| blob | a8908c8749d6290613953f4b8a1f38444e5b629d |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 //
5 // Client side phishing and malware detection request and response
6 // protocol buffers. Those protocol messages should be kept in sync
7 // with the server implementation.
8 //
9 // If you want to change this protocol definition or you have questions
10 // regarding its format please contact chrome-anti-phishing@googlegroups.com.
12 syntax = "proto2";
14 option optimize_for = LITE_RUNTIME;
16 package safe_browsing;
18 // Protocol buffer describing the Chrome user population of the user reporting
19 // data.
20 message ChromeUserPopulation {
21 enum UserPopulation {
22 UNKNOWN_USER_POPULATION = 0;
23 SAFE_BROWSING = 1;
24 EXTENDED_REPORTING = 2;
25 }
26 optional UserPopulation user_population = 1;
27 }
30 message ClientPhishingRequest {
31 // URL that the client visited. The CGI parameters are stripped by the
32 // client.
33 optional string url = 1;
35 // A 5-byte SHA-256 hash prefix of the URL. Before hashing the URL is
36 // canonicalized, converted to a suffix-prefix expression and broadened
37 // (www prefix is removed and everything past the last '/' is stripped).
38 //
39 // Marked OBSOLETE because the URL is sent for all users, making the hash
40 // prefix unnecessary.
41 optional bytes OBSOLETE_hash_prefix = 10;
43 // Score that was computed on the client. Value is between 0.0 and 1.0.
44 // The larger the value the more likely the url is phishing.
45 required float client_score = 2;
47 // Note: we're skipping tag 3 because it was previously used.
49 // Is true if the features for this URL were classified as phishing.
50 // Currently, this will always be true for all client-phishing requests
51 // that are sent to the server.
52 optional bool is_phishing = 4;
54 message Feature {
55 // Feature name. E.g., 'PageHasForms'.
56 required string name = 1;
58 // Feature value is always in the range [0.0, 1.0]. Boolean features
59 // have value 1.0.
60 required double value = 2;
61 }
63 // List of features that were extracted. Those are the features that were
64 // sent to the scorer and which resulted in client_score being computed.
65 repeated Feature feature_map = 5;
67 // The version number of the model that was used to compute the client-score.
68 // Copied from ClientSideModel.version().
69 optional int32 model_version = 6;
71 // Field 7 is only used on the server.
73 // List of features that are extracted in the client but are not used in the
74 // machine learning model.
75 repeated Feature non_model_feature_map = 8;
77 // The referrer URL. This field might not be set, for example, in the case
78 // where the referrer uses HTTPs.
79 // OBSOLETE: Use feature 'Referrer=<referrer>' instead.
80 optional string OBSOLETE_referrer_url = 9;
82 // Field 11 is only used on the server.
84 // List of shingle hashes we extracted.
85 repeated uint32 shingle_hashes = 12 [packed = true];
87 // The model filename (basename) that was used by the client.
88 optional string model_filename = 13;
90 // Population that the reporting user is part of.
91 optional ChromeUserPopulation population = 14;
92 }
94 message ClientPhishingResponse {
95 required bool phishy = 1;
97 // A list of SafeBrowsing host-suffix / path-prefix expressions that
98 // are whitelisted. The client must match the current top-level URL
99 // against these whitelisted expressions and only apply a positive
100 // phishing verdict above if the URL does not match any expression
101 // on this whitelist. The client must not cache these whitelisted
102 // expressions. This whitelist will be empty for the vast majority
103 // of the responses but might contain up to 100 entries in emergency
104 // situations.
105 //
106 // Marked OBSOLETE because the URL is sent for all users, so the server
107 // can do whitelist matching.
108 repeated string OBSOLETE_whitelist_expression = 2;
109 }
111 message ClientMalwareRequest {
112 // URL that the client visited. The CGI parameters are stripped by the
113 // client.
114 required string url = 1;
116 // Field 2 is deleted and no longer in use.
118 // Field 3 is only used on the server.
120 // The referrer URL. This field might not be set, for example, in the case
121 // where the referrer uses HTTPS.
122 optional string referrer_url = 4;
124 // Field 5 and 6 are only used on the server.
126 message UrlInfo {
127 required string ip = 1;
128 required string url = 2;
129 optional string method = 3;
130 optional string referrer = 4;
131 // Resource type, the int value is a direct cast from the Type enum
132 // of ResourceType class defined in //src/webkit/commom/resource_type.h
133 optional int32 resource_type = 5;
134 }
136 // List of resource urls that match the malware IP list.
137 repeated UrlInfo bad_ip_url_info = 7;
139 // Population that the reporting user is part of.
140 optional ChromeUserPopulation population = 9;
141 }
143 message ClientMalwareResponse {
144 required bool blacklist = 1;
145 // The confirmed blacklisted bad IP and its url, which will be shown in
146 // malware warning, if the blacklist verdict is true.
147 // This IP string could be either in IPv4 or IPv6 format, which is the same
148 // as the ones client sent to server.
149 optional string bad_ip = 2;
150 optional string bad_url = 3;
151 }
153 message ClientDownloadRequest {
154 // The final URL of the download (after all redirects).
155 required string url = 1;
157 // This message contains various binary digests of the download payload.
158 message Digests {
159 optional bytes sha256 = 1;
160 optional bytes sha1 = 2;
161 optional bytes md5 = 3;
162 }
163 required Digests digests = 2;
165 // This is the length in bytes of the download payload.
166 required int64 length = 3;
168 // Type of the resources stored below.
169 enum ResourceType {
170 // The final URL of the download payload. The resource URL should
171 // correspond to the URL field above.
172 DOWNLOAD_URL = 0;
173 // A redirect URL that was fetched before hitting the final DOWNLOAD_URL.
174 DOWNLOAD_REDIRECT = 1;
175 // The final top-level URL of the tab that triggered the download.
176 TAB_URL = 2;
177 // A redirect URL thas was fetched before hitting the final TAB_URL.
178 TAB_REDIRECT = 3;
179 }
181 message Resource {
182 required string url = 1;
183 required ResourceType type = 2;
184 optional bytes remote_ip = 3;
185 // This will only be set if the referrer is available and if the
186 // resource type is either TAB_URL or DOWNLOAD_URL.
187 optional string referrer = 4;
189 // TODO(noelutz): add the transition type?
190 }
192 // This repeated field will store all the redirects as well as the
193 // final URLs for the top-level tab URL (i.e., the URL that
194 // triggered the download) as well as for the download URL itself.
195 repeated Resource resources = 4;
197 // A trust chain of certificates. Each chain begins with the signing
198 // certificate of the binary, and ends with a self-signed certificate,
199 // typically from a trusted root CA. This structure is analogous to
200 // CERT_CHAIN_CONTEXT on Windows.
201 message CertificateChain {
202 // A single link in the chain.
203 message Element {
204 // DER-encoded X.509 representation of the certificate.
205 optional bytes certificate = 1;
206 // Fields 2 - 7 are only used on the server.
207 }
208 repeated Element element = 1;
209 }
211 message SignatureInfo {
212 // All certificate chains for each of the binary's signers. Multiple chains
213 // may be present if the binary or any certificate has multiple signers.
214 // Absence of certificate chains does not imply that the binary is not
215 // signed (in that case, SignedData blobs extracted from the binary may be
216 // preset), but does mean that trust has not been verified.
217 repeated CertificateChain certificate_chain = 1;
219 // True if the signature was trusted on the client.
220 optional bool trusted = 2;
222 // On Windows, PKCS#7 SignedData blobs extracted from a portable executable
223 // image's attribute certificate table. The presence of these does not imply
224 // that the signatures were deemed trusted by the client.
225 // On Mac, this is the code signature blob referenced by the
226 // LC_CODE_SIGNATURE load command.
227 repeated bytes signed_data = 3;
228 }
230 // This field will only be set if the binary is signed.
231 optional SignatureInfo signature = 5;
233 // True if the download was user initiated.
234 optional bool user_initiated = 6;
236 // Fields 7 and 8 are only used on the server.
238 // Name of the file where the download would be stored if the
239 // download completes. E.g., "bla.exe".
240 optional string file_basename = 9;
242 // Starting with Chrome M19 we're also sending back pings for Chrome
243 // extensions that get downloaded by users.
244 enum DownloadType {
245 WIN_EXECUTABLE = 0; // Currently all .exe, .cab and .msi files.
246 CHROME_EXTENSION = 1; // .crx files.
247 ANDROID_APK = 2; // .apk files.
248 // .zip files containing one of the other executable types.
249 ZIPPED_EXECUTABLE = 3;
250 MAC_EXECUTABLE = 4; // .dmg, .pkg, etc.
251 ZIPPED_ARCHIVE = 5; // .zip file containing another archive.
252 ARCHIVE = 6; // Archive that doesn't have a specific DownloadType.
253 }
254 optional DownloadType download_type = 10 [default = WIN_EXECUTABLE];
256 // Locale of the device, eg en, en_US.
257 optional string locale = 11;
259 message PEImageHeaders {
260 // IMAGE_DOS_HEADER.
261 optional bytes dos_header = 1;
262 // IMAGE_FILE_HEADER.
263 optional bytes file_header = 2;
264 // IMAGE_OPTIONAL_HEADER32. Present only for 32-bit PE images.
265 optional bytes optional_headers32 = 3;
266 // IMAGE_OPTIONAL_HEADER64. Present only for 64-bit PE images.
267 optional bytes optional_headers64 = 4;
268 // IMAGE_SECTION_HEADER.
269 repeated bytes section_header = 5;
270 // Contents of the .edata section.
271 optional bytes export_section_data = 6;
273 message DebugData {
274 // IMAGE_DEBUG_DIRECTORY.
275 optional bytes directory_entry = 1;
276 optional bytes raw_data = 2;
277 }
279 repeated DebugData debug_data = 7;
280 }
282 message MachOHeaders {
283 // The mach_header or mach_header_64 struct.
284 required bytes mach_header = 1;
286 message LoadCommand {
287 // |command_id| is the first uint32 of |command| as well, but is
288 // extracted for easier processing.
289 required uint32 command_id = 1;
290 // The entire data stream of the load command.
291 required bytes command = 2;
292 }
294 // All the load commands of the Mach-O file.
295 repeated LoadCommand load_commands = 2;
296 }
298 message ImageHeaders {
299 // Windows Portable Executable image headers.
300 optional PEImageHeaders pe_headers = 1;
302 // OS X Mach-O image headers.
303 repeated MachOHeaders mach_o_headers = 2;
304 };
306 // Fields 12-17 are reserved for server-side use and are never sent by the
307 // client.
309 optional ImageHeaders image_headers = 18;
311 // Fields 19-21 are reserved for server-side use and are never sent by the
312 // client.
314 // A binary contained in an archive (e.g., a .zip archive).
315 message ArchivedBinary {
316 optional string file_basename = 1;
317 optional DownloadType download_type = 2;
318 optional Digests digests = 3;
319 optional int64 length = 4;
320 optional SignatureInfo signature = 5;
321 optional ImageHeaders image_headers = 6;
322 }
324 repeated ArchivedBinary archived_binary = 22;
326 // Population that the reporting user is part of.
327 optional ChromeUserPopulation population = 24;
328 }
330 message ClientDownloadResponse {
331 enum Verdict {
332 // Download is considered safe.
333 SAFE = 0;
334 // Download is considered dangerous. Chrome should show a warning to the
335 // user.
336 DANGEROUS = 1;
337 // Download is unknown. Chrome should display a less severe warning.
338 UNCOMMON = 2;
339 // The download is potentially unwanted.
340 POTENTIALLY_UNWANTED = 3;
341 // The download is from a dangerous host.
342 DANGEROUS_HOST = 4;
343 }
344 required Verdict verdict = 1;
346 message MoreInfo {
347 // A human-readable string describing the nature of the warning.
348 // Only if verdict != SAFE. Localized based on request.locale.
349 optional string description = 1;
351 // A URL to get more information about this warning, if available.
352 optional string url = 2;
353 }
354 optional MoreInfo more_info = 2;
356 // An arbitrary token that should be sent along for further server requests.
357 optional bytes token = 3;
358 }
360 // The following protocol buffer holds the feedback report gathered
361 // from the user regarding the download.
362 message ClientDownloadReport {
363 // The information of user who provided the feedback.
364 // This is going to be useful for handling appeals.
365 message UserInformation {
366 optional string email = 1;
367 }
369 enum Reason {
370 SHARE = 0;
371 FALSE_POSITIVE = 1;
372 APPEAL = 2;
373 }
375 // The type of feedback for this report.
376 optional Reason reason = 1;
378 // The original download ping
379 optional ClientDownloadRequest download_request = 2;
381 // Stores the information of the user who provided the feedback.
382 optional UserInformation user_information = 3;
384 // Unstructed comments provided by the user.
385 optional bytes comment = 4;
387 // The original download response sent from the verdict server.
388 optional ClientDownloadResponse download_response = 5;
389 }
391 // This is used to send back upload status to the client after upload completion
392 message ClientUploadResponse {
393 enum UploadStatus {
394 // The upload was successful and a complete response can be expected
395 SUCCESS = 0;
397 // The upload was unsuccessful and the response is incomplete.
398 UPLOAD_FAILURE = 1;
399 }
401 // Holds the upload status
402 optional UploadStatus status = 1;
404 // Holds the permalink where the results of scanning the binary are available
405 optional string permalink = 2;
406 }
408 message ClientIncidentReport {
409 message IncidentData {
410 message TrackedPreferenceIncident {
411 enum ValueState {
412 UNKNOWN = 0;
413 CLEARED = 1;
414 WEAK_LEGACY_OBSOLETE = 2;
415 CHANGED = 3;
416 UNTRUSTED_UNKNOWN_VALUE = 4;
417 }
419 optional string path = 1;
420 optional string atomic_value = 2;
421 repeated string split_key = 3;
422 optional ValueState value_state = 4;
423 }
424 message BinaryIntegrityIncident {
425 optional string file_basename = 1;
426 optional ClientDownloadRequest.SignatureInfo signature = 2;
427 }
428 message BlacklistLoadIncident {
429 optional string path = 1;
430 optional ClientDownloadRequest.Digests digest = 2;
431 optional string version = 3;
432 optional bool blacklist_initialized = 4;
433 optional ClientDownloadRequest.SignatureInfo signature = 5;
434 optional ClientDownloadRequest.ImageHeaders image_headers = 6;
435 }
436 message VariationsSeedSignatureIncident {
437 optional string variations_seed_signature = 1;
438 }
439 message ResourceRequestIncident {
440 enum Type {
441 UNKNOWN = 0;
442 TYPE_SCRIPT = 1;
443 TYPE_DOMAIN = 2;
444 }
445 optional bytes digest = 1;
446 optional string origin = 2;
447 optional Type type = 3 [default = UNKNOWN];
448 }
449 optional int64 incident_time_msec = 1;
450 optional TrackedPreferenceIncident tracked_preference = 2;
451 optional BinaryIntegrityIncident binary_integrity = 3;
452 optional BlacklistLoadIncident blacklist_load = 4;
453 // Note: skip tag 5 because it was previously used.
454 optional VariationsSeedSignatureIncident variations_seed_signature = 6;
455 optional ResourceRequestIncident resource_request = 7;
456 }
458 repeated IncidentData incident = 1;
460 message DownloadDetails {
461 optional bytes token = 1;
462 optional ClientDownloadRequest download = 2;
463 optional int64 download_time_msec = 3;
464 optional int64 open_time_msec = 4;
465 }
467 optional DownloadDetails download = 2;
469 message EnvironmentData {
470 message OS {
471 optional string os_name = 1;
472 optional string os_version = 2;
474 message RegistryValue {
475 optional string name = 1;
476 optional uint32 type = 2;
477 optional bytes data = 3;
478 }
480 message RegistryKey {
481 optional string name = 1;
482 repeated RegistryValue value = 2;
483 repeated RegistryKey key = 3;
484 }
486 repeated RegistryKey registry_key = 3;
487 }
488 optional OS os = 1;
489 message Machine {
490 optional string cpu_architecture = 1;
491 optional string cpu_vendor = 2;
492 optional uint32 cpuid = 3;
493 }
494 optional Machine machine = 2;
495 message Process {
496 optional string version = 1;
497 repeated string OBSOLETE_dlls = 2;
498 message Patch {
499 optional string function = 1;
500 optional string target_dll = 2;
501 }
502 repeated Patch patches = 3;
503 message NetworkProvider {}
504 repeated NetworkProvider network_providers = 4;
505 enum Channel {
506 CHANNEL_UNKNOWN = 0;
507 CHANNEL_CANARY = 1;
508 CHANNEL_DEV = 2;
509 CHANNEL_BETA = 3;
510 CHANNEL_STABLE = 4;
511 }
512 optional Channel chrome_update_channel = 5;
513 optional int64 uptime_msec = 6;
514 optional bool metrics_consent = 7;
515 optional bool extended_consent = 8;
516 message Dll {
517 enum Feature {
518 UNKNOWN = 0;
519 LSP = 1;
520 }
521 optional string path = 1;
522 optional uint64 base_address = 2;
523 optional uint32 length = 3;
524 repeated Feature feature = 4;
525 optional ClientDownloadRequest.ImageHeaders image_headers = 5;
526 }
527 repeated Dll dll = 9;
528 repeated string blacklisted_dll = 10;
529 message ModuleState {
530 enum ModifiedState {
531 UNKNOWN = 0;
532 MODULE_STATE_UNKNOWN = 1;
533 MODULE_STATE_UNMODIFIED = 2;
534 MODULE_STATE_MODIFIED = 3;
535 }
536 optional string name = 1;
537 optional ModifiedState modified_state = 2;
538 repeated string OBSOLETE_modified_export = 3;
540 message Modification {
541 optional uint32 file_offset = 1;
542 optional int32 byte_count = 2;
543 optional bytes modified_bytes = 3;
544 optional string export_name = 4;
545 }
546 repeated Modification modification = 4;
547 }
548 repeated ModuleState module_state = 11;
549 }
550 optional Process process = 3;
551 }
553 optional EnvironmentData environment = 3;
555 // Population that the reporting user is part of.
556 optional ChromeUserPopulation population = 7;
557 }
559 message ClientIncidentResponse {
560 optional bytes token = 1;
561 optional bool download_requested = 2;
563 message EnvironmentRequest { optional int32 dll_index = 1; }
565 repeated EnvironmentRequest environment_requests = 3;
566 }
568 message DownloadMetadata {
569 optional uint32 download_id = 1;
571 optional ClientIncidentReport.DownloadDetails download = 2;
572 }