Submit a sample of notification images to Safe Browsing

chrome/common/safe_browsing/csd.proto

Index: chrome/common/safe_browsing/csd.proto
diff --git a/chrome/common/safe_browsing/csd.proto b/chrome/common/safe_browsing/csd.proto
index c98152aae1a51efa35eeddf5e3f7a75f5d311e0b..12dc650cc9872d50a7604c55df4995c0f66b8fbc 100644
--- a/chrome/common/safe_browsing/csd.proto
+++ b/chrome/common/safe_browsing/csd.proto
@@ -835,3 +835,32 @@ message ClientSafeBrowsingReportRequest {
   // DANGEROUS_DOWNLOAD_BY_API.
   optional bytes token = 15;
 }
+
+// Canonical representation of raster image data.
+message ImageData {
+  // Image bitmap, after downscaling to <= 512x512.
+  optional bytes data = 1;
+
+  // Encoding scheme for the bitmap. If not specified, assumed to be image/png.

[Nathan Parker, 2017/01/20 01:37:29]

Let's remove the "if not specified" part since the backend isn't making that
assumption, and we should just populate this.

[harkness, 2017/01/20 16:58:06]

Done.

+  optional string mime_type = 2;
+
+  message Dimensions {
+    optional int32 width = 1;
+    optional int32 height = 2;
+  }
+
+  optional Dimensions dimensions = 3;

[Nathan Parker, 2017/01/20 01:37:28]

Add comment
// Dimensions of the image stored in |data|.

[harkness, 2017/01/20 16:58:06]

Done.

+  optional Dimensions original_dimensions = 4;  // iff downscaled
+}
+
+// Reporting protobuf for an image served as part of a browser notification.
+// There is no response (an empty body) to this request.
+message NotificationImageReportRequest {
+  optional string notification_origin = 1;  // Src-origin of the notification.
+  optional ImageData image = 2;             // The bitmap of the image.
+
+  // Note that the image URL is deliberately omitted as it would be untrusted,
+  // since the notification image fetch may be intercepted by a Service Worker
+  // (even if the image URL is cross-origin). Otherwise a website could mislead
+  // Safe Browsing into associating phishing image bitmaps with safe image URLs.
+}