| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| // |
| // This proto file includes: |
| // (1) Client side phishing and malware detection request and response |
| // protocol buffers. Those protocol messages should be kept in sync |
| // with the server implementation. |
| // |
| // (2) Safe Browsing reporting protocol buffers. |
| // A ClientSafeBrowsingReportRequest is sent when a user opts-in to |
| // sending detailed threat reports from the safe browsing interstitial page. |
| // It is a list of Resource messages, which may contain the url of a |
| // resource such as the page in the address bar or any other resource |
| // that was loaded for this page. |
| // In addition to the url, a resource can contain HTTP request and response |
| // headers and bodies. |
| // |
| // If you want to change this protocol definition or you have questions |
| // regarding its format please contact chrome-anti-phishing@googlegroups.com. |
| |
| syntax = "proto2"; |
| |
| option optimize_for = LITE_RUNTIME; |
| |
| package safe_browsing; |
| |
| // Protocol buffer describing the Chrome user population of the user reporting |
| // data. |
| message ChromeUserPopulation { |
| enum UserPopulation { |
| UNKNOWN_USER_POPULATION = 0; |
| SAFE_BROWSING = 1; |
| EXTENDED_REPORTING = 2; |
| } |
| optional UserPopulation user_population = 1; |
| |
| // If user enabled history sync. |
| optional bool is_history_sync_enabled = 2; |
| |
| // The finch active groups this user belongs to (if any). Active group is |
| // defined by finch trial name and group name. Trial name and group name are |
| // concatenated with separator "|", e.g. "PingOnlyTrial|DefaultGroup". |
| repeated string finch_active_groups = 4; |
| |
| // Whether and how the current Chrome profile is being managed. |
| enum ProfileManagementStatus { |
| // Value not set. |
| UNKNOWN = 0; |
| |
| // Profile management status is unavailable. |
| UNAVAILABLE = 1; |
| |
| // The profile is not managed. |
| NOT_MANAGED = 2; |
| |
| // Chrome is being managed by enterprise policies. |
| ENTERPRISE_MANAGED = 3; |
| } |
| optional ProfileManagementStatus profile_management_status = 5 |
| [default = UNKNOWN]; |
| } |
| |
| message ClientPhishingRequest { |
| // URL that the client visited. The CGI parameters are stripped by the |
| // client. |
| optional string url = 1; |
| |
| // A 5-byte SHA-256 hash prefix of the URL. Before hashing the URL is |
| // canonicalized, converted to a suffix-prefix expression and broadened |
| // (www prefix is removed and everything past the last '/' is stripped). |
| // |
| // Marked OBSOLETE because the URL is sent for all users, making the hash |
| // prefix unnecessary. |
| optional bytes OBSOLETE_hash_prefix = 10; |
| |
| // Score that was computed on the client. Value is between 0.0 and 1.0. |
| // The larger the value the more likely the url is phishing. |
| required float client_score = 2; |
| |
| // Note: we're skipping tag 3 because it was previously used. |
| |
| // Is true if the features for this URL were classified as phishing. |
| // Currently, this will always be true for all client-phishing requests |
| // that are sent to the server. |
| optional bool is_phishing = 4; |
| |
| message Feature { |
| // Feature name. E.g., 'PageHasForms'. |
| required string name = 1; |
| |
| // Feature value is always in the range [0.0, 1.0]. Boolean features |
| // have value 1.0. |
| required double value = 2; |
| } |
| |
| // List of features that were extracted. Those are the features that were |
| // sent to the scorer and which resulted in client_score being computed. |
| repeated Feature feature_map = 5; |
| |
| // The version number of the model that was used to compute the client-score. |
| // Copied from ClientSideModel.version(). |
| optional int32 model_version = 6; |
| |
| // Field 7 is only used on the server. |
| |
| // List of features that are extracted in the client but are not used in the |
| // machine learning model. |
| repeated Feature non_model_feature_map = 8; |
| |
| // The referrer URL. This field might not be set, for example, in the case |
| // where the referrer uses HTTPs. |
| // OBSOLETE: Use feature 'Referrer=<referrer>' instead. |
| optional string OBSOLETE_referrer_url = 9; |
| |
| // Field 11 is only used on the server. |
| |
| // List of shingle hashes we extracted. |
| repeated uint32 shingle_hashes = 12 [packed = true]; |
| |
| // The model filename (basename) that was used by the client. |
| optional string model_filename = 13; |
| |
| // Population that the reporting user is part of. |
| optional ChromeUserPopulation population = 14; |
| } |
| |
| message ClientPhishingResponse { |
| required bool phishy = 1; |
| |
| // A list of SafeBrowsing host-suffix / path-prefix expressions that |
| // are whitelisted. The client must match the current top-level URL |
| // against these whitelisted expressions and only apply a positive |
| // phishing verdict above if the URL does not match any expression |
| // on this whitelist. The client must not cache these whitelisted |
| // expressions. This whitelist will be empty for the vast majority |
| // of the responses but might contain up to 100 entries in emergency |
| // situations. |
| // |
| // Marked OBSOLETE because the URL is sent for all users, so the server |
| // can do whitelist matching. |
| repeated string OBSOLETE_whitelist_expression = 2; |
| } |
| |
| message ClientMalwareRequest { |
| // URL that the client visited. The CGI parameters are stripped by the |
| // client. |
| required string url = 1; |
| |
| // Field 2 is deleted and no longer in use. |
| |
| // Field 3 is only used on the server. |
| |
| // The referrer URL. This field might not be set, for example, in the case |
| // where the referrer uses HTTPS. |
| optional string referrer_url = 4; |
| |
| // Field 5 and 6 are only used on the server. |
| |
| message UrlInfo { |
| required string ip = 1; |
| required string url = 2; |
| optional string method = 3; |
| optional string referrer = 4; |
| // Resource type, the int value is a direct cast from the Type enum |
| // of ResourceType class defined in //src/webkit/commom/resource_type.h |
| optional int32 resource_type = 5; |
| } |
| |
| // List of resource urls that match the malware IP list. |
| repeated UrlInfo bad_ip_url_info = 7; |
| |
| // Population that the reporting user is part of. |
| optional ChromeUserPopulation population = 9; |
| } |
| |
| // The message is used for client request to determine whether the provided URL |
| // is safe for the purposes of entering user credentials for logging in. |
| message LoginReputationClientRequest { |
| // The top level frame URL of the webpage that hosts the login form. |
| optional string page_url = 1; |
| |
| // Type for the request. |
| // It could be low reputation request or password reuse request. |
| enum TriggerType { |
| TRIGGER_TYPE_UNSPECIFIED = 0; |
| UNFAMILIAR_LOGIN_PAGE = 1; |
| PASSWORD_REUSE_EVENT = 2; |
| } |
| optional TriggerType trigger_type = 2; |
| |
| // The message contains features which can describe a frame. A frame can be |
| // a top level web page or an iframe. |
| message Frame { |
| // Id of a frame. The frame whose index = 0 is the top level web page. |
| optional int32 frame_index = 1; |
| |
| // Id of the parent frame. |
| optional int32 parent_frame_index = 2; |
| |
| // Url of the frame. If could be top level url (from web page) or url of |
| // the iframe. |
| optional string url = 3; |
| |
| // Whether the frame contains password field. |
| optional bool has_password_field = 4; |
| |
| // If we can find the complete referrer chain, this field will contains URLs |
| // transitions from landing referrer to event in reverse chronological |
| // order, i.e. event url comes first in this list, and landing referrer |
| // comes last. |
| // For Safe Browsing Extended Reporting or Scout users, if the referrer |
| // chain is empty or partially missing, we will add/append recent navigation |
| // events to this list. The type of these entries will be RECENT_NAVIGATION. |
| repeated ReferrerChainEntry referrer_chain = 5; |
| |
| // Options and metadata about the above referrer chain. |
| optional ReferrerChainOptions referrer_chain_options = 7; |
| |
| // The message contains features of a form. |
| message Form { |
| // Action url of the form. |
| optional string action_url = 1; |
| |
| // Whether the form contains password field. |
| optional bool has_password_field = 2; |
| } |
| |
| repeated Form forms = 6; |
| |
| // next available tag number: 8. |
| } |
| |
| repeated Frame frames = 3; |
| |
| // The message contains fields needed for a password reuse event. |
| // Next tag: 4 |
| message PasswordReuseEvent { |
| // Domains from the Chrome password manager DB that are associated with |
| // the same password as the one triggering this event. The field is filled |
| // in only when TriggerType is PASSWORD_REUSE_EVENT, and only for users |
| // opted in to extended reporting. |
| repeated string domains_matching_password = 1; |
| |
| // The frame that the password reuse is detected. |
| optional int32 frame_id = 2; |
| |
| // Whether the reused password is used for Chrome signin. |
| optional bool is_chrome_signin_password = 3; |
| |
| // Sync account type. Only set if |is_chrome_signin_password| is true. |
| enum SyncAccountType { |
| // Not a sign-in user. |
| NOT_SIGNED_IN = 0; |
| |
| // User signed in with @gmail.com, or @googlemail.com account. |
| GMAIL = 1; |
| |
| // User signed in with a G Suite account. |
| GSUITE = 2; |
| } |
| optional SyncAccountType sync_account_type = 4; |
| |
| // Type of password being reused. |
| enum ReusedPasswordType { |
| REUSED_PASSWORD_TYPE_UNKNOWN = 0; |
| |
| // Password saved in Chrome's password manager. |
| SAVED_PASSWORD = 1; |
| |
| // Password used in Chrome sign-in. |
| SIGN_IN_PASSWORD = 2; |
| |
| // Other Gaia password used in Chrome's content area other than Chrome's |
| // sign-in password. |
| OTHER_GAIA_PASSWORD = 3; |
| |
| // Non-Gaia enterprise password captured from enterprise login page. |
| ENTERPRISE_PASSWORD = 4; |
| } |
| optional ReusedPasswordType reused_password_type = 5 |
| [default = REUSED_PASSWORD_TYPE_UNKNOWN]; |
| } |
| |
| optional PasswordReuseEvent password_reuse_event = 4; |
| |
| // The number of verdicts stored on the client. |
| optional int32 stored_verdict_cnt = 5; |
| |
| // Chrome user population. |
| optional ChromeUserPopulation population = 6; |
| |
| // If user clicked through safe browsing interstitial on this page. |
| optional bool clicked_through_interstitial = 7; |
| |
| // The MIME type of the page, e.g. "application/pdf". |
| optional string content_type = 8; |
| } |
| |
| // The message is used for client response for login reputation requests. |
| message LoginReputationClientResponse { |
| // Type of verdicts issued by the server. |
| enum VerdictType { |
| VERDICT_TYPE_UNSPECIFIED = 0; |
| // No warning will be displayed. |
| SAFE = 1; |
| // The site has low reputation or low popularity. |
| LOW_REPUTATION = 2; |
| // The url matches with blacklist entries. |
| PHISHING = 3; |
| } |
| optional VerdictType verdict_type = 1; |
| |
| // TTL of the verdict in seconds. |
| optional int64 cache_duration_sec = 2; |
| |
| // A host-suffix/path-prefix expression which defines a collections of pages |
| // with common ownership from the same domain. |
| // Generally, the pattern is defined on the granularity of domains. |
| // For domains managed by multiple parties, especially in the case of large |
| // hosting sites (e.g., geocities.com), we further divide the domains. |
| // |
| // Examples: |
| // www.google.com/foo/bar?param=val -> google.com |
| // www.geocities.com/foo/bar.html -> geocities.com/foo |
| // adwords.blogspot.com/index.html -> adwords.blogspot.com |
| // |
| // The pattern will always match the page_url of the request, and will be |
| // a substring of page_url. |
| optional string cache_expression = 3; |
| |
| // Deprecated. |
| optional bool DEPRECATED_cache_expression_exact_match = 4 [deprecated = true]; |
| |
| // A token unique to each request which correlates response and post-warning |
| // actions. |
| optional bytes verdict_token = 5; |
| } |
| |
| message ClientMalwareResponse { |
| required bool blacklist = 1; |
| // The confirmed blacklisted bad IP and its url, which will be shown in |
| // malware warning, if the blacklist verdict is true. |
| // This IP string could be either in IPv4 or IPv6 format, which is the same |
| // as the ones client sent to server. |
| optional string bad_ip = 2; |
| optional string bad_url = 3; |
| } |
| |
| message ClientDownloadRequest { |
| // The final URL of the download (after all redirects). |
| required string url = 1; |
| |
| // This message contains various binary digests of the download payload. |
| message Digests { |
| optional bytes sha256 = 1; |
| optional bytes sha1 = 2; |
| optional bytes md5 = 3; |
| } |
| required Digests digests = 2; |
| |
| // This is the length in bytes of the download payload. |
| required int64 length = 3; |
| |
| // Type of the resources stored below. |
| enum ResourceType { |
| // The final URL of the download payload. The resource URL should |
| // correspond to the URL field above. |
| DOWNLOAD_URL = 0; |
| // A redirect URL that was fetched before hitting the final DOWNLOAD_URL. |
| DOWNLOAD_REDIRECT = 1; |
| // The final top-level URL of the tab that triggered the download. |
| TAB_URL = 2; |
| // A redirect URL thas was fetched before hitting the final TAB_URL. |
| TAB_REDIRECT = 3; |
| // The document URL for a PPAPI plugin instance that initiated the download. |
| // This is the document.url for the container element for the plugin |
| // instance. |
| PPAPI_DOCUMENT = 4; |
| // The plugin URL for a PPAPI plugin instance that initiated the download. |
| PPAPI_PLUGIN = 5; |
| } |
| |
| message Resource { |
| required string url = 1; |
| required ResourceType type = 2; |
| optional bytes remote_ip = 3; |
| // This will only be set if the referrer is available and if the |
| // resource type is either TAB_URL or DOWNLOAD_URL. |
| optional string referrer = 4; |
| |
| // TODO(noelutz): add the transition type? |
| } |
| |
| // This repeated field will store all the redirects as well as the |
| // final URLs for the top-level tab URL (i.e., the URL that |
| // triggered the download) as well as for the download URL itself. |
| repeated Resource resources = 4; |
| |
| // A trust chain of certificates. Each chain begins with the signing |
| // certificate of the binary, and ends with a self-signed certificate, |
| // typically from a trusted root CA. This structure is analogous to |
| // CERT_CHAIN_CONTEXT on Windows. |
| message CertificateChain { |
| // A single link in the chain. |
| message Element { |
| // DER-encoded X.509 representation of the certificate. |
| optional bytes certificate = 1; |
| // Fields 2 - 7 are only used on the server. |
| } |
| repeated Element element = 1; |
| } |
| |
| // This is an OS X only message to report extended attribute informations. |
| // Extended attributes on OS X are used for various security mechanisms, |
| // which makes them interesting to Chrome. |
| message ExtendedAttr { |
| // This is the name of the extended attribute. |
| required string key = 1; |
| // This is the value of the extended attribute. |
| optional bytes value = 2; |
| } |
| |
| message SignatureInfo { |
| // All certificate chains for each of the binary's signers. Multiple chains |
| // may be present if the binary or any certificate has multiple signers. |
| // Absence of certificate chains does not imply that the binary is not |
| // signed (in that case, SignedData blobs extracted from the binary may be |
| // preset), but does mean that trust has not been verified. |
| repeated CertificateChain certificate_chain = 1; |
| |
| // True if the signature was trusted on the client. |
| optional bool trusted = 2; |
| |
| // On Windows, PKCS#7 SignedData blobs extracted from a portable executable |
| // image's attribute certificate table. The presence of these does not imply |
| // that the signatures were deemed trusted by the client. |
| // On Mac, this is the code signature blob referenced by the |
| // LC_CODE_SIGNATURE load command. |
| repeated bytes signed_data = 3; |
| |
| // On OS X, code signing data can be contained in the extended attributes of |
| // a file. As Gatekeeper respects this signature, we look for it and collect |
| // it. |
| repeated ExtendedAttr xattr = 4; |
| } |
| |
| // This field will only be set if the binary is signed. |
| optional SignatureInfo signature = 5; |
| |
| // True if the download was user initiated. |
| optional bool user_initiated = 6; |
| |
| // Fields 7 and 8 are only used on the server. |
| |
| // Name of the file where the download would be stored if the |
| // download completes. E.g., "bla.exe". |
| optional string file_basename = 9; |
| |
| // Starting with Chrome M19 we're also sending back pings for Chrome |
| // extensions that get downloaded by users. |
| enum DownloadType { |
| WIN_EXECUTABLE = 0; // Currently all .exe, .cab and .msi files. |
| CHROME_EXTENSION = 1; // .crx files. |
| ANDROID_APK = 2; // .apk files. |
| // .zip files containing one of the other executable types. |
| ZIPPED_EXECUTABLE = 3; |
| MAC_EXECUTABLE = 4; // .dmg, .pkg, etc. |
| ZIPPED_ARCHIVE = 5; // .zip file containing another archive. |
| ARCHIVE = 6; // Archive that doesn't have a specific DownloadType. |
| // A .zip that Chrome failed to unpack to the point of finding exe/zips. |
| INVALID_ZIP = 7; |
| // A .dmg, .pkg, etc, that Chrome failed to unpack to the point of finding |
| // Mach O's. |
| INVALID_MAC_ARCHIVE = 8; |
| // A download request initiated via PPAPI. Typically the requestor is |
| // a Flash applet. |
| PPAPI_SAVE_REQUEST = 9; |
| // A file we don't support, but we've decided to sample and send |
| // a light-ping. |
| SAMPLED_UNSUPPORTED_FILE = 10; |
| // .rar file containing one of the other executable types. |
| RAR_COMPRESSED_EXECUTABLE = 11; |
| // .rar file containing another archive. |
| RAR_COMPRESSED_ARCHIVE = 12; |
| // .rar file that Chrome failed to unpack to the point of finding |
| // executables or archives. |
| INVALID_RAR = 13; |
| } |
| optional DownloadType download_type = 10 [default = WIN_EXECUTABLE]; |
| |
| // Locale of the device, eg en, en_US. |
| optional string locale = 11; |
| |
| message PEImageHeaders { |
| // IMAGE_DOS_HEADER. |
| optional bytes dos_header = 1; |
| // IMAGE_FILE_HEADER. |
| optional bytes file_header = 2; |
| // IMAGE_OPTIONAL_HEADER32. Present only for 32-bit PE images. |
| optional bytes optional_headers32 = 3; |
| // IMAGE_OPTIONAL_HEADER64. Present only for 64-bit PE images. |
| optional bytes optional_headers64 = 4; |
| // IMAGE_SECTION_HEADER. |
| repeated bytes section_header = 5; |
| // Contents of the .edata section. |
| optional bytes export_section_data = 6; |
| |
| message DebugData { |
| // IMAGE_DEBUG_DIRECTORY. |
| optional bytes directory_entry = 1; |
| optional bytes raw_data = 2; |
| } |
| |
| repeated DebugData debug_data = 7; |
| } |
| |
| message MachOHeaders { |
| // The mach_header or mach_header_64 struct. |
| required bytes mach_header = 1; |
| |
| message LoadCommand { |
| // |command_id| is the first uint32 of |command| as well, but is |
| // extracted for easier processing. |
| required uint32 command_id = 1; |
| // The entire data stream of the load command. |
| required bytes command = 2; |
| } |
| |
| // All the load commands of the Mach-O file. |
| repeated LoadCommand load_commands = 2; |
| } |
| |
| message ImageHeaders { |
| // Windows Portable Executable image headers. |
| optional PEImageHeaders pe_headers = 1; |
| |
| // OS X Mach-O image headers. |
| repeated MachOHeaders mach_o_headers = 2; |
| }; |
| |
| // Fields 12-17 are reserved for server-side use and are never sent by the |
| // client. |
| |
| optional ImageHeaders image_headers = 18; |
| |
| // Fields 19-21 are reserved for server-side use and are never sent by the |
| // client. |
| |
| // A binary or archive contained in an archive (e.g., a .exe in a .zip |
| // archive, or a .zip inside a .zip). |
| message ArchivedBinary { |
| optional string file_basename = 1; |
| optional DownloadType download_type = 2; |
| optional Digests digests = 3; |
| optional int64 length = 4; |
| optional SignatureInfo signature = 5; |
| optional ImageHeaders image_headers = 6; |
| } |
| |
| repeated ArchivedBinary archived_binary = 22; |
| |
| // Population that the reporting user is part of. |
| optional ChromeUserPopulation population = 24; |
| |
| // True if the .zip or DMG, etc, was 100% successfully unpacked. |
| optional bool archive_valid = 26; |
| |
| // True if this ClientDownloadRequest is from a whitelisted domain. |
| optional bool skipped_url_whitelist = 28; |
| |
| // True if this ClientDownloadRequest contains a whitelisted certificate. |
| optional bool skipped_certificate_whitelist = 31; |
| |
| // PPAPI_SAVE_REQUEST type messages may have more than one suggested filetype. |
| // Each element in this collection indicates an alternate extension including |
| // the leading extension separator. |
| repeated string alternate_extensions = 35; |
| |
| // If we can find the complete referrer chain, this field will contains URLs |
| // transitions from landing referrer to event in reverse chronological |
| // order, i.e. event url comes first in this list, and landing referrer |
| // comes last. |
| // For Safe Browsing Extended Reporting or Scout users, if the referrer chain |
| // is empty or partially missing, we will add/append recent navigation events |
| // to this list. The type of these entries will be RECENT_NAVIGATION. |
| repeated ReferrerChainEntry referrer_chain = 36; |
| |
| // Options and metadata about the above referrer chain. |
| optional ReferrerChainOptions referrer_chain_options = 50; |
| |
| // Deprecated. |
| optional bool DEPRECATED_download_attribution_finch_enabled = 39 |
| [deprecated = true]; |
| |
| // The Mac disk image code signature. |
| // The underlying structure of code signature is defined at |
| // https://opensource.apple.com/source/xnu/xnu-2782.1.97/bsd/sys/codesign.h |
| optional bytes udif_code_signature = 40; |
| |
| // Mac-only. A detached code signature contains the DER-encoded PKCS7 data |
| // of a codesigned artifact. Detached signatures are used for signing files |
| // that are not Mach-O and thus cannot have a LC_CODE_SIGNATURE load command. |
| message DetachedCodeSignature { |
| required string file_name = 1; |
| required bytes contents = 2; |
| } |
| repeated DetachedCodeSignature detached_code_signature = 59; |
| |
| // next available tag number: 60; |
| } |
| |
| message ReferrerChainOptions { |
| // The number of recent navigations we'd like to collect. This number is |
| // controlled by Finch parameter and its default value is 0. |
| optional int32 recent_navigations_to_collect = 1 [default = 0]; |
| } |
| |
| // Please update SafeBrowsingNavigationObserverManager::SanitizeReferrerChain() |
| // if you're adding more fields to this message. |
| message ReferrerChainEntry { |
| enum URLType { |
| // URL of safe browsing events that are at the end of the referrer chain. |
| // e.g. URL of a download, URL of a low reputation login page, etc. |
| EVENT_URL = 1; // e.g. |
| |
| // Landing page is the page user directly interacts with to trigger the |
| // above event, e.g. the page where user clicks a download button. |
| LANDING_PAGE = 2; |
| |
| // Landing referrer is the one user directly interacts with right before |
| // navigating to the landing page. |
| LANDING_REFERRER = 3; |
| |
| // Client redirect refers to committed navigation between landing page and |
| // the targeted event, or between landing referrer page and landing page. |
| // Client redirect is not triggered by user gesture. |
| CLIENT_REDIRECT = 4; |
| |
| DEPRECATED_SERVER_REDIRECT = 5; // Deprecated |
| |
| // For Safe Browsing Extended Reporting or Scout users, if the referrer |
| // chain is empty or partially missing, we will add/append recent navigation |
| // events to this list. RECENT_NAVIGATION type is set for these cases. |
| RECENT_NAVIGATION = 6; |
| } |
| |
| enum NavigationInitiation { |
| // Convenient default value, should not be used in real ReferrerChainEntry. |
| UNDEFINED = 0; |
| |
| // Navigation is initiated by the browser process. e.g. user enters url into |
| // address bar, or user opens a bookmark. |
| BROWSER_INITIATED = 1; |
| |
| // Navigation is initiated by the renderer process and there is no user |
| // gesture associate with this navigation. e.g. |
| // * redirect via the <meta http-equiv="refresh"> tag |
| // * change window.location.href |
| RENDERER_INITIATED_WITHOUT_USER_GESTURE = 2; |
| |
| // Navigation is initiated by the renderer process and there is a clear user |
| // gesture associate with this navigation. e.g. |
| // * <a> link click |
| // * using window.history.pushState (i.e. back, forward button interaction) |
| RENDERER_INITIATED_WITH_USER_GESTURE = 3; |
| } |
| |
| message ServerRedirect { |
| // [required] server redirect url |
| optional string url = 1; |
| |
| // Additional fields for future expansion. |
| } |
| |
| // [required] The url of this Entry. |
| optional string url = 1; |
| |
| // Only set if it is different from |url|. |
| optional string main_frame_url = 9; |
| |
| // Type of URLs, such as event url, landing page, etc. |
| optional URLType type = 2 [default = CLIENT_REDIRECT]; |
| |
| // IP addresses corresponding to this host. |
| repeated string ip_addresses = 3; |
| |
| // Referrer url of this entry. |
| optional string referrer_url = 4; |
| |
| // Main frame URL of referrer. |
| // Only set if it is different from |referrer_url|. |
| optional string referrer_main_frame_url = 5; |
| |
| // If this URL loads in a different tab/frame from previous one. |
| optional bool is_retargeting = 6; |
| |
| optional double navigation_time_msec = 7; |
| |
| // Set only if server redirects happened in navigation. |
| // The first entry in |server_redirect_chain| should be the original request |
| // url, and the last entry should be the same as |url|. |
| repeated ServerRedirect server_redirect_chain = 8; |
| |
| // How this navigation is initiated. |
| optional NavigationInitiation navigation_initiation = 10; |
| |
| // Whether we think this entry may have been launched by an external |
| // application. This will have no false negatives, but some false positives |
| // are possible. |
| optional bool maybe_launched_by_external_application = 11; |
| |
| // next available tag number: 12. |
| } // End of ReferrerChainEntry |
| |
| message ClientDownloadResponse { |
| enum Verdict { |
| // Download is considered safe. |
| SAFE = 0; |
| // Download is considered dangerous. Chrome should show a warning to the |
| // user. |
| DANGEROUS = 1; |
| // Download is uncommon. Chrome should display a less severe warning. |
| UNCOMMON = 2; |
| // The download is potentially unwanted. |
| POTENTIALLY_UNWANTED = 3; |
| // The download is from a dangerous host. |
| DANGEROUS_HOST = 4; |
| // The backend doesn't have confidence in its verdict of this file. |
| // Chrome should show the default warning if configured for this file type. |
| UNKNOWN = 5; |
| } |
| optional Verdict verdict = 1 [default = SAFE]; |
| |
| message MoreInfo { |
| // A human-readable string describing the nature of the warning. |
| // Only if verdict != SAFE. Localized based on request.locale. |
| optional string description = 1; |
| |
| // A URL to get more information about this warning, if available. |
| optional string url = 2; |
| } |
| optional MoreInfo more_info = 2; |
| |
| // An arbitrary token that should be sent along for further server requests. |
| optional bytes token = 3; |
| |
| // Whether the server requests that this binary be uploaded. |
| optional bool upload = 5; |
| } |
| |
| // The following protocol buffer holds the feedback report gathered |
| // from the user regarding the download. |
| message ClientDownloadReport { |
| // The information of user who provided the feedback. |
| // This is going to be useful for handling appeals. |
| message UserInformation { optional string email = 1; } |
| |
| enum Reason { |
| SHARE = 0; |
| FALSE_POSITIVE = 1; |
| APPEAL = 2; |
| } |
| |
| // The type of feedback for this report. |
| optional Reason reason = 1; |
| |
| // The original download ping |
| optional ClientDownloadRequest download_request = 2; |
| |
| // Stores the information of the user who provided the feedback. |
| optional UserInformation user_information = 3; |
| |
| // Unstructed comments provided by the user. |
| optional bytes comment = 4; |
| |
| // The original download response sent from the verdict server. |
| optional ClientDownloadResponse download_response = 5; |
| } |
| |
| // This is used to send back upload status to the client after upload completion |
| message ClientUploadResponse { |
| enum UploadStatus { |
| // The upload was successful and a complete response can be expected |
| SUCCESS = 0; |
| |
| // The upload was unsuccessful and the response is incomplete. |
| UPLOAD_FAILURE = 1; |
| } |
| |
| // Holds the upload status |
| optional UploadStatus status = 1; |
| |
| // Holds the permalink where the results of scanning the binary are available |
| optional string permalink = 2; |
| } |
| |
| message ClientIncidentReport { |
| message IncidentData { |
| message TrackedPreferenceIncident { |
| enum ValueState { |
| UNKNOWN = 0; |
| CLEARED = 1; |
| WEAK_LEGACY_OBSOLETE = 2; |
| CHANGED = 3; |
| UNTRUSTED_UNKNOWN_VALUE = 4; |
| BYPASS_CLEARED = 5; |
| BYPASS_CHANGED = 6; |
| } |
| |
| optional string path = 1; |
| optional string atomic_value = 2; |
| repeated string split_key = 3; |
| optional ValueState value_state = 4; |
| } |
| |
| message BinaryIntegrityIncident { |
| optional string file_basename = 1; |
| optional ClientDownloadRequest.SignatureInfo signature = 2; |
| optional ClientDownloadRequest.ImageHeaders image_headers = 3; |
| optional int32 sec_error = 4; |
| |
| message ContainedFile { |
| optional string relative_path = 1; |
| optional ClientDownloadRequest.SignatureInfo signature = 2; |
| optional ClientDownloadRequest.ImageHeaders image_headers = 3; |
| } |
| repeated ContainedFile contained_file = 5; |
| } |
| |
| message ResourceRequestIncident { |
| enum Type { |
| UNKNOWN = 0; |
| TYPE_PATTERN = 3; |
| } |
| optional bytes digest = 1; |
| optional string origin = 2; |
| optional Type type = 3 [default = UNKNOWN]; |
| } |
| |
| optional int64 incident_time_msec = 1; |
| optional TrackedPreferenceIncident tracked_preference = 2; |
| optional BinaryIntegrityIncident binary_integrity = 3; |
| // Note: skip tag 4,5,6 because they were previously used. |
| reserved 4 to 6; |
| optional ResourceRequestIncident resource_request = 7; |
| // Note: skip tag 8 because it was previously used. |
| reserved 8; |
| } |
| |
| repeated IncidentData incident = 1; |
| |
| message DownloadDetails { |
| optional bytes token = 1; |
| optional ClientDownloadRequest download = 2; |
| optional int64 download_time_msec = 3; |
| optional int64 open_time_msec = 4; |
| } |
| |
| optional DownloadDetails download = 2; |
| |
| message EnvironmentData { |
| message OS { |
| optional string os_name = 1; |
| optional string os_version = 2; |
| |
| message RegistryValue { |
| optional string name = 1; |
| optional uint32 type = 2; |
| optional bytes data = 3; |
| } |
| |
| message RegistryKey { |
| optional string name = 1; |
| repeated RegistryValue value = 2; |
| repeated RegistryKey key = 3; |
| } |
| |
| repeated RegistryKey registry_key = 3; |
| |
| optional bool is_enrolled_to_domain = 4; |
| } |
| optional OS os = 1; |
| message Machine { |
| optional string cpu_architecture = 1; |
| optional string cpu_vendor = 2; |
| optional uint32 cpuid = 3; |
| } |
| optional Machine machine = 2; |
| message Process { |
| optional string version = 1; |
| repeated string OBSOLETE_dlls = 2; |
| message Patch { |
| optional string function = 1; |
| optional string target_dll = 2; |
| } |
| repeated Patch patches = 3; |
| message NetworkProvider {} |
| repeated NetworkProvider network_providers = 4; |
| enum Channel { |
| CHANNEL_UNKNOWN = 0; |
| CHANNEL_CANARY = 1; |
| CHANNEL_DEV = 2; |
| CHANNEL_BETA = 3; |
| CHANNEL_STABLE = 4; |
| } |
| optional Channel chrome_update_channel = 5; |
| optional int64 uptime_msec = 6; |
| optional bool metrics_consent = 7; |
| // Obsolete: extended consent is now required for incident reporting. |
| optional bool OBSOLETE_extended_consent = 8; |
| message Dll { |
| enum Feature { |
| UNKNOWN = 0; |
| LSP = 1; |
| } |
| optional string path = 1; |
| optional uint64 base_address = 2; |
| optional uint32 length = 3; |
| repeated Feature feature = 4; |
| optional ClientDownloadRequest.ImageHeaders image_headers = 5; |
| } |
| repeated Dll dll = 9; |
| repeated string blacklisted_dll = 10; |
| message ModuleState { |
| enum ModifiedState { |
| UNKNOWN = 0; |
| MODULE_STATE_UNKNOWN = 1; |
| MODULE_STATE_UNMODIFIED = 2; |
| MODULE_STATE_MODIFIED = 3; |
| } |
| optional string name = 1; |
| optional ModifiedState modified_state = 2; |
| repeated string OBSOLETE_modified_export = 3; |
| |
| message Modification { |
| optional uint32 file_offset = 1; |
| optional int32 byte_count = 2; |
| optional bytes modified_bytes = 3; |
| optional string export_name = 4; |
| } |
| repeated Modification modification = 4; |
| } |
| repeated ModuleState module_state = 11; |
| // Obsolete: field trials no longer enable incident reporting. |
| optional bool OBSOLETE_field_trial_participant = 12; |
| } |
| optional Process process = 3; |
| } |
| |
| message ExtensionData { |
| message ExtensionInfo { |
| enum ExtensionState { |
| STATE_UNKNOWN = 0; |
| STATE_ENABLED = 1; |
| STATE_DISABLED = 2; |
| STATE_BLACKLISTED = 3; |
| STATE_BLOCKED = 4; |
| STATE_TERMINATED = 5; |
| } |
| |
| optional string id = 1; |
| optional string version = 2; |
| optional string name = 3; |
| optional string description = 4; |
| optional ExtensionState state = 5 [default = STATE_UNKNOWN]; |
| optional int32 type = 6; |
| optional string update_url = 7; |
| optional bool has_signature_validation = 8; |
| optional bool signature_is_valid = 9; |
| optional bool installed_by_custodian = 10; |
| optional bool installed_by_default = 11; |
| optional bool installed_by_oem = 12; |
| optional bool from_bookmark = 13; |
| optional bool from_webstore = 14; |
| optional bool converted_from_user_script = 15; |
| optional bool may_be_untrusted = 16; |
| optional int64 install_time_msec = 17; |
| optional int32 manifest_location_type = 18; |
| optional string manifest = 19; |
| } |
| |
| optional ExtensionInfo last_installed_extension = 1; |
| } |
| |
| optional EnvironmentData environment = 3; |
| |
| // Population that the reporting user is part of. |
| optional ChromeUserPopulation population = 7; |
| |
| optional ExtensionData extension_data = 8; |
| |
| message NonBinaryDownloadDetails { |
| optional string file_type = 1; |
| optional bytes url_spec_sha256 = 2; |
| optional string host = 3; |
| optional int64 length = 4; |
| } |
| |
| optional NonBinaryDownloadDetails non_binary_download = 9; |
| } |
| |
| message ClientIncidentResponse { |
| optional bytes token = 1; |
| optional bool download_requested = 2; |
| |
| message EnvironmentRequest { optional int32 dll_index = 1; } |
| |
| repeated EnvironmentRequest environment_requests = 3; |
| } |
| |
| message DownloadMetadata { |
| optional uint32 download_id = 1; |
| |
| optional ClientIncidentReport.DownloadDetails download = 2; |
| } |
| |
| // A Detailed Safebrowsing Report from clients. Chrome safebrowsing reports are |
| // only sent by Chrome users who have opted into extended Safe Browsing. |
| // This proto is replacing ClientMalwareReportRequest. |
| // Next tag: 24 |
| message ClientSafeBrowsingReportRequest { |
| // Note: A lot of the "optional" fields would make sense to be |
| // "required" instead. However, having them as optional allows the |
| // clients to send "stripped down" versions of the message in the |
| // future, if we want to. |
| |
| enum ReportType { |
| UNKNOWN = 0; |
| URL_PHISHING = 1; |
| URL_MALWARE = 2; |
| URL_UNWANTED = 3; |
| URL_CLIENT_SIDE_PHISHING = 4; |
| URL_CLIENT_SIDE_MALWARE = 5; |
| DANGEROUS_DOWNLOAD_RECOVERY = 6; |
| DANGEROUS_DOWNLOAD_WARNING = 7; |
| DANGEROUS_DOWNLOAD_BY_API = 10; |
| URL_PASSWORD_PROTECTION_PHISHING = 12; |
| DANGEROUS_DOWNLOAD_OPENED = 13; |
| AD_SAMPLE = 14; |
| URL_SUSPICIOUS = 15; |
| } |
| |
| message HTTPHeader { |
| required bytes name = 1; |
| optional bytes value = 2; |
| } |
| |
| message HTTPRequest { |
| message FirstLine { |
| optional bytes verb = 1; |
| optional bytes uri = 2; |
| optional bytes version = 3; |
| } |
| |
| optional FirstLine firstline = 1; |
| repeated HTTPHeader headers = 2; |
| optional bytes body = 3; |
| |
| // bodydigest and bodylength can be useful if the report does not |
| // contain the body itself. |
| optional bytes bodydigest = 4; // 32-byte hex md5 digest of body. |
| optional int32 bodylength = 5; // length of body. |
| } |
| |
| message HTTPResponse { |
| message FirstLine { |
| optional int32 code = 1; |
| optional bytes message = 2; |
| optional bytes version = 3; |
| } |
| |
| optional FirstLine firstline = 1; |
| repeated HTTPHeader headers = 2; |
| optional bytes body = 3; |
| optional bytes bodydigest = 4; // 32-byte hex md5 digest of body. |
| optional int32 bodylength = 5; // length of body. |
| optional bytes remote_ip = 6; // IP of the server. |
| } |
| |
| message Resource { |
| required int32 id = 1; |
| optional string url = 2; |
| optional HTTPRequest request = 3; |
| optional HTTPResponse response = 4; |
| optional int32 parent_id = 5; |
| repeated int32 child_ids = 6; |
| optional string tag_name = 7; |
| } |
| |
| optional ReportType type = 10; |
| |
| // Only set if ReportType is DANGEROUS_DOWNLOAD_RECOVERY, |
| // DANGEROUS_DOWNLOAD_WARNING or DANGEROUS_DOWNLOAD_BY_API. |
| optional ClientDownloadResponse.Verdict download_verdict = 11; |
| |
| // URL of the page in the address bar. |
| optional string url = 1; |
| optional string page_url = 2; |
| optional string referrer_url = 3; |
| |
| repeated Resource resources = 4; |
| |
| // Contains the hierarchy of elements on the page (ie: the DOM). Some |
| // elements can be Resources and will refer to the resources list (above). |
| repeated HTMLElement dom = 16; |
| |
| // Whether the report is complete. |
| optional bool complete = 5; |
| |
| // The ASN and country of the client IP. These fields are filled up by |
| // csd_frontend |
| repeated string client_asn = 6; |
| optional string client_country = 7; |
| |
| // Whether user chose to proceed. |
| optional bool did_proceed = 8; |
| |
| // Whether user visited this origin before. |
| optional bool repeat_visit = 9; |
| |
| // The same token in ClientDownloadResponse or LoginReputationClientResponse. |
| // This field is only set if its report type is DANGEROUS_DOWNLOAD_RECOVERY, |
| // DANGEROUS_DOWNLOAD_WARNING, DANGEROUS_DOWNLOAD_BY_API, |
| // URL_PASSWORD_PROTECTION_PHISHING, or DANGEROUS_DOWNLOAD_OPENED. |
| optional bytes token = 15; |
| |
| enum SafeBrowsingUrlApiType { |
| SAFE_BROWSING_URL_API_TYPE_UNSPECIFIED = 0; |
| // Native implementation of Safe Browsing API v3 protocol. |
| PVER3_NATIVE = 1; |
| // Native implementation of Safe Browsing API v4 protocol. |
| PVER4_NATIVE = 2; |
| // Android SafetyNet API. |
| // https://developer.android.com/training/safetynet/safebrowsing.html |
| ANDROID_SAFETYNET = 3; |
| // Flywheel (data compression service). |
| FLYWHEEL = 4; |
| } |
| |
| // The information propagated from the client about various environment |
| // variables including SDK version, Google Play Services version and so on. |
| message SafeBrowsingClientProperties { |
| optional string client_version = 1; |
| optional int64 google_play_services_version = 2; |
| optional bool is_instant_apps = 3; |
| optional SafeBrowsingUrlApiType url_api_type = 4; |
| } |
| optional SafeBrowsingClientProperties client_properties = 17; |
| |
| // Only set if report type is DANGEROUS_DOWNLOAD_EXECUTION. |
| // True means user opened the folder where this download is in via browser. |
| // False means user directly executed this download via download shelf or |
| // other download UIs. |
| optional bool show_download_in_folder = 18; |
| |
| // If we can find the complete referrer chain, this field will contains URLs |
| // transitions from landing referrer to event in reverse chronological |
| // order, i.e. event url comes first in this list, and landing referrer |
| // comes last. |
| repeated ReferrerChainEntry referrer_chain = 23; |
| } |
| |
| // An HTML Element on the page (eg: iframe, div, script, etc). |
| message HTMLElement { |
| // Id of this element. |
| optional int32 id = 1; |
| |
| // The tag type of this element (eg: iframe, div, script, etc). |
| optional string tag = 2; |
| |
| // IDs of elements that are children of this element. |
| repeated int32 child_ids = 3; |
| |
| // If this element represents a Resource then this is the id of the |
| // Resource, which contains additional data about the Resource. Otherwise |
| // unset. |
| optional int32 resource_id = 5; |
| |
| // An Attribute of the element (eg: id, border, foo etc) and its value. |
| message Attribute { |
| optional string name = 1; |
| optional string value = 2; |
| } |
| repeated Attribute attribute = 6; |
| } |
| |
| // Canonical representation of raster image data. |
| message ImageData { |
| // Image bitmap, after downscaling to <= 512x512. |
| optional bytes data = 1; |
| |
| // Encoding scheme for the bitmap. |
| optional string mime_type = 2; |
| |
| message Dimensions { |
| optional int32 width = 1; |
| optional int32 height = 2; |
| } |
| |
| // Dimensions of the image stored in |data|. |
| optional Dimensions dimensions = 3; |
| optional Dimensions original_dimensions = 4; // iff downscaled |
| } |
| |
| // Reporting protobuf for an image served as part of a browser notification. |
| // There is no response (an empty body) to this request. |
| message NotificationImageReportRequest { |
| optional string notification_origin = 1; // Src-origin of the notification. |
| optional ImageData image = 2; // The bitmap of the image. |
| |
| // Note that the image URL is deliberately omitted as it would be untrusted, |
| // since the notification image fetch may be intercepted by a Service Worker |
| // (even if the image URL is cross-origin). Otherwise a website could mislead |
| // Safe Browsing into associating phishing image bitmaps with safe image URLs. |
| } |
| |
| // Protobuf for Chrome extension webstore install request. |
| message ExtensionWebStoreInstallRequest { |
| // If we can find the complete referrer chain, this field will contain URL |
| // transitions from landing referrer to event in reverse chronological |
| // order, i.e. event url comes first in this list, and landing referrer |
| // comes last. |
| // For Safe Browsing Extended Reporting or Scout users, if the referrer |
| // chain is empty or partially missing, we will add/append recent navigation |
| // events to this list. The type of these entries will be RECENT_NAVIGATION. |
| repeated ReferrerChainEntry referrer_chain = 1; |
| |
| // Options and metadata about the above referrer chain. |
| optional ReferrerChainOptions referrer_chain_options = 2; |
| } |