
    225     SAFE = 0;
    226     // Download is considered dangerous.  Chrome should show a warning to the
    227     // user.
    228     DANGEROUS = 1;
    229     // Download is unknown.  Chrome should display a less severe warning.
    230     UNCOMMON = 2;
    231     // The download is potentially unwanted.
    232     POTENTIALLY_UNWANTED = 3;
    233     // The download is from a dangerous host.
    234     DANGEROUS_HOST = 4;
    235   }
    236   required Verdict verdict = 1;
    237 
    238   message MoreInfo {
    239     // A human-readable string describing the nature of the warning.
    240     // Only if verdict != SAFE. Localized based on request.locale.
    241     optional string description = 1;
    242 
    243     // A URL to get more information about this warning, if available.
    244     optional string url = 2;
    245   }
    246   optional MoreInfo more_info = 2;
    247 
    248   // An arbitrary token that should be sent along for further server requests.
    249   optional bytes token = 3;
    250 }
    251 
    252 // The following protocol buffer holds the feedback report gathered
    253 // from the user regarding the download.
    254 message ClientDownloadReport {
    255   // The information of user who provided the feedback.
    256   // This is going to be useful for handling appeals.
    257   message UserInformation {
    258     optional string email = 1;
    259   }
    260 
    261   enum Reason {
    262     SHARE = 0;
    263     FALSE_POSITIVE = 1;
    264     APPEAL = 2;
    265   }
    266 
    267   // The type of feedback for this report.
    268   optional Reason reason = 1;
    269 
    270   // The original download ping
    271   optional ClientDownloadRequest download_request = 2;
    272 
    273   // Stores the information of the user who provided the feedback.
    274   optional UserInformation user_information = 3;
    275 
    276   // Unstructed comments provided by the user.
    277   optional bytes comment = 4;
    278 
    279   // The original download response sent from the verdict server.
    280   optional ClientDownloadResponse download_response = 5;
    281 }
    282 
    283 // This is used to send back upload status to the client after upload completion
    284 message ClientUploadResponse {
    285   enum UploadStatus {
    286     // The upload was successful and a complete response can be expected
    287     SUCCESS = 0;
    288 
    289     // The upload was unsuccessful and the response is incomplete.
    290     UPLOAD_FAILURE = 1;
    291   }
    292 
    293   // Holds the upload status
    294   optional UploadStatus status = 1;
    295 
    296   // Holds the permalink where the results of scanning the binary are available
    297   optional string permalink = 2;
    298 }
    299