Collect threat details for phishing and UwS

chrome/browser/safe_browsing/report.proto

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // Safe Browsing reporting protocol buffers.
 //
-// A ClientMalwareReportRequest is sent when a user opts-in to 
-// sending detailed malware reports from the safe browsing interstitial page.
-// 
+// A ClientSafeBrowsingReportRequest is sent when a user opts-in to
+// sending detailed threat reports from the safe browsing interstitial page.
+//
 // It is a list of Resource messages, which may contain the url of a
 // resource such as the page in the address bar or any other resource
 // that was loaded for this page.
 //
 // In addition to the url, a resource can contain HTTP request and response
 // headers and bodies.
 
 syntax = "proto2";
 
 option optimize_for = LITE_RUNTIME;
 
 package safe_browsing;
 
+// A Detailed Safebrowsing Report from clients. Chrome safebrowsing reports are
+// only sent by Chrome users who have opted into extended Safe Browsing.
+message ClientSafeBrowsingReportRequest {

[Nathan Parker, 2015/11/03 20:51:57]

Can you add a comment that this is replacing ClientMalwareReportRequest?

[Jialiu Lin, 2015/11/04 21:32:25]

Done.

+  // Note: A lot of the "optional" fields would make sense to be
+  // "required" instead.  However, having them as optional allows the
+  // clients to send "stripped down" versions of the message in the
+  // future, if we want to.
+
+  enum ReportType {
+    UNKNOWN = 0;
+    URL_PHISHING = 1;
+    URL_MALWARE = 2;
+    URL_UNWANTED = 3;
+    BINARY_MALWARE_URL = 4;
+    CLIENT_SIDE_PHISHING_URL = 5;
+    CLIENT_SIDE_MALWARE_URL = 6;
+    BINARY_MALWARE_CONTENT = 7;

[Nathan Parker, 2015/11/03 20:51:57]

Is there a BINARY_UNWANTED_CONTENT?

[Jialiu Lin, 2015/11/04 21:32:25]

removed types that not related to interstitial or download recovery.

+    MALICIOUS_DOWNLOAD_RECOVERY = 8;
+  }
+
+  message HTTPHeader {
+    required bytes name = 1;
+    optional bytes value = 2;
+  }
+
+  message HTTPRequest {
+    message FirstLine {
+      optional bytes verb = 1;
+      optional bytes uri = 2;
+      optional bytes version = 3;
+    }
+
+    optional FirstLine firstline = 1;
+    repeated HTTPHeader headers = 2;
+    optional bytes body = 3;
+    optional bytes bodydigest = 4;  // 32-byte hex md5 digest of body.
+    optional int32 bodylength = 5;  // length of body.
+  }
+
+  message HTTPResponse {
+    message FirstLine {
+      optional int32 code = 1;
+      optional bytes reason = 2;
+      optional bytes version = 3;
+    }
+
+    optional FirstLine firstline = 1;
+    repeated HTTPHeader headers = 2;
+    optional bytes body = 3;
+    optional bytes bodydigest = 4;  // 32-byte hex md5 digest of body.
+    optional int32 bodylength = 5;  // length of body.
+    optional bytes remote_ip = 6;   // IP of the server.
+  }
+
+  message Resource {
+    required int32 id = 1;
+    optional string url = 2;
+    optional HTTPRequest request = 3;
+    optional HTTPResponse response = 4;
+    optional int32 parent_id = 5;
+    repeated int32 child_ids = 6;
+    optional string tag_name = 7;
+  }
+
+  optional ReportType type = 1;
+  optional string url = 2;
+  optional string page_url = 3;
+  optional string referrer_url = 4;
+
+  repeated Resource resources = 6;
+
+  // Whether the report is complete.
+  optional bool complete = 7;
+
+  // The ASN and country of the client IP. These fields are filled up by
+  // csd_frontend
+  repeated string client_asn = 8;
+  optional string client_country = 9;
+
+  // Whether user chose to proceed.
+  optional bool did_proceed = 10;
+
+  // Whether user visited this url before.

[Nathan Parker, 2015/11/03 20:51:57]

I think it's origin, not URL.

[Jialiu Lin, 2015/11/04 21:32:25]

Done.

+  optional bool repeat_visit = 11;
+}
+
+// Deprecated!!
 message ClientMalwareReportRequest {

[Nathan Parker, 2015/11/03 20:51:57]

Can remove this proto altogether.

[Jialiu Lin, 2015/11/04 21:32:25]

Done.

 
   message HTTPHeader {
     required bytes name = 1;
     optional bytes value = 2;
   }
 
   message HTTPRequest {
     message FirstLine {
       optional bytes verb = 1;  // Also known as method, eg "GET"
       optional bytes uri = 2;
@@ skipping 27 matching lines @@
     optional int32 bodylength = 5;
     optional bytes remote_ip = 6;
   }
 
   message Resource {
     required int32 id = 1;
     optional string url = 2;
     optional HTTPRequest request = 3;
     optional HTTPResponse response = 4;
 
     optional int32 parent_id = 5;  // Id of the parent, if known.

[Nathan Parker, 2015/11/03 20:51:57]

These comments seem useful.  Can you copy them to the new proto?

[Jialiu Lin, 2015/11/04 21:32:25]

Done.

 
     // A list of children. The order of the children in this list is
     // significant. The |parent_id| field for child nodes can be derived
     // from this, but this allows us to be more flexible.
     repeated int32 child_ids = 6;
 
     // Tag that was used to include this resource, eg "iframe"
     optional string tag_name = 7;
   }
 
   // URL of the resource that matches the safe browsing list.
   optional string malware_url = 1;
 
   // URL of the page in the address bar.
   optional string page_url = 2;
 
   optional string referrer_url = 3;
   repeated Resource resources = 4;
 
   // Whether the report has HTTP Responses.
   optional bool complete = 5;
 
   // Whether user chose to proceed.
   optional bool did_proceed = 8;
 
   // Whether user visited this origin before.
   optional bool repeat_visit = 9;
-}
+}