1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4// 5// Client side phishing and malware detection request and response 6// protocol buffers. Those protocol messages should be kept in sync 7// with the server implementation. 8// 9// If you want to change this protocol definition or you have questions 10// regarding its format please contact chrome-anti-phishing@googlegroups.com. 11 12syntax = "proto2"; 13 14option optimize_for = LITE_RUNTIME; 15 16package safe_browsing; 17 18message ClientPhishingRequest { 19 // URL that the client visited. The CGI parameters are stripped by the 20 // client. 21 optional string url = 1; 22 23 // A 5-byte SHA-256 hash prefix of the URL. Before hashing the URL is 24 // canonicalized, converted to a suffix-prefix expression and broadened 25 // (www prefix is removed and everything past the last '/' is stripped). 26 // 27 // Marked OBSOLETE because the URL is sent for all users, making the hash 28 // prefix unnecessary. 29 optional bytes OBSOLETE_hash_prefix = 10; 30 31 // Score that was computed on the client. Value is between 0.0 and 1.0. 32 // The larger the value the more likely the url is phishing. 33 required float client_score = 2; 34 35 // Note: we're skipping tag 3 because it was previously used. 36 37 // Is true if the features for this URL were classified as phishing. 38 // Currently, this will always be true for all client-phishing requests 39 // that are sent to the server. 40 optional bool is_phishing = 4; 41 42 message Feature { 43 // Feature name. E.g., 'PageHasForms'. 44 required string name = 1; 45 46 // Feature value is always in the range [0.0, 1.0]. Boolean features 47 // have value 1.0. 48 required double value = 2; 49 } 50 51 // List of features that were extracted. Those are the features that were 52 // sent to the scorer and which resulted in client_score being computed. 53 repeated Feature feature_map = 5; 54 55 // The version number of the model that was used to compute the client-score. 56 // Copied from ClientSideModel.version(). 57 optional int32 model_version = 6; 58 59 // Field 7 is only used on the server. 60 61 // List of features that are extracted in the client but are not used in the 62 // machine learning model. 63 repeated Feature non_model_feature_map = 8; 64 65 // The referrer URL. This field might not be set, for example, in the case 66 // where the referrer uses HTTPs. 67 // OBSOLETE: Use feature 'Referrer=<referrer>' instead. 68 optional string OBSOLETE_referrer_url = 9; 69 70 // Field 11 is only used on the server. 71 72 // List of shingle hashes we extracted. 73 repeated uint32 shingle_hashes = 12 [packed = true]; 74} 75 76message ClientPhishingResponse { 77 required bool phishy = 1; 78 79 // A list of SafeBrowsing host-suffix / path-prefix expressions that 80 // are whitelisted. The client must match the current top-level URL 81 // against these whitelisted expressions and only apply a positive 82 // phishing verdict above if the URL does not match any expression 83 // on this whitelist. The client must not cache these whitelisted 84 // expressions. This whitelist will be empty for the vast majority 85 // of the responses but might contain up to 100 entries in emergency 86 // situations. 87 // 88 // Marked OBSOLETE because the URL is sent for all users, so the server 89 // can do whitelist matching. 90 repeated string OBSOLETE_whitelist_expression = 2; 91} 92 93message ClientMalwareRequest { 94 // URL that the client visited. The CGI parameters are stripped by the 95 // client. 96 required string url = 1; 97 98 // Field 2 is deleted and no longer in use. 99 100 // Field 3 is only used on the server. 101 102 // The referrer URL. This field might not be set, for example, in the case 103 // where the referrer uses HTTPS. 104 optional string referrer_url = 4; 105 106 // Field 5 and 6 are only used on the server. 107 108 message UrlInfo { 109 required string ip = 1; 110 required string url = 2; 111 optional string method = 3; 112 optional string referrer = 4; 113 // Resource type, the int value is a direct cast from the Type enum 114 // of ResourceType class defined in //src/webkit/commom/resource_type.h 115 optional int32 resource_type = 5; 116 } 117 118 // List of resource urls that match the malware IP list. 119 repeated UrlInfo bad_ip_url_info = 7; 120} 121 122message ClientMalwareResponse { 123 required bool blacklist = 1; 124 // The confirmed blacklisted bad IP and its url, which will be shown in 125 // malware warning, if the blacklist verdict is true. 126 // This IP string could be either in IPv4 or IPv6 format, which is the same 127 // as the ones client sent to server. 128 optional string bad_ip = 2; 129 optional string bad_url = 3; 130} 131 132message ClientDownloadRequest { 133 // The final URL of the download (after all redirects). 134 required string url = 1; 135 136 // This message contains various binary digests of the download payload. 137 message Digests { 138 optional bytes sha256 = 1; 139 optional bytes sha1 = 2; 140 optional bytes md5 = 3; 141 } 142 required Digests digests = 2; 143 144 // This is the length in bytes of the download payload. 145 required int64 length = 3; 146 147 // Type of the resources stored below. 148 enum ResourceType { 149 // The final URL of the download payload. The resource URL should 150 // correspond to the URL field above. 151 DOWNLOAD_URL = 0; 152 // A redirect URL that was fetched before hitting the final DOWNLOAD_URL. 153 DOWNLOAD_REDIRECT = 1; 154 // The final top-level URL of the tab that triggered the download. 155 TAB_URL = 2; 156 // A redirect URL thas was fetched before hitting the final TAB_URL. 157 TAB_REDIRECT = 3; 158 } 159 160 message Resource { 161 required string url = 1; 162 required ResourceType type = 2; 163 optional bytes remote_ip = 3; 164 // This will only be set if the referrer is available and if the 165 // resource type is either TAB_URL or DOWNLOAD_URL. 166 optional string referrer = 4; 167 168 // TODO(noelutz): add the transition type? 169 } 170 171 // This repeated field will store all the redirects as well as the 172 // final URLs for the top-level tab URL (i.e., the URL that 173 // triggered the download) as well as for the download URL itself. 174 repeated Resource resources = 4; 175 176 // A trust chain of certificates. Each chain begins with the signing 177 // certificate of the binary, and ends with a self-signed certificate, 178 // typically from a trusted root CA. This structure is analogous to 179 // CERT_CHAIN_CONTEXT on Windows. 180 message CertificateChain { 181 // A single link in the chain. 182 message Element { 183 // DER-encoded X.509 representation of the certificate. 184 optional bytes certificate = 1; 185 // Fields 2 - 7 are only used on the server. 186 } 187 repeated Element element = 1; 188 } 189 190 message SignatureInfo { 191 // All of the certificate chains for the binary's signing certificate. 192 // If no chains are present, the binary is not signed. Multiple chains 193 // may be present if any certificate has multiple signers. 194 repeated CertificateChain certificate_chain = 1; 195 196 // True if the signature was trusted on the client. 197 optional bool trusted = 2; 198 } 199 200 // This field will only be set if the binary is signed. 201 optional SignatureInfo signature = 5; 202 203 // True if the download was user initiated. 204 optional bool user_initiated = 6; 205 206 // Fields 7 and 8 are only used on the server. 207 208 // Name of the file where the download would be stored if the 209 // download completes. E.g., "bla.exe". 210 optional string file_basename = 9; 211 212 // Starting with Chrome M19 we're also sending back pings for Chrome 213 // extensions that get downloaded by users. 214 enum DownloadType { 215 WIN_EXECUTABLE = 0; // Currently all .exe, .cab and .msi files. 216 CHROME_EXTENSION = 1; // .crx files. 217 ANDROID_APK = 2; // .apk files. 218 // .zip files containing one of the other executable types. 219 ZIPPED_EXECUTABLE = 3; 220 MAC_EXECUTABLE = 4; // .dmg, .pkg, etc. 221 } 222 optional DownloadType download_type = 10 [default = WIN_EXECUTABLE]; 223 224 // Locale of the device, eg en, en_US. 225 optional string locale = 11; 226 227 message PEImageHeaders { 228 // IMAGE_DOS_HEADER. 229 optional bytes dos_header = 1; 230 // IMAGE_FILE_HEADER. 231 optional bytes file_header = 2; 232 // IMAGE_OPTIONAL_HEADER32. Present only for 32-bit PE images. 233 optional bytes optional_headers32 = 3; 234 // IMAGE_OPTIONAL_HEADER64. Present only for 64-bit PE images. 235 optional bytes optional_headers64 = 4; 236 // IMAGE_SECTION_HEADER. 237 repeated bytes section_header = 5; 238 // Contents of the .edata section. 239 optional bytes export_section_data = 6; 240 241 message DebugData { 242 // IMAGE_DEBUG_DIRECTORY. 243 optional bytes directory_entry = 1; 244 optional bytes raw_data = 2; 245 } 246 247 repeated DebugData debug_data = 7; 248 } 249 250 message ImageHeaders { 251 // Windows Portable Executable image headers. 252 optional PEImageHeaders pe_headers = 1; 253 }; 254 255 // Fields 12-17 are reserved for server-side use and are never sent by the 256 // client. 257 258 optional ImageHeaders image_headers = 18; 259} 260 261message ClientDownloadResponse { 262 enum Verdict { 263 // Download is considered safe. 264 SAFE = 0; 265 // Download is considered dangerous. Chrome should show a warning to the 266 // user. 267 DANGEROUS = 1; 268 // Download is unknown. Chrome should display a less severe warning. 269 UNCOMMON = 2; 270 // The download is potentially unwanted. 271 POTENTIALLY_UNWANTED = 3; 272 // The download is from a dangerous host. 273 DANGEROUS_HOST = 4; 274 } 275 required Verdict verdict = 1; 276 277 message MoreInfo { 278 // A human-readable string describing the nature of the warning. 279 // Only if verdict != SAFE. Localized based on request.locale. 280 optional string description = 1; 281 282 // A URL to get more information about this warning, if available. 283 optional string url = 2; 284 } 285 optional MoreInfo more_info = 2; 286 287 // An arbitrary token that should be sent along for further server requests. 288 optional bytes token = 3; 289} 290 291// The following protocol buffer holds the feedback report gathered 292// from the user regarding the download. 293message ClientDownloadReport { 294 // The information of user who provided the feedback. 295 // This is going to be useful for handling appeals. 296 message UserInformation { 297 optional string email = 1; 298 } 299 300 enum Reason { 301 SHARE = 0; 302 FALSE_POSITIVE = 1; 303 APPEAL = 2; 304 } 305 306 // The type of feedback for this report. 307 optional Reason reason = 1; 308 309 // The original download ping 310 optional ClientDownloadRequest download_request = 2; 311 312 // Stores the information of the user who provided the feedback. 313 optional UserInformation user_information = 3; 314 315 // Unstructed comments provided by the user. 316 optional bytes comment = 4; 317 318 // The original download response sent from the verdict server. 319 optional ClientDownloadResponse download_response = 5; 320} 321 322// This is used to send back upload status to the client after upload completion 323message ClientUploadResponse { 324 enum UploadStatus { 325 // The upload was successful and a complete response can be expected 326 SUCCESS = 0; 327 328 // The upload was unsuccessful and the response is incomplete. 329 UPLOAD_FAILURE = 1; 330 } 331 332 // Holds the upload status 333 optional UploadStatus status = 1; 334 335 // Holds the permalink where the results of scanning the binary are available 336 optional string permalink = 2; 337} 338 339message ClientIncidentReport { 340 message IncidentData { 341 message TrackedPreferenceIncident { 342 enum ValueState { 343 UNKNOWN = 0; 344 CLEARED = 1; 345 WEAK_LEGACY_OBSOLETE = 2; 346 CHANGED = 3; 347 UNTRUSTED_UNKNOWN_VALUE = 4; 348 } 349 350 optional string path = 1; 351 optional string atomic_value = 2; 352 repeated string split_key = 3; 353 optional ValueState value_state = 4; 354 } 355 message BinaryIntegrityIncident { 356 optional string file_basename = 1; 357 optional ClientDownloadRequest.SignatureInfo signature = 2; 358 } 359 message BlacklistLoadIncident { 360 optional string path = 1; 361 optional ClientDownloadRequest.Digests digest = 2; 362 optional string version = 3; 363 optional bool blacklist_initialized = 4; 364 } 365 optional int64 incident_time_msec = 1; 366 optional TrackedPreferenceIncident tracked_preference = 2; 367 optional BinaryIntegrityIncident binary_integrity = 3; 368 optional BlacklistLoadIncident blacklist_load = 4; 369 } 370 371 repeated IncidentData incident = 1; 372 373 message DownloadDetails { 374 optional bytes token = 1; 375 optional ClientDownloadRequest download = 2; 376 optional int64 download_time_msec = 3; 377 optional int64 open_time_msec = 4; 378 } 379 380 optional DownloadDetails download = 2; 381 382 message EnvironmentData { 383 message OS { 384 optional string os_name = 1; 385 optional string os_version = 2; 386 } 387 optional OS os = 1; 388 message Machine { 389 optional string cpu_architecture = 1; 390 optional string cpu_vendor = 2; 391 optional uint32 cpuid = 3; 392 } 393 optional Machine machine = 2; 394 message Process { 395 optional string version = 1; 396 repeated string OBSOLETE_dlls = 2; 397 message Patch { 398 optional string function = 1; 399 optional string target_dll = 2; 400 } 401 repeated Patch patches = 3; 402 message NetworkProvider {} 403 repeated NetworkProvider network_providers = 4; 404 enum Channel { 405 CHANNEL_UNKNOWN = 0; 406 CHANNEL_CANARY = 1; 407 CHANNEL_DEV = 2; 408 CHANNEL_BETA = 3; 409 CHANNEL_STABLE = 4; 410 } 411 optional Channel chrome_update_channel = 5; 412 optional int64 uptime_msec = 6; 413 optional bool metrics_consent = 7; 414 optional bool extended_consent = 8; 415 message Dll { 416 enum Feature { 417 UNKNOWN = 0; 418 LSP = 1; 419 } 420 optional string path = 1; 421 optional uint64 base_address = 2; 422 optional uint32 length = 3; 423 repeated Feature feature = 4; 424 } 425 repeated Dll dll = 9; 426 repeated string blacklisted_dll = 10; 427 message ModuleState { 428 enum ModifiedState { 429 UNKNOWN = 0; 430 MODULE_STATE_UNKNOWN = 1; 431 MODULE_STATE_UNMODIFIED = 2; 432 MODULE_STATE_MODIFIED = 3; 433 } 434 optional string name = 1; 435 optional ModifiedState modified_state = 2; 436 repeated string modified_export = 3; 437 } 438 repeated ModuleState module_state = 11; 439 } 440 optional Process process = 3; 441 } 442 443 optional EnvironmentData environment = 3; 444} 445 446message ClientIncidentResponse { 447 optional bytes token = 1; 448 optional bool download_requested = 2; 449 450 message EnvironmentRequest { optional int32 dll_index = 1; } 451 452 repeated EnvironmentRequest environment_requests = 3; 453} 454