Send malware reports when a user opts-in from the safe browsing interstitial ...

chrome/browser/safe_browsing/report.proto

Index: chrome/browser/safe_browsing/report.proto
===================================================================
--- chrome/browser/safe_browsing/report.proto	(revision 0)
+++ chrome/browser/safe_browsing/report.proto	(revision 0)
@@ -0,0 +1,91 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Safe Browsing reporting protocol buffers.
+//
+// A ClientMalwareReportRequest is sent when a user opts-in to 
+// sending detailed malware reports from the safe browsing interstitial page.
+// 
+// It is a list of Resource messages, which may contain the url of a
+// resource such as the page in the address bar or any other resource
+// that was loaded for this page.
+//
+// In addition to the url, a resource can contain HTTP request and response
+// headers and bodies.
+
+syntax = "proto2";
+
+option optimize_for = LITE_RUNTIME;
+
+package safe_browsing;
+
+message ClientMalwareReportRequest {
+
+  message HTTPHeader {
+    required string name = 1;
+    optional string value = 2;
+  }
+
+  message HTTPRequest {
+    message FirstLine {
+      optional string verb = 1;  // Also known as method, eg "GET"
+      optional string uri = 2;
+      optional string version = 3;
+    }
+    
+    optional FirstLine firstline = 1;
+    repeated HTTPHeader headers = 2;
+    optional string body = 3;
+
+    // bodydigest and bodylength can be useful if the report does not
+    // contain the body itself.
+    optional string bodydigest = 4;  
+    optional int32 bodylength = 5;
+  }
+
+  message HTTPResponse {
+    message FirstLine {
+      optional int32 code = 1;
+      optional string reason = 2;
+      optional string version = 3;
+    }
+
+    optional FirstLine firstline = 1;
+    repeated HTTPHeader headers = 2;
+    optional string body = 3;
+
+    // bodydigest and bodylength can be useful if the report does not
+    // contain the body itself.
+    optional string bodydigest = 4;
+    optional int32 bodylength = 5;
+    optional string remote_ip = 6;
+  }
+
+  message Resource {
+    optional string url = 1;
+
+    // URL of the parent frame.
+    optional string parent = 2;
+
+    // Tag that was used to include this resource, eg "iframe"
+    optional string tag_name = 3;
+
+    optional HTTPRequest request = 4;
+    optional HTTPResponse response = 5;
+
+    // A list of children. The order of the children in this list is
+    // significant. The |parent| field for child nodes can be derived
+    // from this, but this allows us to be more flexible.
+    repeated string children = 6;
+  }
+
+  // URL of the resource that matches the safe browsing list.
+  optional string malware_url = 1;

[Scott Hess - ex-Googler, 2010/11/23 01:59:39]

Can there be more than one?

[panayiotis, 2010/11/24 22:40:15]

No, we stop at the first malicious resource and show a warning.

There's one case, where a user proceeds through the warning and then more
malicious resources are loaded. We don't generate a malware report for those
cases though. It's hard to tell, but it's in 

safe_browsing_blocking_page.cc:

  if (unsafe_resources.size() == 1 && ....


We are independently working to simplify safe_browsing_blocking_page actually to
not show additional warnings when a user clicks through the first warning.
That should make at least that file much simpler.  For now I extended the
comment in that file.

+
+  // URL of the page in the address bar.
+  optional string page_url = 2;
+
+  optional string referrer_url = 3;
+  repeated Resource nodes = 4;
+}