OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 // | |
5 // This proto file includes: | |
6 // (1) Client side phishing and malware detection request and response | |
7 // protocol buffers. Those protocol messages should be kept in sync | |
8 // with the server implementation. | |
9 // | |
10 // (2) Safe Browsing reporting protocol buffers. | |
11 // A ClientSafeBrowsingReportRequest is sent when a user opts-in to | |
12 // sending detailed threat reports from the safe browsing interstitial page. | |
13 // It is a list of Resource messages, which may contain the url of a | |
14 // resource such as the page in the address bar or any other resource | |
15 // that was loaded for this page. | |
16 // In addition to the url, a resource can contain HTTP request and response | |
17 // headers and bodies. | |
18 // | |
19 // If you want to change this protocol definition or you have questions | |
20 // regarding its format please contact chrome-anti-phishing@googlegroups.com. | |
21 | |
22 syntax = "proto2"; | |
23 | |
24 option optimize_for = LITE_RUNTIME; | |
25 | |
26 package safe_browsing; | |
27 | |
28 // Protocol buffer describing the Chrome user population of the user reporting | |
29 // data. | |
30 message ChromeUserPopulation { | |
31 enum UserPopulation { | |
32 UNKNOWN_USER_POPULATION = 0; | |
33 SAFE_BROWSING = 1; | |
34 EXTENDED_REPORTING = 2; | |
35 } | |
36 optional UserPopulation user_population = 1; | |
37 } | |
38 | |
39 | |
40 message ClientPhishingRequest { | |
41 // URL that the client visited. The CGI parameters are stripped by the | |
42 // client. | |
43 optional string url = 1; | |
44 | |
45 // A 5-byte SHA-256 hash prefix of the URL. Before hashing the URL is | |
46 // canonicalized, converted to a suffix-prefix expression and broadened | |
47 // (www prefix is removed and everything past the last '/' is stripped). | |
48 // | |
49 // Marked OBSOLETE because the URL is sent for all users, making the hash | |
50 // prefix unnecessary. | |
51 optional bytes OBSOLETE_hash_prefix = 10; | |
52 | |
53 // Score that was computed on the client. Value is between 0.0 and 1.0. | |
54 // The larger the value the more likely the url is phishing. | |
55 required float client_score = 2; | |
56 | |
57 // Note: we're skipping tag 3 because it was previously used. | |
58 | |
59 // Is true if the features for this URL were classified as phishing. | |
60 // Currently, this will always be true for all client-phishing requests | |
61 // that are sent to the server. | |
62 optional bool is_phishing = 4; | |
63 | |
64 message Feature { | |
65 // Feature name. E.g., 'PageHasForms'. | |
66 required string name = 1; | |
67 | |
68 // Feature value is always in the range [0.0, 1.0]. Boolean features | |
69 // have value 1.0. | |
70 required double value = 2; | |
71 } | |
72 | |
73 // List of features that were extracted. Those are the features that were | |
74 // sent to the scorer and which resulted in client_score being computed. | |
75 repeated Feature feature_map = 5; | |
76 | |
77 // The version number of the model that was used to compute the client-score. | |
78 // Copied from ClientSideModel.version(). | |
79 optional int32 model_version = 6; | |
80 | |
81 // Field 7 is only used on the server. | |
82 | |
83 // List of features that are extracted in the client but are not used in the | |
84 // machine learning model. | |
85 repeated Feature non_model_feature_map = 8; | |
86 | |
87 // The referrer URL. This field might not be set, for example, in the case | |
88 // where the referrer uses HTTPs. | |
89 // OBSOLETE: Use feature 'Referrer=<referrer>' instead. | |
90 optional string OBSOLETE_referrer_url = 9; | |
91 | |
92 // Field 11 is only used on the server. | |
93 | |
94 // List of shingle hashes we extracted. | |
95 repeated uint32 shingle_hashes = 12 [packed = true]; | |
96 | |
97 // The model filename (basename) that was used by the client. | |
98 optional string model_filename = 13; | |
99 | |
100 // Population that the reporting user is part of. | |
101 optional ChromeUserPopulation population = 14; | |
102 } | |
103 | |
104 message ClientPhishingResponse { | |
105 required bool phishy = 1; | |
106 | |
107 // A list of SafeBrowsing host-suffix / path-prefix expressions that | |
108 // are whitelisted. The client must match the current top-level URL | |
109 // against these whitelisted expressions and only apply a positive | |
110 // phishing verdict above if the URL does not match any expression | |
111 // on this whitelist. The client must not cache these whitelisted | |
112 // expressions. This whitelist will be empty for the vast majority | |
113 // of the responses but might contain up to 100 entries in emergency | |
114 // situations. | |
115 // | |
116 // Marked OBSOLETE because the URL is sent for all users, so the server | |
117 // can do whitelist matching. | |
118 repeated string OBSOLETE_whitelist_expression = 2; | |
119 } | |
120 | |
121 message ClientMalwareRequest { | |
122 // URL that the client visited. The CGI parameters are stripped by the | |
123 // client. | |
124 required string url = 1; | |
125 | |
126 // Field 2 is deleted and no longer in use. | |
127 | |
128 // Field 3 is only used on the server. | |
129 | |
130 // The referrer URL. This field might not be set, for example, in the case | |
131 // where the referrer uses HTTPS. | |
132 optional string referrer_url = 4; | |
133 | |
134 // Field 5 and 6 are only used on the server. | |
135 | |
136 message UrlInfo { | |
137 required string ip = 1; | |
138 required string url = 2; | |
139 optional string method = 3; | |
140 optional string referrer = 4; | |
141 // Resource type, the int value is a direct cast from the Type enum | |
142 // of ResourceType class defined in //src/webkit/commom/resource_type.h | |
143 optional int32 resource_type = 5; | |
144 } | |
145 | |
146 // List of resource urls that match the malware IP list. | |
147 repeated UrlInfo bad_ip_url_info = 7; | |
148 | |
149 // Population that the reporting user is part of. | |
150 optional ChromeUserPopulation population = 9; | |
151 } | |
152 | |
153 message ClientMalwareResponse { | |
154 required bool blacklist = 1; | |
155 // The confirmed blacklisted bad IP and its url, which will be shown in | |
156 // malware warning, if the blacklist verdict is true. | |
157 // This IP string could be either in IPv4 or IPv6 format, which is the same | |
158 // as the ones client sent to server. | |
159 optional string bad_ip = 2; | |
160 optional string bad_url = 3; | |
161 } | |
162 | |
163 message ClientDownloadRequest { | |
164 // The final URL of the download (after all redirects). | |
165 required string url = 1; | |
166 | |
167 // This message contains various binary digests of the download payload. | |
168 message Digests { | |
169 optional bytes sha256 = 1; | |
170 optional bytes sha1 = 2; | |
171 optional bytes md5 = 3; | |
172 } | |
173 required Digests digests = 2; | |
174 | |
175 // This is the length in bytes of the download payload. | |
176 required int64 length = 3; | |
177 | |
178 // Type of the resources stored below. | |
179 enum ResourceType { | |
180 // The final URL of the download payload. The resource URL should | |
181 // correspond to the URL field above. | |
182 DOWNLOAD_URL = 0; | |
183 // A redirect URL that was fetched before hitting the final DOWNLOAD_URL. | |
184 DOWNLOAD_REDIRECT = 1; | |
185 // The final top-level URL of the tab that triggered the download. | |
186 TAB_URL = 2; | |
187 // A redirect URL thas was fetched before hitting the final TAB_URL. | |
188 TAB_REDIRECT = 3; | |
189 // The document URL for a PPAPI plugin instance that initiated the download. | |
190 // This is the document.url for the container element for the plugin | |
191 // instance. | |
192 PPAPI_DOCUMENT = 4; | |
193 // The plugin URL for a PPAPI plugin instance that initiated the download. | |
194 PPAPI_PLUGIN = 5; | |
195 } | |
196 | |
197 message Resource { | |
198 required string url = 1; | |
199 required ResourceType type = 2; | |
200 optional bytes remote_ip = 3; | |
201 // This will only be set if the referrer is available and if the | |
202 // resource type is either TAB_URL or DOWNLOAD_URL. | |
203 optional string referrer = 4; | |
204 | |
205 // TODO(noelutz): add the transition type? | |
206 } | |
207 | |
208 // This repeated field will store all the redirects as well as the | |
209 // final URLs for the top-level tab URL (i.e., the URL that | |
210 // triggered the download) as well as for the download URL itself. | |
211 repeated Resource resources = 4; | |
212 | |
213 // A trust chain of certificates. Each chain begins with the signing | |
214 // certificate of the binary, and ends with a self-signed certificate, | |
215 // typically from a trusted root CA. This structure is analogous to | |
216 // CERT_CHAIN_CONTEXT on Windows. | |
217 message CertificateChain { | |
218 // A single link in the chain. | |
219 message Element { | |
220 // DER-encoded X.509 representation of the certificate. | |
221 optional bytes certificate = 1; | |
222 // Fields 2 - 7 are only used on the server. | |
223 } | |
224 repeated Element element = 1; | |
225 } | |
226 | |
227 // This is an OS X only message to report extended attribute informations. | |
228 // Extended attributes on OS X are used for various security mechanisms, | |
229 // which makes them interesting to Chrome. | |
230 message ExtendedAttr { | |
231 // This is the name of the extended attribute. | |
232 required string key = 1; | |
233 // This is the value of the extended attribute. | |
234 optional bytes value = 2; | |
235 } | |
236 | |
237 message SignatureInfo { | |
238 // All certificate chains for each of the binary's signers. Multiple chains | |
239 // may be present if the binary or any certificate has multiple signers. | |
240 // Absence of certificate chains does not imply that the binary is not | |
241 // signed (in that case, SignedData blobs extracted from the binary may be | |
242 // preset), but does mean that trust has not been verified. | |
243 repeated CertificateChain certificate_chain = 1; | |
244 | |
245 // True if the signature was trusted on the client. | |
246 optional bool trusted = 2; | |
247 | |
248 // On Windows, PKCS#7 SignedData blobs extracted from a portable executable | |
249 // image's attribute certificate table. The presence of these does not imply | |
250 // that the signatures were deemed trusted by the client. | |
251 // On Mac, this is the code signature blob referenced by the | |
252 // LC_CODE_SIGNATURE load command. | |
253 repeated bytes signed_data = 3; | |
254 | |
255 // On OS X, code signing data can be contained in the extended attributes of | |
256 // a file. As Gatekeeper respects this signature, we look for it and collect | |
257 // it. | |
258 repeated ExtendedAttr xattr = 4; | |
259 } | |
260 | |
261 // This field will only be set if the binary is signed. | |
262 optional SignatureInfo signature = 5; | |
263 | |
264 // True if the download was user initiated. | |
265 optional bool user_initiated = 6; | |
266 | |
267 // Fields 7 and 8 are only used on the server. | |
268 | |
269 // Name of the file where the download would be stored if the | |
270 // download completes. E.g., "bla.exe". | |
271 optional string file_basename = 9; | |
272 | |
273 // Starting with Chrome M19 we're also sending back pings for Chrome | |
274 // extensions that get downloaded by users. | |
275 enum DownloadType { | |
276 WIN_EXECUTABLE = 0; // Currently all .exe, .cab and .msi files. | |
277 CHROME_EXTENSION = 1; // .crx files. | |
278 ANDROID_APK = 2; // .apk files. | |
279 // .zip files containing one of the other executable types. | |
280 ZIPPED_EXECUTABLE = 3; | |
281 MAC_EXECUTABLE = 4; // .dmg, .pkg, etc. | |
282 ZIPPED_ARCHIVE = 5; // .zip file containing another archive. | |
283 ARCHIVE = 6; // Archive that doesn't have a specific DownloadType. | |
284 // A .zip that Chrome failed to unpack to the point of finding exe/zips. | |
285 INVALID_ZIP = 7; | |
286 // A .dmg, .pkg, etc, that Chrome failed to unpack to the point of finding | |
287 // Mach O's. | |
288 INVALID_MAC_ARCHIVE = 8; | |
289 // A download request initiated via PPAPI. Typically the requestor is | |
290 // a Flash applet. | |
291 PPAPI_SAVE_REQUEST = 9; | |
292 // A file we don't support, but we've decided to sample and send | |
293 // a light-ping. | |
294 SAMPLED_UNSUPPORTED_FILE = 10; | |
295 } | |
296 optional DownloadType download_type = 10 [default = WIN_EXECUTABLE]; | |
297 | |
298 // Locale of the device, eg en, en_US. | |
299 optional string locale = 11; | |
300 | |
301 message PEImageHeaders { | |
302 // IMAGE_DOS_HEADER. | |
303 optional bytes dos_header = 1; | |
304 // IMAGE_FILE_HEADER. | |
305 optional bytes file_header = 2; | |
306 // IMAGE_OPTIONAL_HEADER32. Present only for 32-bit PE images. | |
307 optional bytes optional_headers32 = 3; | |
308 // IMAGE_OPTIONAL_HEADER64. Present only for 64-bit PE images. | |
309 optional bytes optional_headers64 = 4; | |
310 // IMAGE_SECTION_HEADER. | |
311 repeated bytes section_header = 5; | |
312 // Contents of the .edata section. | |
313 optional bytes export_section_data = 6; | |
314 | |
315 message DebugData { | |
316 // IMAGE_DEBUG_DIRECTORY. | |
317 optional bytes directory_entry = 1; | |
318 optional bytes raw_data = 2; | |
319 } | |
320 | |
321 repeated DebugData debug_data = 7; | |
322 } | |
323 | |
324 message MachOHeaders { | |
325 // The mach_header or mach_header_64 struct. | |
326 required bytes mach_header = 1; | |
327 | |
328 message LoadCommand { | |
329 // |command_id| is the first uint32 of |command| as well, but is | |
330 // extracted for easier processing. | |
331 required uint32 command_id = 1; | |
332 // The entire data stream of the load command. | |
333 required bytes command = 2; | |
334 } | |
335 | |
336 // All the load commands of the Mach-O file. | |
337 repeated LoadCommand load_commands = 2; | |
338 } | |
339 | |
340 message ImageHeaders { | |
341 // Windows Portable Executable image headers. | |
342 optional PEImageHeaders pe_headers = 1; | |
343 | |
344 // OS X Mach-O image headers. | |
345 repeated MachOHeaders mach_o_headers = 2; | |
346 }; | |
347 | |
348 // Fields 12-17 are reserved for server-side use and are never sent by the | |
349 // client. | |
350 | |
351 optional ImageHeaders image_headers = 18; | |
352 | |
353 // Fields 19-21 are reserved for server-side use and are never sent by the | |
354 // client. | |
355 | |
356 // A binary contained in an archive (e.g., a .zip archive). | |
357 message ArchivedBinary { | |
358 optional string file_basename = 1; | |
359 optional DownloadType download_type = 2; | |
360 optional Digests digests = 3; | |
361 optional int64 length = 4; | |
362 optional SignatureInfo signature = 5; | |
363 optional ImageHeaders image_headers = 6; | |
364 } | |
365 | |
366 repeated ArchivedBinary archived_binary = 22; | |
367 | |
368 // Population that the reporting user is part of. | |
369 optional ChromeUserPopulation population = 24; | |
370 | |
371 // True if the .zip or DMG, etc, was 100% successfully unpacked. | |
372 optional bool archive_valid = 26; | |
373 | |
374 // True if this ClientDownloadRequest is from a whitelisted domain. | |
375 optional bool skipped_url_whitelist = 28; | |
376 | |
377 // True if this ClientDownloadRequest contains a whitelisted certificate. | |
378 optional bool skipped_certificate_whitelist = 31; | |
379 | |
380 // PPAPI_SAVE_REQUEST type messages may have more than one suggested filetype. | |
381 // Each element in this collection indicates an alternate extension including | |
382 // the leading extension separator. | |
383 repeated string alternate_extensions = 35; | |
384 | |
385 // URLs transitions from landing referrer to download in reverse chronological | |
386 // order, i.e. download url comes first in this list, and landing referrer | |
387 // comes last. | |
388 repeated ReferrerChainEntry referrer_chain = 36; | |
389 | |
390 // Whether DownloadAttribution Finch experiment is enabled for this ping. | |
391 optional bool download_attribution_finch_enabled = 39; | |
392 } | |
393 | |
394 message ReferrerChainEntry { | |
395 enum URLType { | |
396 DOWNLOAD_URL = 1; | |
397 LANDING_PAGE = 2; | |
398 LANDING_REFERRER = 3; | |
399 CLIENT_REDIRECT = 4; | |
400 DEPRECATED_SERVER_REDIRECT = 5; // Deprecated | |
401 } | |
402 | |
403 message ServerRedirect { | |
404 // [required] server redirect url | |
405 optional string url = 1; | |
406 | |
407 // Additional fields for future expansion. | |
408 } | |
409 | |
410 // [required] The url of this Entry. | |
411 optional string url = 1; | |
412 | |
413 // Only set if it is different from |url|. | |
414 optional string main_frame_url = 9; | |
415 | |
416 // Type of URLs, such as download url, download referrer, etc. | |
417 optional URLType type = 2 [default = CLIENT_REDIRECT]; | |
418 | |
419 // IP addresses corresponding to this host. | |
420 repeated string ip_addresses = 3; | |
421 | |
422 // Referrer url of this entry. | |
423 optional string referrer_url = 4; | |
424 | |
425 // Main frame URL of referrer. | |
426 // Only set if it is different from |referrer_url|. | |
427 optional string referrer_main_frame_url = 5; | |
428 | |
429 // If this URL loads in a different tab/frame from previous one. | |
430 optional bool is_retargeting = 6; | |
431 | |
432 optional double navigation_time_msec = 7; | |
433 | |
434 // Set only if server redirects happened in navigation. | |
435 // The first entry in |server_redirect_chain| should be the original request | |
436 // url, and the last entry should be the same as |url|. | |
437 repeated ServerRedirect server_redirect_chain = 8; | |
438 } // End of ReferrerChainEntry | |
439 | |
440 message ClientDownloadResponse { | |
441 enum Verdict { | |
442 // Download is considered safe. | |
443 SAFE = 0; | |
444 // Download is considered dangerous. Chrome should show a warning to the | |
445 // user. | |
446 DANGEROUS = 1; | |
447 // Download is uncommon. Chrome should display a less severe warning. | |
448 UNCOMMON = 2; | |
449 // The download is potentially unwanted. | |
450 POTENTIALLY_UNWANTED = 3; | |
451 // The download is from a dangerous host. | |
452 DANGEROUS_HOST = 4; | |
453 // The backend doesn't have confidence in its verdict of this file. | |
454 // Chrome should show the default warning if configured for this file type. | |
455 UNKNOWN = 5; | |
456 } | |
457 optional Verdict verdict = 1 [default = SAFE]; | |
458 | |
459 message MoreInfo { | |
460 // A human-readable string describing the nature of the warning. | |
461 // Only if verdict != SAFE. Localized based on request.locale. | |
462 optional string description = 1; | |
463 | |
464 // A URL to get more information about this warning, if available. | |
465 optional string url = 2; | |
466 } | |
467 optional MoreInfo more_info = 2; | |
468 | |
469 // An arbitrary token that should be sent along for further server requests. | |
470 optional bytes token = 3; | |
471 | |
472 // Whether the server requests that this binary be uploaded. | |
473 optional bool upload = 5; | |
474 } | |
475 | |
476 // The following protocol buffer holds the feedback report gathered | |
477 // from the user regarding the download. | |
478 message ClientDownloadReport { | |
479 // The information of user who provided the feedback. | |
480 // This is going to be useful for handling appeals. | |
481 message UserInformation { | |
482 optional string email = 1; | |
483 } | |
484 | |
485 enum Reason { | |
486 SHARE = 0; | |
487 FALSE_POSITIVE = 1; | |
488 APPEAL = 2; | |
489 } | |
490 | |
491 // The type of feedback for this report. | |
492 optional Reason reason = 1; | |
493 | |
494 // The original download ping | |
495 optional ClientDownloadRequest download_request = 2; | |
496 | |
497 // Stores the information of the user who provided the feedback. | |
498 optional UserInformation user_information = 3; | |
499 | |
500 // Unstructed comments provided by the user. | |
501 optional bytes comment = 4; | |
502 | |
503 // The original download response sent from the verdict server. | |
504 optional ClientDownloadResponse download_response = 5; | |
505 } | |
506 | |
507 // This is used to send back upload status to the client after upload completion | |
508 message ClientUploadResponse { | |
509 enum UploadStatus { | |
510 // The upload was successful and a complete response can be expected | |
511 SUCCESS = 0; | |
512 | |
513 // The upload was unsuccessful and the response is incomplete. | |
514 UPLOAD_FAILURE = 1; | |
515 } | |
516 | |
517 // Holds the upload status | |
518 optional UploadStatus status = 1; | |
519 | |
520 // Holds the permalink where the results of scanning the binary are available | |
521 optional string permalink = 2; | |
522 } | |
523 | |
524 message ClientIncidentReport { | |
525 message IncidentData { | |
526 message TrackedPreferenceIncident { | |
527 enum ValueState { | |
528 UNKNOWN = 0; | |
529 CLEARED = 1; | |
530 WEAK_LEGACY_OBSOLETE = 2; | |
531 CHANGED = 3; | |
532 UNTRUSTED_UNKNOWN_VALUE = 4; | |
533 BYPASS_CLEARED = 5; | |
534 BYPASS_CHANGED = 6; | |
535 } | |
536 | |
537 optional string path = 1; | |
538 optional string atomic_value = 2; | |
539 repeated string split_key = 3; | |
540 optional ValueState value_state = 4; | |
541 } | |
542 | |
543 message BinaryIntegrityIncident { | |
544 optional string file_basename = 1; | |
545 optional ClientDownloadRequest.SignatureInfo signature = 2; | |
546 optional ClientDownloadRequest.ImageHeaders image_headers = 3; | |
547 optional int32 sec_error = 4; | |
548 | |
549 message ContainedFile { | |
550 optional string relative_path = 1; | |
551 optional ClientDownloadRequest.SignatureInfo signature = 2; | |
552 optional ClientDownloadRequest.ImageHeaders image_headers = 3; | |
553 } | |
554 repeated ContainedFile contained_file = 5; | |
555 } | |
556 | |
557 message BlacklistLoadIncident { | |
558 optional string path = 1; | |
559 optional ClientDownloadRequest.Digests digest = 2; | |
560 optional string version = 3; | |
561 optional bool blacklist_initialized = 4; | |
562 optional ClientDownloadRequest.SignatureInfo signature = 5; | |
563 optional ClientDownloadRequest.ImageHeaders image_headers = 6; | |
564 } | |
565 message VariationsSeedSignatureIncident { | |
566 optional string variations_seed_signature = 1; | |
567 } | |
568 message ResourceRequestIncident { | |
569 enum Type { | |
570 UNKNOWN = 0; | |
571 TYPE_PATTERN = 3; | |
572 } | |
573 optional bytes digest = 1; | |
574 optional string origin = 2; | |
575 optional Type type = 3 [default = UNKNOWN]; | |
576 } | |
577 message SuspiciousModuleIncident { | |
578 optional string path = 1; | |
579 optional ClientDownloadRequest.Digests digest = 2; | |
580 optional string version = 3; | |
581 optional ClientDownloadRequest.SignatureInfo signature = 4; | |
582 optional ClientDownloadRequest.ImageHeaders image_headers = 5; | |
583 } | |
584 optional int64 incident_time_msec = 1; | |
585 optional TrackedPreferenceIncident tracked_preference = 2; | |
586 optional BinaryIntegrityIncident binary_integrity = 3; | |
587 optional BlacklistLoadIncident blacklist_load = 4; | |
588 // Note: skip tag 5 because it was previously used. | |
589 optional VariationsSeedSignatureIncident variations_seed_signature = 6; | |
590 optional ResourceRequestIncident resource_request = 7; | |
591 optional SuspiciousModuleIncident suspicious_module = 8; | |
592 } | |
593 | |
594 repeated IncidentData incident = 1; | |
595 | |
596 message DownloadDetails { | |
597 optional bytes token = 1; | |
598 optional ClientDownloadRequest download = 2; | |
599 optional int64 download_time_msec = 3; | |
600 optional int64 open_time_msec = 4; | |
601 } | |
602 | |
603 optional DownloadDetails download = 2; | |
604 | |
605 message EnvironmentData { | |
606 message OS { | |
607 optional string os_name = 1; | |
608 optional string os_version = 2; | |
609 | |
610 message RegistryValue { | |
611 optional string name = 1; | |
612 optional uint32 type = 2; | |
613 optional bytes data = 3; | |
614 } | |
615 | |
616 message RegistryKey { | |
617 optional string name = 1; | |
618 repeated RegistryValue value = 2; | |
619 repeated RegistryKey key = 3; | |
620 } | |
621 | |
622 repeated RegistryKey registry_key = 3; | |
623 | |
624 optional bool is_enrolled_to_domain = 4; | |
625 } | |
626 optional OS os = 1; | |
627 message Machine { | |
628 optional string cpu_architecture = 1; | |
629 optional string cpu_vendor = 2; | |
630 optional uint32 cpuid = 3; | |
631 } | |
632 optional Machine machine = 2; | |
633 message Process { | |
634 optional string version = 1; | |
635 repeated string OBSOLETE_dlls = 2; | |
636 message Patch { | |
637 optional string function = 1; | |
638 optional string target_dll = 2; | |
639 } | |
640 repeated Patch patches = 3; | |
641 message NetworkProvider {} | |
642 repeated NetworkProvider network_providers = 4; | |
643 enum Channel { | |
644 CHANNEL_UNKNOWN = 0; | |
645 CHANNEL_CANARY = 1; | |
646 CHANNEL_DEV = 2; | |
647 CHANNEL_BETA = 3; | |
648 CHANNEL_STABLE = 4; | |
649 } | |
650 optional Channel chrome_update_channel = 5; | |
651 optional int64 uptime_msec = 6; | |
652 optional bool metrics_consent = 7; | |
653 // Obsolete: extended consent is now required for incident reporting. | |
654 optional bool OBSOLETE_extended_consent = 8; | |
655 message Dll { | |
656 enum Feature { | |
657 UNKNOWN = 0; | |
658 LSP = 1; | |
659 } | |
660 optional string path = 1; | |
661 optional uint64 base_address = 2; | |
662 optional uint32 length = 3; | |
663 repeated Feature feature = 4; | |
664 optional ClientDownloadRequest.ImageHeaders image_headers = 5; | |
665 } | |
666 repeated Dll dll = 9; | |
667 repeated string blacklisted_dll = 10; | |
668 message ModuleState { | |
669 enum ModifiedState { | |
670 UNKNOWN = 0; | |
671 MODULE_STATE_UNKNOWN = 1; | |
672 MODULE_STATE_UNMODIFIED = 2; | |
673 MODULE_STATE_MODIFIED = 3; | |
674 } | |
675 optional string name = 1; | |
676 optional ModifiedState modified_state = 2; | |
677 repeated string OBSOLETE_modified_export = 3; | |
678 | |
679 message Modification { | |
680 optional uint32 file_offset = 1; | |
681 optional int32 byte_count = 2; | |
682 optional bytes modified_bytes = 3; | |
683 optional string export_name = 4; | |
684 } | |
685 repeated Modification modification = 4; | |
686 } | |
687 repeated ModuleState module_state = 11; | |
688 // Obsolete: field trials no longer enable incident reporting. | |
689 optional bool OBSOLETE_field_trial_participant = 12; | |
690 } | |
691 optional Process process = 3; | |
692 } | |
693 | |
694 message ExtensionData { | |
695 message ExtensionInfo { | |
696 enum ExtensionState { | |
697 STATE_UNKNOWN = 0; | |
698 STATE_ENABLED = 1; | |
699 STATE_DISABLED = 2; | |
700 STATE_BLACKLISTED = 3; | |
701 STATE_BLOCKED = 4; | |
702 STATE_TERMINATED = 5; | |
703 } | |
704 | |
705 optional string id = 1; | |
706 optional string version = 2; | |
707 optional string name = 3; | |
708 optional string description = 4; | |
709 optional ExtensionState state = 5 [default = STATE_UNKNOWN]; | |
710 optional int32 type = 6; | |
711 optional string update_url = 7; | |
712 optional bool has_signature_validation = 8; | |
713 optional bool signature_is_valid = 9; | |
714 optional bool installed_by_custodian = 10; | |
715 optional bool installed_by_default = 11; | |
716 optional bool installed_by_oem = 12; | |
717 optional bool from_bookmark = 13; | |
718 optional bool from_webstore = 14; | |
719 optional bool converted_from_user_script = 15; | |
720 optional bool may_be_untrusted = 16; | |
721 optional int64 install_time_msec = 17; | |
722 optional int32 manifest_location_type = 18; | |
723 optional string manifest = 19; | |
724 } | |
725 | |
726 optional ExtensionInfo last_installed_extension = 1; | |
727 } | |
728 | |
729 optional EnvironmentData environment = 3; | |
730 | |
731 // Population that the reporting user is part of. | |
732 optional ChromeUserPopulation population = 7; | |
733 | |
734 optional ExtensionData extension_data = 8; | |
735 | |
736 message NonBinaryDownloadDetails { | |
737 optional string file_type = 1; | |
738 optional bytes url_spec_sha256 = 2; | |
739 optional string host = 3; | |
740 optional int64 length = 4; | |
741 } | |
742 | |
743 optional NonBinaryDownloadDetails non_binary_download = 9; | |
744 } | |
745 | |
746 message ClientIncidentResponse { | |
747 optional bytes token = 1; | |
748 optional bool download_requested = 2; | |
749 | |
750 message EnvironmentRequest { optional int32 dll_index = 1; } | |
751 | |
752 repeated EnvironmentRequest environment_requests = 3; | |
753 } | |
754 | |
755 message DownloadMetadata { | |
756 optional uint32 download_id = 1; | |
757 | |
758 optional ClientIncidentReport.DownloadDetails download = 2; | |
759 } | |
760 | |
761 // A Detailed Safebrowsing Report from clients. Chrome safebrowsing reports are | |
762 // only sent by Chrome users who have opted into extended Safe Browsing. | |
763 // This proto is replacing ClientMalwareReportRequest. | |
764 // Next tag: 17 | |
765 message ClientSafeBrowsingReportRequest { | |
766 // Note: A lot of the "optional" fields would make sense to be | |
767 // "required" instead. However, having them as optional allows the | |
768 // clients to send "stripped down" versions of the message in the | |
769 // future, if we want to. | |
770 | |
771 enum ReportType { | |
772 UNKNOWN = 0; | |
773 URL_PHISHING = 1; | |
774 URL_MALWARE = 2; | |
775 URL_UNWANTED = 3; | |
776 CLIENT_SIDE_PHISHING_URL = 4; | |
777 CLIENT_SIDE_MALWARE_URL = 5; | |
778 DANGEROUS_DOWNLOAD_RECOVERY = 6; | |
779 DANGEROUS_DOWNLOAD_WARNING = 7; | |
780 DANGEROUS_DOWNLOAD_BY_API = 10; | |
781 } | |
782 | |
783 message HTTPHeader { | |
784 required bytes name = 1; | |
785 optional bytes value = 2; | |
786 } | |
787 | |
788 message HTTPRequest { | |
789 message FirstLine { | |
790 optional bytes verb = 1; | |
791 optional bytes uri = 2; | |
792 optional bytes version = 3; | |
793 } | |
794 | |
795 optional FirstLine firstline = 1; | |
796 repeated HTTPHeader headers = 2; | |
797 optional bytes body = 3; | |
798 | |
799 // bodydigest and bodylength can be useful if the report does not | |
800 // contain the body itself. | |
801 optional bytes bodydigest = 4; // 32-byte hex md5 digest of body. | |
802 optional int32 bodylength = 5; // length of body. | |
803 } | |
804 | |
805 message HTTPResponse { | |
806 message FirstLine { | |
807 optional int32 code = 1; | |
808 optional bytes reason = 2; | |
809 optional bytes version = 3; | |
810 } | |
811 | |
812 optional FirstLine firstline = 1; | |
813 repeated HTTPHeader headers = 2; | |
814 optional bytes body = 3; | |
815 optional bytes bodydigest = 4; // 32-byte hex md5 digest of body. | |
816 optional int32 bodylength = 5; // length of body. | |
817 optional bytes remote_ip = 6; // IP of the server. | |
818 } | |
819 | |
820 message Resource { | |
821 required int32 id = 1; | |
822 optional string url = 2; | |
823 optional HTTPRequest request = 3; | |
824 optional HTTPResponse response = 4; | |
825 optional int32 parent_id = 5; | |
826 repeated int32 child_ids = 6; | |
827 optional string tag_name = 7; | |
828 } | |
829 | |
830 optional ReportType type = 10; | |
831 | |
832 // Only set if ReportType is DANGEROUS_DOWNLOAD_RECOVERY, | |
833 // DANGEROUS_DOWNLOAD_WARNING or DANGEROUS_DOWNLOAD_BY_API. | |
834 optional ClientDownloadResponse.Verdict download_verdict = 11; | |
835 | |
836 // URL of the page in the address bar. | |
837 optional string url = 1; | |
838 optional string page_url = 2; | |
839 optional string referrer_url = 3; | |
840 | |
841 repeated Resource resources = 4; | |
842 | |
843 // Contains the hierarchy of elements on the page (ie: the DOM). Some | |
844 // elements can be Resources and will refer to the resources list (above). | |
845 repeated HTMLElement dom = 16; | |
846 | |
847 // Whether the report is complete. | |
848 optional bool complete = 5; | |
849 | |
850 // The ASN and country of the client IP. These fields are filled up by | |
851 // csd_frontend | |
852 repeated string client_asn = 6; | |
853 optional string client_country = 7; | |
854 | |
855 // Whether user chose to proceed. | |
856 optional bool did_proceed = 8; | |
857 | |
858 // Whether user visited this origin before. | |
859 optional bool repeat_visit = 9; | |
860 | |
861 // The same token in ClientDownloadResponse. This field is only set if its | |
862 // report type is DANGEROUS_DOWNLOAD_RECOVERY, DANGEROUS_DOWNLOAD_WARNING or | |
863 // DANGEROUS_DOWNLOAD_BY_API. | |
864 optional bytes token = 15; | |
865 } | |
866 | |
867 // An HTML Element on the page (eg: iframe, div, script, etc). | |
868 message HTMLElement { | |
869 // Id of this element. | |
870 optional int32 id = 1; | |
871 | |
872 // The tag type of this element (eg: iframe, div, script, etc). | |
873 optional string tag = 2; | |
874 | |
875 // IDs of elements that are children of this element. | |
876 repeated int32 child_ids = 3; | |
877 | |
878 // If this element represents a Resource then this is the id of the | |
879 // Resource, which contains additional data about the Resource. Otherwise | |
880 // unset. | |
881 optional int32 resource_id = 5; | |
882 | |
883 // An Attribute of the element (eg: id, border, foo etc) and its value. | |
884 message Attribute { | |
885 optional string name = 1; | |
886 optional string value = 2; | |
887 } | |
888 repeated Attribute attribute = 6; | |
889 } | |
890 | |
891 // Canonical representation of raster image data. | |
892 message ImageData { | |
893 // Image bitmap, after downscaling to <= 512x512. | |
894 optional bytes data = 1; | |
895 | |
896 // Encoding scheme for the bitmap. | |
897 optional string mime_type = 2; | |
898 | |
899 message Dimensions { | |
900 optional int32 width = 1; | |
901 optional int32 height = 2; | |
902 } | |
903 | |
904 // Dimensions of the image stored in |data|. | |
905 optional Dimensions dimensions = 3; | |
906 optional Dimensions original_dimensions = 4; // iff downscaled | |
907 } | |
908 | |
909 // Reporting protobuf for an image served as part of a browser notification. | |
910 // There is no response (an empty body) to this request. | |
911 message NotificationImageReportRequest { | |
912 optional string notification_origin = 1; // Src-origin of the notification. | |
913 optional ImageData image = 2; // The bitmap of the image. | |
914 | |
915 // Note that the image URL is deliberately omitted as it would be untrusted, | |
916 // since the notification image fetch may be intercepted by a Service Worker | |
917 // (even if the image URL is cross-origin). Otherwise a website could mislead | |
918 // Safe Browsing into associating phishing image bitmaps with safe image URLs. | |
919 } | |
OLD | NEW |