components/reputation/core/safety_tips.proto - chromium/src - Git at Google

 // Copyright 2019 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 syntax = "proto2";

 option optimize_for = LITE_RUNTIME;

 package reputation;

 message FlaggedPage {
   enum FlagType {
     UNKNOWN = 0;
     BAD_REP = 1;
     YOUNG_DOMAIN = 2;
   }
   // |pattern| is a full URL, without scheme/username/password/port, such as
   // example.test/test-path-for-safety-tips/test.html.
   optional string pattern = 1;
   optional FlagType type = 2;
 }

 message UrlPattern {
   // |pattern| is a full URL, without scheme/username/password/port, such as
   // example.test/test-path-for-safety-tips/test.html. Also see the comment for
   // |allowed_pattern| field.
   optional string pattern = 1;
 }

 message HostPattern {
   // |regex| is a regular expression that matches allowlisted hostnames.
   // This is different than UrlPattern.pattern which matches URLs.
   // IMPORTANT: Don't forget to escape dots when used as label separators.
   optional string regex = 1;
 }

 // Configuration for the safety tips component. A binary version of this proto
 // will be distributed to Chrome clients via component updater. The binary will
 // contain a single instance of this message.
 message SafetyTipsConfig {
   optional uint32 version_id = 1;

   // List of pages on which to show the Safety Tip UX. This must be sorted and
   // may contain duplicate patterns (when flagged with multiple FlagTypes).
   repeated FlaggedPage flagged_page = 2;

   // List of patterns that are explicitly allowed. This must be sorted. Used to
   // mitigate false positives in Safety Tips and Lookalike warnings.
   // - For safety tips, the pattern can be a URL or a full suffix/prefix
   //   expression used for SafeBrowsing. See
   //   https://developers.google.com/safe-browsing/v4/urls-hashing#suffixprefix-expressions.
   // - Lookalike warnings operate on eTLD+1, so it only makes sense for this
   //   to be eTLD+1, such as "google.com/".
   repeated UrlPattern allowed_pattern = 3;

   // Similar to allowed_pattern, but used to allowlist targets for some of the
   // heuristics.
   // - For edit distance, this is the matched domain. For example, consider edit
   //   distance flagging foo1.com, foo2.com, ... as a spoof of foo.com. If
   //   we are fairly sure that these are all separate and legitimate sites,
   //   allowlisting foo.com is much easier than allowlisting fooN.coms.
   // - For target embedding, this is the embedded target. Some organizations use
   //   lookalike subdomains to proxy popular domains or customize their content
   //   for these popular domains. E.g. google-scholar-com.university.edu.
   //   In these cases it's simpler to allowlist the target instead of the
   //   embedder.
   repeated HostPattern allowed_target_pattern = 4;
 }
	// Copyright 2019 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	syntax = "proto2";

	option optimize_for = LITE_RUNTIME;

	package reputation;

	message FlaggedPage {
	enum FlagType {
	UNKNOWN = 0;
	BAD_REP = 1;
	YOUNG_DOMAIN = 2;
	}
	// \|pattern\| is a full URL, without scheme/username/password/port, such as
	// example.test/test-path-for-safety-tips/test.html.
	optional string pattern = 1;
	optional FlagType type = 2;
	}

	message UrlPattern {
	// \|pattern\| is a full URL, without scheme/username/password/port, such as
	// example.test/test-path-for-safety-tips/test.html. Also see the comment for
	// \|allowed_pattern\| field.
	optional string pattern = 1;
	}

	message HostPattern {
	// \|regex\| is a regular expression that matches allowlisted hostnames.
	// This is different than UrlPattern.pattern which matches URLs.
	// IMPORTANT: Don't forget to escape dots when used as label separators.
	optional string regex = 1;
	}

	// Configuration for the safety tips component. A binary version of this proto
	// will be distributed to Chrome clients via component updater. The binary will
	// contain a single instance of this message.
	message SafetyTipsConfig {
	optional uint32 version_id = 1;

	// List of pages on which to show the Safety Tip UX. This must be sorted and
	// may contain duplicate patterns (when flagged with multiple FlagTypes).
	repeated FlaggedPage flagged_page = 2;

	// List of patterns that are explicitly allowed. This must be sorted. Used to
	// mitigate false positives in Safety Tips and Lookalike warnings.
	// - For safety tips, the pattern can be a URL or a full suffix/prefix
	// expression used for SafeBrowsing. See
	// https://developers.google.com/safe-browsing/v4/urls-hashing#suffixprefix-expressions.
	// - Lookalike warnings operate on eTLD+1, so it only makes sense for this
	// to be eTLD+1, such as "google.com/".
	repeated UrlPattern allowed_pattern = 3;

	// Similar to allowed_pattern, but used to allowlist targets for some of the
	// heuristics.
	// - For edit distance, this is the matched domain. For example, consider edit
	// distance flagging foo1.com, foo2.com, ... as a spoof of foo.com. If
	// we are fairly sure that these are all separate and legitimate sites,
	// allowlisting foo.com is much easier than allowlisting fooN.coms.
	// - For target embedding, this is the embedded target. Some organizations use
	// lookalike subdomains to proxy popular domains or customize their content
	// for these popular domains. E.g. google-scholar-com.university.edu.
	// In these cases it's simpler to allowlist the target instead of the
	// embedder.
	repeated HostPattern allowed_target_pattern = 4;
	}