| // Copyright 2015 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| // |
| // This file includes Safe Browsing V4 API blacklist request and response |
| // protocol buffers. They should be kept in sync with the server implementation. |
| |
| syntax = "proto2"; |
| |
| option optimize_for = LITE_RUNTIME; |
| |
| package safe_browsing; |
| |
| message ThreatInfo { |
| // The threat types to be checked. |
| repeated ThreatType threat_types = 1; |
| |
| // The platform types to be checked. |
| repeated PlatformType platform_types = 2; |
| |
| // The entry types to be checked. |
| repeated ThreatEntryType threat_entry_types = 4; |
| |
| // The threat entries to be checked. |
| repeated ThreatEntry threat_entries = 3; |
| } |
| |
| // A match when checking a threat entry in the Safe Browsing threat lists. |
| message ThreatMatch { |
| // The threat type matching this threat. |
| optional ThreatType threat_type = 1; |
| |
| // The platform type matching this threat. |
| optional PlatformType platform_type = 2; |
| |
| // The threat entry type matching this threat. |
| optional ThreatEntryType threat_entry_type = 6; |
| |
| // The threat matching this threat. |
| optional ThreatEntry threat = 3; |
| |
| // Optional metadata associated with this threat. |
| optional ThreatEntryMetadata threat_entry_metadata = 4; |
| |
| // The cache lifetime for the returned match. Clients must not cache this |
| // response for more than this duration to avoid false positives. |
| optional Duration cache_duration = 5; |
| } |
| |
| // Request to check entries against lists. |
| message FindThreatMatchesRequest { |
| // The client metadata. |
| optional ClientInfo client = 1; |
| |
| // The lists and entries to be checked for matches. |
| optional ThreatInfo threat_info = 2; |
| } |
| |
| // Response type for requests to find threat matches. |
| message FindThreatMatchesResponse { |
| // The threat list matches. |
| repeated ThreatMatch matches = 1; |
| } |
| |
| // Describes a Safe Browsing API update request. Clients can request updates for |
| // multiple lists in a single request. |
| message FetchThreatListUpdatesRequest { |
| // The client metadata. |
| optional ClientInfo client = 1; |
| |
| // A single list update request. |
| message ListUpdateRequest { |
| // The type of threat posed by entries present in the list. |
| optional ThreatType threat_type = 1; |
| |
| // The type of platform at risk by entries present in the list. |
| optional PlatformType platform_type = 2; |
| |
| // The types of entries present in the list. |
| optional ThreatEntryType threat_entry_type = 5; |
| |
| // The current state of the client for the requested list (the encrypted |
| // ClientState that was sent to the client from the previous update |
| // request). |
| optional bytes state = 3; |
| |
| // The constraints for this update. |
| message Constraints { |
| // The maximum size in number of entries. The update will not contain more |
| // entries than this value. This should be a power of 2 between 2**10 and |
| // 2**20. If zero, no update size limit is set. |
| optional int32 max_update_entries = 1; |
| |
| // Sets the maxmimum number of entries that the client is willing to have |
| // in the local database. This should be a power of 2 between 2**10 and |
| // 2**20. If zero, no database size limit is set. |
| optional int32 max_database_entries = 2; |
| |
| // Requests the list for a specific geographic location. If not set the |
| // server may pick that value based on the user's IP address. Expects ISO |
| // 3166-1 alpha-2 format. |
| optional string region = 3; |
| |
| // The compression types supported by the client. |
| repeated CompressionType supported_compressions = 4; |
| } |
| |
| // The constraints associated with this request. |
| optional Constraints constraints = 4; |
| } |
| |
| // The requested threat list updates. |
| repeated ListUpdateRequest list_update_requests = 3; |
| |
| // Chrome-specific client information. |
| optional ChromeClientInfo chrome_client_info = 4; |
| } |
| |
| // Response type for threat list update requests. |
| message FetchThreatListUpdatesResponse { |
| // An update to an individual list. |
| message ListUpdateResponse { |
| // The threat type for which data is returned. |
| optional ThreatType threat_type = 1; |
| |
| // The format of the threats. |
| optional ThreatEntryType threat_entry_type = 2; |
| |
| // The platform type for which data is returned. |
| optional PlatformType platform_type = 3; |
| |
| // The type of response sent to the client. |
| enum ResponseType { |
| // Unknown. |
| RESPONSE_TYPE_UNSPECIFIED = 0; |
| |
| // Partial updates are applied to the client's existing local database. |
| PARTIAL_UPDATE = 1; |
| |
| // Full updates replace the client's entire local database. This means |
| // that either the client was seriously out-of-date or the client is |
| // believed to be corrupt. |
| FULL_UPDATE = 2; |
| } |
| |
| // The type of response. This may indicate that an action is required by the |
| // client when the response is received. |
| optional ResponseType response_type = 4; |
| |
| // A set of entries to add to a local threat type's list. Repeated to allow |
| // for a combination of compressed and raw data to be sent in a single |
| // response. |
| repeated ThreatEntrySet additions = 5; |
| |
| // A set of entries to remove from a local threat type's list. In practice, |
| // this field is empty or contains exactly one ThreatEntrySet. |
| repeated ThreatEntrySet removals = 6; |
| |
| // The new client state, in encrypted format. Opaque to clients. |
| optional bytes new_client_state = 7; |
| |
| // The expected SHA256 hash of the client state; that is, of the sorted list |
| // of all hashes present in the database after applying the provided update. |
| // If the client state doesn't match the expected state, the client must |
| // disregard this update and retry later. |
| optional Checksum checksum = 8; |
| } |
| |
| // The list updates requested by the clients. |
| repeated ListUpdateResponse list_update_responses = 1; |
| |
| // The minimum duration the client must wait before issuing any update |
| // request. If this field is not set clients may update as soon as they want. |
| optional Duration minimum_wait_duration = 2; |
| } |
| |
| // Request to return full hashes matched by the provided hash prefixes. |
| message FindFullHashesRequest { |
| // The client metadata. |
| optional ClientInfo client = 1; |
| |
| // The current client states for each of the client's local threat lists. |
| repeated bytes client_states = 2; |
| |
| // The lists and hashes to be checked. |
| optional ThreatInfo threat_info = 3; |
| } |
| |
| // Response type for requests to find full hashes. |
| message FindFullHashesResponse { |
| // The full hashes that matched the requested prefixes. |
| repeated ThreatMatch matches = 1; |
| |
| // The minimum duration the client must wait before issuing any find hashes |
| // request. If this field is not set, clients can issue a request as soon as |
| // they want. |
| optional Duration minimum_wait_duration = 2; |
| |
| // For requested entities that did not match the threat list, how long to |
| // cache the response. |
| optional Duration negative_cache_duration = 3; |
| } |
| |
| // A hit comprised of multiple resources; one is the threat list entry that was |
| // encountered by the client, while others give context as to how the client |
| // arrived at the unsafe entry. |
| message ThreatHit { |
| // The threat type reported. |
| optional ThreatType threat_type = 1; |
| |
| // The platform type reported. |
| optional PlatformType platform_type = 2; |
| |
| // The threat entry responsible for the hit. Full hash should be reported for |
| // hash-based hits. |
| optional ThreatEntry entry = 3; |
| |
| // Types of resources reported by the client as part of a single hit. |
| enum ThreatSourceType { |
| // Unknown. |
| THREAT_SOURCE_TYPE_UNSPECIFIED = 0; |
| // The URL that matched the threat list (for which GetFullHash returned a |
| // valid hash). |
| MATCHING_URL = 1; |
| // The final top-level URL of the tab that the client was browsing when the |
| // match occurred. |
| TAB_URL = 2; |
| // A redirect URL that was fetched before hitting the final TAB_URL. |
| TAB_REDIRECT = 3; |
| } |
| |
| // A single resource related to a threat hit. |
| message ThreatSource { |
| // The URL of the resource. |
| optional string url = 1; |
| |
| // The type of source reported. |
| optional ThreatSourceType type = 2; |
| |
| // The remote IP of the resource in ASCII format. Either IPv4 or IPv6. |
| optional string remote_ip = 3; |
| |
| // Referrer of the resource. Only set if the referrer is available. |
| optional string referrer = 4; |
| } |
| |
| // The resources related to the threat hit. |
| repeated ThreatSource resources = 4; |
| } |
| |
| // Types of threats. |
| enum ThreatType { |
| // Unknown. |
| THREAT_TYPE_UNSPECIFIED = 0; |
| |
| // Malware threat type. |
| MALWARE_THREAT = 1; |
| |
| // Social engineering threat type. |
| SOCIAL_ENGINEERING_PUBLIC = 2; |
| |
| // Unwanted software threat type. |
| UNWANTED_SOFTWARE = 3; |
| |
| // Potentially harmful application threat type. |
| POTENTIALLY_HARMFUL_APPLICATION = 4; |
| |
| // Social engineering threat type for internal use. |
| SOCIAL_ENGINEERING = 5; |
| |
| // API abuse threat type. |
| API_ABUSE = 6; |
| |
| // Malicious binary threat type. |
| MALICIOUS_BINARY = 7; |
| |
| // Client side detection whitelist threat type. |
| CSD_WHITELIST = 8; |
| |
| // Client side download detection whitelist threat type. |
| CSD_DOWNLOAD_WHITELIST = 9; |
| |
| // Client incident threat type. |
| CLIENT_INCIDENT = 10; |
| |
| // Patterns to be used for activating the subresource filter. Interstitial |
| // will not be shown for patterns from this list. |
| SUBRESOURCE_FILTER = 13; |
| |
| // Entities that are suspected to present a threat. |
| SUSPICIOUS = 14; |
| |
| // Billing threat list. The internal proto's enum name is different |
| BILLING = 15; |
| } |
| |
| // Types of platforms. |
| enum PlatformType { |
| // Unknown platform. |
| PLATFORM_TYPE_UNSPECIFIED = 0; |
| |
| // Threat posed to Windows. |
| WINDOWS_PLATFORM = 1; |
| |
| // Threat posed to Linux. |
| LINUX_PLATFORM = 2; |
| |
| // Threat posed to Android. |
| // This cannot be ANDROID because that symbol is defined for android builds |
| // here: build/config/android/BUILD.gn line21. |
| ANDROID_PLATFORM = 3; |
| |
| // Threat posed to OSX. |
| OSX_PLATFORM = 4; |
| |
| // Threat posed to iOS. |
| IOS_PLATFORM = 5; |
| |
| // Threat posed to at least one of the defined platforms. |
| ANY_PLATFORM = 6; |
| |
| // Threat posed to all defined platforms. |
| ALL_PLATFORMS = 7; |
| |
| // Threat posed to Chrome. |
| CHROME_PLATFORM = 8; |
| } |
| |
| // The client metadata associated with Safe Browsing API requests. |
| message ClientInfo { |
| // A client ID that (hopefully) uniquely identifies the client implementation |
| // of the Safe Browsing API. |
| optional string client_id = 1; |
| |
| // The version of the client implementation. |
| optional string client_version = 2; |
| } |
| |
| // The client metadata associated with Safe Browsing API requests specific to |
| // users of Chrome. |
| message ChromeClientInfo { |
| // Safe Browsing reporting populations in Chrome. |
| enum SafeBrowsingReportingPopulation { |
| // Unspecified reporting verbosity. |
| UNSPECIFIED = 0; |
| |
| // Client is opted out of reporting. |
| OPT_OUT = 1; |
| |
| // Legacy extended reporting population. |
| EXTENDED = 2; |
| |
| // Scout reporting population. |
| SCOUT = 3; |
| } |
| |
| // The reporting population of the user. |
| optional SafeBrowsingReportingPopulation reporting_population = 1; |
| } |
| |
| // The expected state of a client's local database. |
| message Checksum { |
| // The SHA256 hash of the client state; that is, of the sorted list of all |
| // hashes present in the database. |
| optional bytes sha256 = 1; |
| } |
| |
| // The ways in which threat entry sets can be compressed. |
| enum CompressionType { |
| // Unknown. |
| COMPRESSION_TYPE_UNSPECIFIED = 0; |
| |
| // Raw, uncompressed data. |
| RAW = 1; |
| |
| // Rice-Golomb encoded data. |
| RICE = 2; |
| } |
| |
| // An individual threat; for example, a malicious URL or its hash |
| // representation. Only one of these fields should be set. |
| message ThreatEntry { |
| // A variable-length SHA256 hash with size between 4 and 32 bytes inclusive. |
| optional bytes hash = 1; |
| |
| // A URL. |
| optional string url = 2; |
| } |
| |
| // Types of entries that pose threats. Threat lists are collections of entries |
| // of a single type. |
| enum ThreatEntryType { |
| // Unspecified. |
| THREAT_ENTRY_TYPE_UNSPECIFIED = 0; |
| |
| // A host-suffix/path-prefix URL expression; for example, "foo.bar.com/baz/". |
| URL = 1; |
| |
| // An executable program. |
| EXECUTABLE = 2; |
| |
| // An IP range. |
| IP_RANGE = 3; |
| |
| // Chrome extension. |
| CHROME_EXTENSION = 4; |
| |
| // Filename. |
| FILENAME = 5; |
| |
| // CERT. |
| CERT = 6; |
| } |
| |
| // A set of threats that should be added or removed from a client's local |
| // database. |
| message ThreatEntrySet { |
| // The compression type for the entries in this set. |
| optional CompressionType compression_type = 1; |
| |
| // At most one of the following fields should be set. |
| |
| // The raw SHA256-formatted entries. |
| optional RawHashes raw_hashes = 2; |
| |
| // The raw removal indices for a local list. |
| optional RawIndices raw_indices = 3; |
| |
| // The encoded 4-byte prefixes of SHA256-formatted entries, using a |
| // Golomb-Rice encoding. |
| optional RiceDeltaEncoding rice_hashes = 4; |
| |
| // The encoded local, lexicographically-sorted list indices, using a |
| // Golomb-Rice encoding. Used for sending compressed removal indicies. |
| optional RiceDeltaEncoding rice_indices = 5; |
| } |
| |
| // A set of raw indicies to remove from a local list. |
| message RawIndices { |
| // The indicies to remove from a lexicographically-sorted local list. |
| repeated int32 indices = 1; |
| } |
| |
| // The uncompressed threat entries in hash format of a particular prefix length. |
| // Hashes can be anywhere from 4 to 32 bytes in size. A large majority are 4 |
| // bytes, but some hashes are lengthened if they collide with the hash of a |
| // popular URL. |
| // |
| // Used for sending ThreatEntrySet to clients that do not support compression, |
| // or when sending non-4-byte hashes to clients that do support compression. |
| message RawHashes { |
| // The number of bytes for each prefix encoded below. This field can be |
| // anywhere from 4 (shortest prefix) to 32 (full SHA256 hash). |
| optional int32 prefix_size = 1; |
| |
| // The hashes, all concatenated into one long string. Each hash has a prefix |
| // size of |prefix_size| above. Hashes are sorted in lexicographic order. |
| optional bytes raw_hashes = 2; |
| } |
| |
| // The Rice-Golomb encoded data. Used for sending compressed 4-byte hashes or |
| // compressed removal indices. |
| message RiceDeltaEncoding { |
| // The offset of the first entry in the encoded data, or, if only a single |
| // integer was encoded, that single integer's value. |
| optional int64 first_value = 1; |
| |
| // The Golomb-Rice parameter which is a number between 2 and 28. This field |
| // is missing (that is, zero) if num_entries is zero. |
| optional int32 rice_parameter = 2; |
| |
| // The number of entries that are delta encoded in the encoded data. If only a |
| // single integer was encoded, this will be zero and the single value will be |
| // stored in first_value. |
| optional int32 num_entries = 3; |
| |
| // The encoded deltas that are encoded using the Golomb-Rice coder. |
| optional bytes encoded_data = 4; |
| } |
| |
| // The metadata associated with a specific threat entry. The client is expected |
| // to know the metadata key/value pairs associated with each threat type. |
| message ThreatEntryMetadata { |
| // A single metadata entry. |
| message MetadataEntry { |
| // The metadata entry key. |
| optional bytes key = 1; |
| |
| // The metadata entry value. |
| optional bytes value = 2; |
| } |
| |
| // The metadata entries. |
| repeated MetadataEntry entries = 1; |
| } |
| |
| // Describes an individual threat list. A list is defined by three parameters: |
| // the type of threat posed, the type of platform targeted by the threat, and |
| // the type of entries in the list. |
| message ThreatListDescriptor { |
| // The threat type posed by the list's entries. |
| optional ThreatType threat_type = 1; |
| |
| // The platform type targeted by the list's entries. |
| optional PlatformType platform_type = 2; |
| |
| // The entry types contained in the list. |
| optional ThreatEntryType threat_entry_type = 3; |
| } |
| |
| // A collection of lists available for download. |
| message ListThreatListsResponse { |
| // The lists available for download. |
| repeated ThreatListDescriptor threat_lists = 1; |
| } |
| |
| message Duration { |
| // Signed seconds of the span of time. Must be from -315,576,000,000 |
| // to +315,576,000,000 inclusive. |
| optional int64 seconds = 1; |
| |
| // Signed fractions of a second at nanosecond resolution of the span |
| // of time. Durations less than one second are represented with a 0 |
| // `seconds` field and a positive or negative `nanos` field. For durations |
| // of one second or more, a non-zero value for the `nanos` field must be |
| // of the same sign as the `seconds` field. Must be from -999,999,999 |
| // to +999,999,999 inclusive. |
| optional int32 nanos = 2; |
| } |