| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // | 4 // |
| 5 // Client side phishing and malware detection request and response | 5 // Client side phishing and malware detection request and response |
| 6 // protocol buffers. Those protocol messages should be kept in sync | 6 // protocol buffers. Those protocol messages should be kept in sync |
| 7 // with the server implementation. | 7 // with the server implementation. |
| 8 // | 8 // |
| 9 // If you want to change this protocol definition or you have questions | 9 // If you want to change this protocol definition or you have questions |
| 10 // regarding its format please contact chrome-anti-phishing@googlegroups.com. | 10 // regarding its format please contact chrome-anti-phishing@googlegroups.com. |
| 11 | 11 |
| 12 syntax = "proto2"; | 12 syntax = "proto2"; |
| 13 | 13 |
| 14 option optimize_for = LITE_RUNTIME; | 14 option optimize_for = LITE_RUNTIME; |
| 15 | 15 |
| 16 package safe_browsing; | 16 package safe_browsing; |
| 17 | 17 |
| 18 message ClientPhishingRequest { | 18 message ClientPhishingRequest { |
| 19 // URL that the client visited. The CGI parameters are stripped by the | 19 // URL that the client visited. The CGI parameters are stripped by the |
| 20 // client. This field is ONLY set for UMA-enabled users. | 20 // client. |
| 21 optional string url = 1; | 21 optional string url = 1; |
| 22 | 22 |
| 23 // A 5-byte SHA-256 hash prefix of the URL. Before hashing the URL is | 23 // A 5-byte SHA-256 hash prefix of the URL. Before hashing the URL is |
| 24 // canonicalized, converted to a suffix-prefix expression and broadened | 24 // canonicalized, converted to a suffix-prefix expression and broadened |
| 25 // (www prefix is removed and everything past the last '/' is stripped). | 25 // (www prefix is removed and everything past the last '/' is stripped). |
| 26 // | 26 // |
| 27 // Marked OBSOLETE because the URL is sent for all users, making the hash | 27 // Marked OBSOLETE because the URL is sent for all users, making the hash |
| 28 // prefix unnecessary. | 28 // prefix unnecessary. |
| 29 optional bytes OBSOLETE_hash_prefix = 10; | 29 optional bytes OBSOLETE_hash_prefix = 10; |
| 30 | 30 |
| (...skipping 28 matching lines...) Expand all Loading... |
| 59 // Field 7 is only used on the server. | 59 // Field 7 is only used on the server. |
| 60 | 60 |
| 61 // List of features that are extracted in the client but are not used in the | 61 // List of features that are extracted in the client but are not used in the |
| 62 // machine learning model. | 62 // machine learning model. |
| 63 repeated Feature non_model_feature_map = 8; | 63 repeated Feature non_model_feature_map = 8; |
| 64 | 64 |
| 65 // The referrer URL. This field might not be set, for example, in the case | 65 // The referrer URL. This field might not be set, for example, in the case |
| 66 // where the referrer uses HTTPs. | 66 // where the referrer uses HTTPs. |
| 67 // OBSOLETE: Use feature 'Referrer=<referrer>' instead. | 67 // OBSOLETE: Use feature 'Referrer=<referrer>' instead. |
| 68 optional string OBSOLETE_referrer_url = 9; | 68 optional string OBSOLETE_referrer_url = 9; |
| 69 |
| 70 // Field 11 is only used on the server. |
| 69 } | 71 } |
| 70 | 72 |
| 71 message ClientPhishingResponse { | 73 message ClientPhishingResponse { |
| 72 required bool phishy = 1; | 74 required bool phishy = 1; |
| 73 | 75 |
| 74 // A list of SafeBrowsing host-suffix / path-prefix expressions that | 76 // A list of SafeBrowsing host-suffix / path-prefix expressions that |
| 75 // are whitelisted. The client must match the current top-level URL | 77 // are whitelisted. The client must match the current top-level URL |
| 76 // against these whitelisted expressions and only apply a positive | 78 // against these whitelisted expressions and only apply a positive |
| 77 // phishing verdict above if the URL does not match any expression | 79 // phishing verdict above if the URL does not match any expression |
| 78 // on this whitelist. The client must not cache these whitelisted | 80 // on this whitelist. The client must not cache these whitelisted |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 131 | 133 |
| 132 // A trust chain of certificates. Each chain begins with the signing | 134 // A trust chain of certificates. Each chain begins with the signing |
| 133 // certificate of the binary, and ends with a self-signed certificate, | 135 // certificate of the binary, and ends with a self-signed certificate, |
| 134 // typically from a trusted root CA. This structure is analogous to | 136 // typically from a trusted root CA. This structure is analogous to |
| 135 // CERT_CHAIN_CONTEXT on Windows. | 137 // CERT_CHAIN_CONTEXT on Windows. |
| 136 message CertificateChain { | 138 message CertificateChain { |
| 137 // A single link in the chain. | 139 // A single link in the chain. |
| 138 message Element { | 140 message Element { |
| 139 // DER-encoded X.509 representation of the certificate. | 141 // DER-encoded X.509 representation of the certificate. |
| 140 optional bytes certificate = 1; | 142 optional bytes certificate = 1; |
| 143 // Fields 2 - 7 are only used on the server. |
| 141 } | 144 } |
| 142 repeated Element element = 1; | 145 repeated Element element = 1; |
| 143 } | 146 } |
| 144 | 147 |
| 145 message SignatureInfo { | 148 message SignatureInfo { |
| 146 // All of the certificate chains for the binary's signing certificate. | 149 // All of the certificate chains for the binary's signing certificate. |
| 147 // If no chains are present, the binary is not signed. Multiple chains | 150 // If no chains are present, the binary is not signed. Multiple chains |
| 148 // may be present if any certificate has multiple signers. | 151 // may be present if any certificate has multiple signers. |
| 149 repeated CertificateChain certificate_chain = 1; | 152 repeated CertificateChain certificate_chain = 1; |
| 150 | 153 |
| 151 // True if the signature was trusted on the client. | 154 // True if the signature was trusted on the client. |
| 152 optional bool trusted = 2; | 155 optional bool trusted = 2; |
| 153 } | 156 } |
| 154 | 157 |
| 155 // This field will only be set if the binary is signed. | 158 // This field will only be set if the binary is signed. |
| 156 optional SignatureInfo signature = 5; | 159 optional SignatureInfo signature = 5; |
| 157 | 160 |
| 158 // True if the download was user initiated. | 161 // True if the download was user initiated. |
| 159 optional bool user_initiated = 6; | 162 optional bool user_initiated = 6; |
| 160 | 163 |
| 164 // Fields 7 and 8 are only used on the server. |
| 165 |
| 161 // Name of the file where the download would be stored if the | 166 // Name of the file where the download would be stored if the |
| 162 // download completes. E.g., "bla.exe". | 167 // download completes. E.g., "bla.exe". |
| 163 optional string file_basename = 9; | 168 optional string file_basename = 9; |
| 164 | 169 |
| 165 // Starting with Chrome M19 we're also sending back pings for Chrome | 170 // Starting with Chrome M19 we're also sending back pings for Chrome |
| 166 // extensions that get downloaded by users. | 171 // extensions that get downloaded by users. |
| 167 enum DownloadType { | 172 enum DownloadType { |
| 168 WIN_EXECUTABLE = 0; // Currently all .exe, .cab and .msi files. | 173 WIN_EXECUTABLE = 0; // Currently all .exe, .cab and .msi files. |
| 169 CHROME_EXTENSION = 1; // .crx files. | 174 CHROME_EXTENSION = 1; // .crx files. |
| 170 ANDROID_APK = 2; // .apk files. | 175 ANDROID_APK = 2; // .apk files. |
| 171 // .zip files containing one of the above executable types. | 176 // .zip files containing one of the above executable types. |
| 172 ZIPPED_EXECUTABLE = 3; | 177 ZIPPED_EXECUTABLE = 3; |
| 173 } | 178 } |
| 174 optional DownloadType download_type = 10 [default = WIN_EXECUTABLE]; | 179 optional DownloadType download_type = 10 [default = WIN_EXECUTABLE]; |
| 175 | 180 |
| 176 // Locale of the device, eg en, en_US. | 181 // Locale of the device, eg en, en_US. |
| 177 optional string locale = 11; | 182 optional string locale = 11; |
| 183 |
| 184 // Field 12 is only used on the server. |
| 178 } | 185 } |
| 179 | 186 |
| 180 message ClientDownloadResponse { | 187 message ClientDownloadResponse { |
| 181 enum Verdict { | 188 enum Verdict { |
| 182 // Download is considered safe. | 189 // Download is considered safe. |
| 183 SAFE = 0; | 190 SAFE = 0; |
| 184 // Download is considered dangerous. Chrome should show a warning to the | 191 // Download is considered dangerous. Chrome should show a warning to the |
| 185 // user. | 192 // user. |
| 186 DANGEROUS = 1; | 193 DANGEROUS = 1; |
| 187 // Download is unknown. Chrome should display a less severe warning. | 194 // Download is unknown. Chrome should display a less severe warning. |
| 188 UNCOMMON = 2; | 195 UNCOMMON = 2; |
| 189 // The download is potentially unwanted. | 196 // The download is potentially unwanted. |
| 190 POTENTIALLY_UNWANTED = 3; | 197 POTENTIALLY_UNWANTED = 3; |
| 191 } | 198 } |
| 192 required Verdict verdict = 1; | 199 required Verdict verdict = 1; |
| 193 | 200 |
| 194 message MoreInfo { | 201 message MoreInfo { |
| 195 // A human-readable string describing the nature of the warning. | 202 // A human-readable string describing the nature of the warning. |
| 196 // Only if verdict != SAFE. Localized based on request.locale. | 203 // Only if verdict != SAFE. Localized based on request.locale. |
| 197 optional string description = 1; | 204 optional string description = 1; |
| 198 | 205 |
| 199 // A URL to get more information about this warning, if available. | 206 // A URL to get more information about this warning, if available. |
| 200 optional string url = 2; | 207 optional string url = 2; |
| 201 } | 208 } |
| 202 optional MoreInfo more_info = 2; | 209 optional MoreInfo more_info = 2; |
| 210 |
| 211 // An arbitrary token that should be sent along for further server requests. |
| 212 optional bytes token = 3; |
| 203 } | 213 } |
| 214 |
| 215 // The following protocol buffer holds the feedback report gathered |
| 216 // from the user regarding the download. |
| 217 message ClientDownloadReport { |
| 218 // The information of user who provided the feedback. |
| 219 // This is going to be useful for handling appeals. |
| 220 message UserInformation { |
| 221 optional string email = 1; |
| 222 } |
| 223 |
| 224 enum Reason { |
| 225 SHARE = 0; |
| 226 FALSE_POSITIVE = 1; |
| 227 APPEAL = 2; |
| 228 } |
| 229 |
| 230 // The type of feedback for this report. |
| 231 optional Reason reason = 1; |
| 232 |
| 233 // The original download ping |
| 234 optional ClientDownloadRequest download_request = 2; |
| 235 |
| 236 // Stores the information of the user who provided the feedback. |
| 237 optional UserInformation user_information = 3; |
| 238 |
| 239 // Unstructed comments provided by the user. |
| 240 optional bytes comment = 4; |
| 241 |
| 242 // The original download response sent from the verdict server. |
| 243 optional ClientDownloadResponse download_response = 5; |
| 244 } |
| OLD | NEW |