• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4//
5// Client side phishing and malware detection request and response
6// protocol buffers.  Those protocol messages should be kept in sync
7// with the server implementation.
8//
9// If you want to change this protocol definition or you have questions
10// regarding its format please contact chrome-anti-phishing@googlegroups.com.
11
12syntax = "proto2";
13
14option optimize_for = LITE_RUNTIME;
15
16package safe_browsing;
17
18message ClientPhishingRequest {
19  // URL that the client visited.  The CGI parameters are stripped by the
20  // client.
21  optional string url = 1;
22
23  // A 5-byte SHA-256 hash prefix of the URL.  Before hashing the URL is
24  // canonicalized, converted to a suffix-prefix expression and broadened
25  // (www prefix is removed and everything past the last '/' is stripped).
26  //
27  // Marked OBSOLETE because the URL is sent for all users, making the hash
28  // prefix unnecessary.
29  optional bytes OBSOLETE_hash_prefix = 10;
30
31  // Score that was computed on the client.  Value is between 0.0 and 1.0.
32  // The larger the value the more likely the url is phishing.
33  required float client_score = 2;
34
35  // Note: we're skipping tag 3 because it was previously used.
36
37  // Is true if the features for this URL were classified as phishing.
38  // Currently, this will always be true for all client-phishing requests
39  // that are sent to the server.
40  optional bool is_phishing = 4;
41
42  message Feature {
43    // Feature name.  E.g., 'PageHasForms'.
44    required string name = 1;
45
46    // Feature value is always in the range [0.0, 1.0].  Boolean features
47    // have value 1.0.
48    required double value = 2;
49  }
50
51  // List of features that were extracted.  Those are the features that were
52  // sent to the scorer and which resulted in client_score being computed.
53  repeated Feature feature_map = 5;
54
55  // The version number of the model that was used to compute the client-score.
56  // Copied from ClientSideModel.version().
57  optional int32 model_version = 6;
58
59  // Field 7 is only used on the server.
60
61  // List of features that are extracted in the client but are not used in the
62  // machine learning model.
63  repeated Feature non_model_feature_map = 8;
64
65  // The referrer URL.  This field might not be set, for example, in the case
66  // where the referrer uses HTTPs.
67  // OBSOLETE: Use feature 'Referrer=<referrer>' instead.
68  optional string OBSOLETE_referrer_url = 9;
69
70  // Field 11 is only used on the server.
71
72  // List of shingle hashes we extracted.
73  repeated uint32 shingle_hashes = 12 [packed = true];
74}
75
76message ClientPhishingResponse {
77  required bool phishy = 1;
78
79  // A list of SafeBrowsing host-suffix / path-prefix expressions that
80  // are whitelisted.  The client must match the current top-level URL
81  // against these whitelisted expressions and only apply a positive
82  // phishing verdict above if the URL does not match any expression
83  // on this whitelist.  The client must not cache these whitelisted
84  // expressions.  This whitelist will be empty for the vast majority
85  // of the responses but might contain up to 100 entries in emergency
86  // situations.
87  //
88  // Marked OBSOLETE because the URL is sent for all users, so the server
89  // can do whitelist matching.
90  repeated string OBSOLETE_whitelist_expression = 2;
91}
92
93message ClientMalwareRequest {
94  // URL that the client visited.  The CGI parameters are stripped by the
95  // client.
96  required string url = 1;
97
98  // Field 2 is deleted and no longer in use.
99
100  // Field 3 is only used on the server.
101
102  // The referrer URL.  This field might not be set, for example, in the case
103  // where the referrer uses HTTPS.
104  optional string referrer_url = 4;
105
106  // Field 5 and 6 are only used on the server.
107
108  message UrlInfo {
109    required string ip = 1;
110    required string url = 2;
111    optional string method = 3;
112    optional string referrer = 4;
113    // Resource type, the int value is a direct cast from the Type enum
114    // of ResourceType class defined in //src/webkit/commom/resource_type.h
115    optional int32 resource_type = 5;
116  }
117
118  // List of resource urls that match the malware IP list.
119  repeated UrlInfo bad_ip_url_info = 7;
120}
121
122message ClientMalwareResponse {
123  required bool blacklist = 1;
124  // The confirmed blacklisted bad IP and its url, which will be shown in
125  // malware warning, if the blacklist verdict is true.
126  // This IP string could be either in IPv4 or IPv6 format, which is the same
127  // as the ones client sent to server.
128  optional string bad_ip = 2;
129  optional string bad_url = 3;
130}
131
132message ClientDownloadRequest {
133  // The final URL of the download (after all redirects).
134  required string url = 1;
135
136  // This message contains various binary digests of the download payload.
137  message Digests {
138    optional bytes sha256 = 1;
139    optional bytes sha1 = 2;
140    optional bytes md5 = 3;
141  }
142  required Digests digests = 2;
143
144  // This is the length in bytes of the download payload.
145  required int64 length = 3;
146
147  // Type of the resources stored below.
148  enum ResourceType {
149    // The final URL of the download payload.  The resource URL should
150    // correspond to the URL field above.
151    DOWNLOAD_URL = 0;
152    // A redirect URL that was fetched before hitting the final DOWNLOAD_URL.
153    DOWNLOAD_REDIRECT = 1;
154    // The final top-level URL of the tab that triggered the download.
155    TAB_URL = 2;
156    // A redirect URL thas was fetched before hitting the final TAB_URL.
157    TAB_REDIRECT = 3;
158  }
159
160  message Resource {
161    required string url = 1;
162    required ResourceType type = 2;
163    optional bytes remote_ip = 3;
164    // This will only be set if the referrer is available and if the
165    // resource type is either TAB_URL or DOWNLOAD_URL.
166    optional string referrer = 4;
167
168    // TODO(noelutz): add the transition type?
169  }
170
171  // This repeated field will store all the redirects as well as the
172  // final URLs for the top-level tab URL (i.e., the URL that
173  // triggered the download) as well as for the download URL itself.
174  repeated Resource resources = 4;
175
176  // A trust chain of certificates.  Each chain begins with the signing
177  // certificate of the binary, and ends with a self-signed certificate,
178  // typically from a trusted root CA.  This structure is analogous to
179  // CERT_CHAIN_CONTEXT on Windows.
180  message CertificateChain {
181    // A single link in the chain.
182    message Element {
183      // DER-encoded X.509 representation of the certificate.
184      optional bytes certificate = 1;
185      // Fields 2 - 7 are only used on the server.
186    }
187    repeated Element element = 1;
188  }
189
190  message SignatureInfo {
191    // All of the certificate chains for the binary's signing certificate.
192    // If no chains are present, the binary is not signed.  Multiple chains
193    // may be present if any certificate has multiple signers.
194    repeated CertificateChain certificate_chain = 1;
195
196    // True if the signature was trusted on the client.
197    optional bool trusted = 2;
198  }
199
200  // This field will only be set if the binary is signed.
201  optional SignatureInfo signature = 5;
202
203  // True if the download was user initiated.
204  optional bool user_initiated = 6;
205
206  // Fields 7 and 8 are only used on the server.
207
208  // Name of the file where the download would be stored if the
209  // download completes.  E.g., "bla.exe".
210  optional string file_basename = 9;
211
212  // Starting with Chrome M19 we're also sending back pings for Chrome
213  // extensions that get downloaded by users.
214  enum DownloadType {
215    WIN_EXECUTABLE = 0;    // Currently all .exe, .cab and .msi files.
216    CHROME_EXTENSION = 1;  // .crx files.
217    ANDROID_APK = 2;       // .apk files.
218    // .zip files containing one of the other executable types.
219    ZIPPED_EXECUTABLE = 3;
220    MAC_EXECUTABLE = 4;    // .dmg, .pkg, etc.
221  }
222  optional DownloadType download_type = 10 [default = WIN_EXECUTABLE];
223
224  // Locale of the device, eg en, en_US.
225  optional string locale = 11;
226
227  message PEImageHeaders {
228    // IMAGE_DOS_HEADER.
229    optional bytes dos_header = 1;
230    // IMAGE_FILE_HEADER.
231    optional bytes file_header = 2;
232    // IMAGE_OPTIONAL_HEADER32. Present only for 32-bit PE images.
233    optional bytes optional_headers32 = 3;
234    // IMAGE_OPTIONAL_HEADER64. Present only for 64-bit PE images.
235    optional bytes optional_headers64 = 4;
236    // IMAGE_SECTION_HEADER.
237    repeated bytes section_header = 5;
238    // Contents of the .edata section.
239    optional bytes export_section_data = 6;
240
241    message DebugData {
242      // IMAGE_DEBUG_DIRECTORY.
243      optional bytes directory_entry = 1;
244      optional bytes raw_data = 2;
245    }
246
247    repeated DebugData debug_data = 7;
248  }
249
250  message ImageHeaders {
251    // Windows Portable Executable image headers.
252    optional PEImageHeaders pe_headers = 1;
253  };
254
255  // Fields 12-17 are reserved for server-side use and are never sent by the
256  // client.
257
258  optional ImageHeaders image_headers = 18;
259}
260
261message ClientDownloadResponse {
262  enum Verdict {
263    // Download is considered safe.
264    SAFE = 0;
265    // Download is considered dangerous.  Chrome should show a warning to the
266    // user.
267    DANGEROUS = 1;
268    // Download is unknown.  Chrome should display a less severe warning.
269    UNCOMMON = 2;
270    // The download is potentially unwanted.
271    POTENTIALLY_UNWANTED = 3;
272    // The download is from a dangerous host.
273    DANGEROUS_HOST = 4;
274  }
275  required Verdict verdict = 1;
276
277  message MoreInfo {
278    // A human-readable string describing the nature of the warning.
279    // Only if verdict != SAFE. Localized based on request.locale.
280    optional string description = 1;
281
282    // A URL to get more information about this warning, if available.
283    optional string url = 2;
284  }
285  optional MoreInfo more_info = 2;
286
287  // An arbitrary token that should be sent along for further server requests.
288  optional bytes token = 3;
289}
290
291// The following protocol buffer holds the feedback report gathered
292// from the user regarding the download.
293message ClientDownloadReport {
294  // The information of user who provided the feedback.
295  // This is going to be useful for handling appeals.
296  message UserInformation {
297    optional string email = 1;
298  }
299
300  enum Reason {
301    SHARE = 0;
302    FALSE_POSITIVE = 1;
303    APPEAL = 2;
304  }
305
306  // The type of feedback for this report.
307  optional Reason reason = 1;
308
309  // The original download ping
310  optional ClientDownloadRequest download_request = 2;
311
312  // Stores the information of the user who provided the feedback.
313  optional UserInformation user_information = 3;
314
315  // Unstructed comments provided by the user.
316  optional bytes comment = 4;
317
318  // The original download response sent from the verdict server.
319  optional ClientDownloadResponse download_response = 5;
320}
321
322// This is used to send back upload status to the client after upload completion
323message ClientUploadResponse {
324  enum UploadStatus {
325    // The upload was successful and a complete response can be expected
326    SUCCESS = 0;
327
328    // The upload was unsuccessful and the response is incomplete.
329    UPLOAD_FAILURE = 1;
330  }
331
332  // Holds the upload status
333  optional UploadStatus status = 1;
334
335  // Holds the permalink where the results of scanning the binary are available
336  optional string permalink = 2;
337}
338
339message ClientIncidentReport {
340  message IncidentData {
341    message TrackedPreferenceIncident {
342      enum ValueState {
343        UNKNOWN = 0;
344        CLEARED = 1;
345        WEAK_LEGACY_OBSOLETE = 2;
346        CHANGED = 3;
347        UNTRUSTED_UNKNOWN_VALUE = 4;
348      }
349
350      optional string path = 1;
351      optional string atomic_value = 2;
352      repeated string split_key = 3;
353      optional ValueState value_state = 4;
354    }
355    message BinaryIntegrityIncident {
356      optional string file_basename = 1;
357      optional ClientDownloadRequest.SignatureInfo signature = 2;
358    }
359    message BlacklistLoadIncident {
360      optional string path = 1;
361      optional ClientDownloadRequest.Digests digest = 2;
362      optional string version = 3;
363      optional bool blacklist_initialized = 4;
364    }
365    optional int64 incident_time_msec = 1;
366    optional TrackedPreferenceIncident tracked_preference = 2;
367    optional BinaryIntegrityIncident binary_integrity = 3;
368    optional BlacklistLoadIncident blacklist_load = 4;
369  }
370
371  repeated IncidentData incident = 1;
372
373  message DownloadDetails {
374    optional bytes token = 1;
375    optional ClientDownloadRequest download = 2;
376    optional int64 download_time_msec = 3;
377    optional int64 open_time_msec = 4;
378  }
379
380  optional DownloadDetails download = 2;
381
382  message EnvironmentData {
383    message OS {
384      optional string os_name = 1;
385      optional string os_version = 2;
386    }
387    optional OS os = 1;
388    message Machine {
389      optional string cpu_architecture = 1;
390      optional string cpu_vendor = 2;
391      optional uint32 cpuid = 3;
392    }
393    optional Machine machine = 2;
394    message Process {
395      optional string version = 1;
396      repeated string OBSOLETE_dlls = 2;
397      message Patch {
398        optional string function = 1;
399        optional string target_dll = 2;
400      }
401      repeated Patch patches = 3;
402      message NetworkProvider {}
403      repeated NetworkProvider network_providers = 4;
404      enum Channel {
405        CHANNEL_UNKNOWN = 0;
406        CHANNEL_CANARY = 1;
407        CHANNEL_DEV = 2;
408        CHANNEL_BETA = 3;
409        CHANNEL_STABLE = 4;
410      }
411      optional Channel chrome_update_channel = 5;
412      optional int64 uptime_msec = 6;
413      optional bool metrics_consent = 7;
414      optional bool extended_consent = 8;
415      message Dll {
416        enum Feature {
417          UNKNOWN = 0;
418          LSP = 1;
419        }
420        optional string path = 1;
421        optional uint64 base_address = 2;
422        optional uint32 length = 3;
423        repeated Feature feature = 4;
424      }
425      repeated Dll dll = 9;
426      repeated string blacklisted_dll = 10;
427      message ModuleState {
428        enum ModifiedState {
429          UNKNOWN = 0;
430          MODULE_STATE_UNKNOWN = 1;
431          MODULE_STATE_UNMODIFIED = 2;
432          MODULE_STATE_MODIFIED = 3;
433        }
434        optional string name = 1;
435        optional ModifiedState modified_state = 2;
436        repeated string modified_export = 3;
437      }
438      repeated ModuleState module_state = 11;
439    }
440    optional Process process = 3;
441  }
442
443  optional EnvironmentData environment = 3;
444}
445
446message ClientIncidentResponse {
447  optional bytes token = 1;
448  optional bool download_requested = 2;
449
450  message EnvironmentRequest { optional int32 dll_index = 1; }
451
452  repeated EnvironmentRequest environment_requests = 3;
453}
454