OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 // | |
5 // This proto file includes: | |
6 // (1) Client side phishing and malware detection request and response | |
7 // protocol buffers. Those protocol messages should be kept in sync | |
8 // with the server implementation. | |
9 // | |
10 // (2) Safe Browsing reporting protocol buffers. | |
11 // A ClientSafeBrowsingReportRequest is sent when a user opts-in to | |
12 // sending detailed threat reports from the safe browsing interstitial page. | |
13 // It is a list of Resource messages, which may contain the url of a | |
14 // resource such as the page in the address bar or any other resource | |
15 // that was loaded for this page. | |
16 // In addition to the url, a resource can contain HTTP request and response | |
17 // headers and bodies. | |
18 // | |
19 // If you want to change this protocol definition or you have questions | |
20 // regarding its format please contact chrome-anti-phishing@googlegroups.com. | |
21 | |
22 syntax = "proto2"; | |
23 | |
24 option optimize_for = LITE_RUNTIME; | |
25 | |
26 package safe_browsing; | |
27 | |
28 // Protocol buffer describing the Chrome user population of the user reporting | |
29 // data. | |
30 message ChromeUserPopulation { | |
31 enum UserPopulation { | |
32 UNKNOWN_USER_POPULATION = 0; | |
33 SAFE_BROWSING = 1; | |
34 EXTENDED_REPORTING = 2; | |
35 } | |
36 optional UserPopulation user_population = 1; | |
37 } | |
38 | |
39 | |
40 message ClientPhishingRequest { | |
41 // URL that the client visited. The CGI parameters are stripped by the | |
42 // client. | |
43 optional string url = 1; | |
44 | |
45 // A 5-byte SHA-256 hash prefix of the URL. Before hashing the URL is | |
46 // canonicalized, converted to a suffix-prefix expression and broadened | |
47 // (www prefix is removed and everything past the last '/' is stripped). | |
48 // | |
49 // Marked OBSOLETE because the URL is sent for all users, making the hash | |
50 // prefix unnecessary. | |
51 optional bytes OBSOLETE_hash_prefix = 10; | |
52 | |
53 // Score that was computed on the client. Value is between 0.0 and 1.0. | |
54 // The larger the value the more likely the url is phishing. | |
55 required float client_score = 2; | |
56 | |
57 // Note: we're skipping tag 3 because it was previously used. | |
58 | |
59 // Is true if the features for this URL were classified as phishing. | |
60 // Currently, this will always be true for all client-phishing requests | |
61 // that are sent to the server. | |
62 optional bool is_phishing = 4; | |
63 | |
64 message Feature { | |
65 // Feature name. E.g., 'PageHasForms'. | |
66 required string name = 1; | |
67 | |
68 // Feature value is always in the range [0.0, 1.0]. Boolean features | |
69 // have value 1.0. | |
70 required double value = 2; | |
71 } | |
72 | |
73 // List of features that were extracted. Those are the features that were | |
74 // sent to the scorer and which resulted in client_score being computed. | |
75 repeated Feature feature_map = 5; | |
76 | |
77 // The version number of the model that was used to compute the client-score. | |
78 // Copied from ClientSideModel.version(). | |
79 optional int32 model_version = 6; | |
80 | |
81 // Field 7 is only used on the server. | |
82 | |
83 // List of features that are extracted in the client but are not used in the | |
84 // machine learning model. | |
85 repeated Feature non_model_feature_map = 8; | |
86 | |
87 // The referrer URL. This field might not be set, for example, in the case | |
88 // where the referrer uses HTTPs. | |
89 // OBSOLETE: Use feature 'Referrer=<referrer>' instead. | |
90 optional string OBSOLETE_referrer_url = 9; | |
91 | |
92 // Field 11 is only used on the server. | |
93 | |
94 // List of shingle hashes we extracted. | |
95 repeated uint32 shingle_hashes = 12 [packed = true]; | |
96 | |
97 // The model filename (basename) that was used by the client. | |
98 optional string model_filename = 13; | |
99 | |
100 // Population that the reporting user is part of. | |
101 optional ChromeUserPopulation population = 14; | |
102 } | |
103 | |
104 message ClientPhishingResponse { | |
105 required bool phishy = 1; | |
106 | |
107 // A list of SafeBrowsing host-suffix / path-prefix expressions that | |
108 // are whitelisted. The client must match the current top-level URL | |
109 // against these whitelisted expressions and only apply a positive | |
110 // phishing verdict above if the URL does not match any expression | |
111 // on this whitelist. The client must not cache these whitelisted | |
112 // expressions. This whitelist will be empty for the vast majority | |
113 // of the responses but might contain up to 100 entries in emergency | |
114 // situations. | |
115 // | |
116 // Marked OBSOLETE because the URL is sent for all users, so the server | |
117 // can do whitelist matching. | |
118 repeated string OBSOLETE_whitelist_expression = 2; | |
119 } | |
120 | |
121 message ClientMalwareRequest { | |
122 // URL that the client visited. The CGI parameters are stripped by the | |
123 // client. | |
124 required string url = 1; | |
125 | |
126 // Field 2 is deleted and no longer in use. | |
127 | |
128 // Field 3 is only used on the server. | |
129 | |
130 // The referrer URL. This field might not be set, for example, in the case | |
131 // where the referrer uses HTTPS. | |
132 optional string referrer_url = 4; | |
133 | |
134 // Field 5 and 6 are only used on the server. | |
135 | |
136 message UrlInfo { | |
137 required string ip = 1; | |
138 required string url = 2; | |
139 optional string method = 3; | |
140 optional string referrer = 4; | |
141 // Resource type, the int value is a direct cast from the Type enum | |
142 // of ResourceType class defined in //src/webkit/commom/resource_type.h | |
143 optional int32 resource_type = 5; | |
144 } | |
145 | |
146 // List of resource urls that match the malware IP list. | |
147 repeated UrlInfo bad_ip_url_info = 7; | |
148 | |
149 // Population that the reporting user is part of. | |
150 optional ChromeUserPopulation population = 9; | |
151 } | |
152 | |
153 // The message is used for client request to determine whether the provided URL | |
154 // is safe for the purposes of entering user credentials for logging in. | |
155 message LoginReputationClientRequest { | |
156 // The top level frame URL of the webpage that hosts the login form. | |
157 // The client will strip CGI parameters. | |
158 optional string page_url = 1; | |
159 | |
160 // Type for the request. | |
161 // It could be low reputation request or password reuse request. | |
162 enum TriggerType { | |
163 TRIGGER_TYPE_UNSPECIFIED = 0; | |
164 UNFAMILIAR_LOGIN_PAGE = 1; | |
165 PASSWORD_REUSE_EVENT = 2; | |
166 } | |
167 optional TriggerType trigger_type = 2; | |
168 | |
169 // The message contains features which can describe a frame. A frame can be | |
170 // a top level web page or an iframe. | |
171 message Frame { | |
172 // Id of a frame. The frame whose index = 0 is the top level web page. | |
173 optional int32 frame_index = 1; | |
174 | |
175 // Id of the parent frame. | |
176 optional int32 parent_frame_index = 2; | |
177 | |
178 // Url of the frame. If could be top level url (from web page) or url of | |
179 // the iframe. | |
180 optional string url = 3; | |
181 | |
182 // Whether the frame contains password field. | |
183 optional bool has_password_field = 4; | |
184 | |
185 // URLs transitions in reverse chronological order, i.e. the top level url | |
186 // or the url of the iframe comes first in the list. | |
187 repeated ReferrerChainEntry referrer_chain = 5; | |
188 | |
189 // The message contains features of a form. | |
190 message Form { | |
191 // Action url of the form. | |
192 optional string action_url = 1; | |
193 | |
194 // Whether the form contains password field. | |
195 optional bool has_password_field = 2; | |
196 } | |
197 | |
198 repeated Form forms = 6; | |
199 } | |
200 | |
201 repeated Frame frames = 3; | |
202 | |
203 // The message contains fields needed for a password reuse event. | |
204 message PasswordReuseEvent { | |
205 // Origins that the reused password had been used on. The origins are | |
206 // maintained by Chrome password manager. | |
207 // The field is filled in only when TriggerType is PASSWORD_REUSE_EVENT. | |
208 repeated string password_reused_original_origins = 1; | |
209 | |
210 // The frame that the password reuse is detected. | |
211 optional int32 frame_id = 2; | |
212 } | |
213 | |
214 optional PasswordReuseEvent password_reuse_event = 4; | |
215 | |
216 // The number of verdicts stored on the client. | |
217 optional int32 stored_verdict_cnt = 5; | |
218 } | |
219 | |
220 // The message is used for client response for login reputation requests. | |
221 message LoginReputationClientResponse { | |
222 // Type of verdicts issued by the server. | |
223 enum VerdictType { | |
224 VERDICT_TYPE_UNSPECIFIED = 0; | |
225 // No warning will be displayed. | |
226 SAFE = 1; | |
227 // The site has low reputation or low popularity. | |
228 LOW_REPUTATION = 2; | |
229 // The url matches with blacklist entries. | |
230 PHISHING = 3; | |
231 } | |
232 optional VerdictType verdict_type = 1; | |
233 | |
234 // TTL of the verdict in seconds. | |
235 optional int64 cache_duration_sec = 2; | |
236 | |
237 // A host-suffix/path-prefix expression which defines a collections of pages | |
238 // with common ownership from the same domain. | |
239 // Generally, the pattern is defined on the granularity of domains. | |
240 // For domains managed by multiple parties, especially in the case of large | |
241 // hosting sites (e.g., geocities.com), we further divide the domains. | |
242 // | |
243 // Examples: | |
244 // www.google.com/foo/bar?param=val -> google.com | |
245 // www.geocities.com/foo/bar.html -> geocities.com/foo | |
246 // adwords.blogspot.com/index.html -> adwords.blogspot.com | |
247 // | |
248 // The pattern will always match the page_url of the request, and will be | |
249 // a substring of page_url. | |
250 optional string cache_expression = 3; | |
251 } | |
252 | |
253 message ClientMalwareResponse { | |
254 required bool blacklist = 1; | |
255 // The confirmed blacklisted bad IP and its url, which will be shown in | |
256 // malware warning, if the blacklist verdict is true. | |
257 // This IP string could be either in IPv4 or IPv6 format, which is the same | |
258 // as the ones client sent to server. | |
259 optional string bad_ip = 2; | |
260 optional string bad_url = 3; | |
261 } | |
262 | |
263 message ClientDownloadRequest { | |
264 // The final URL of the download (after all redirects). | |
265 required string url = 1; | |
266 | |
267 // This message contains various binary digests of the download payload. | |
268 message Digests { | |
269 optional bytes sha256 = 1; | |
270 optional bytes sha1 = 2; | |
271 optional bytes md5 = 3; | |
272 } | |
273 required Digests digests = 2; | |
274 | |
275 // This is the length in bytes of the download payload. | |
276 required int64 length = 3; | |
277 | |
278 // Type of the resources stored below. | |
279 enum ResourceType { | |
280 // The final URL of the download payload. The resource URL should | |
281 // correspond to the URL field above. | |
282 DOWNLOAD_URL = 0; | |
283 // A redirect URL that was fetched before hitting the final DOWNLOAD_URL. | |
284 DOWNLOAD_REDIRECT = 1; | |
285 // The final top-level URL of the tab that triggered the download. | |
286 TAB_URL = 2; | |
287 // A redirect URL thas was fetched before hitting the final TAB_URL. | |
288 TAB_REDIRECT = 3; | |
289 // The document URL for a PPAPI plugin instance that initiated the download. | |
290 // This is the document.url for the container element for the plugin | |
291 // instance. | |
292 PPAPI_DOCUMENT = 4; | |
293 // The plugin URL for a PPAPI plugin instance that initiated the download. | |
294 PPAPI_PLUGIN = 5; | |
295 } | |
296 | |
297 message Resource { | |
298 required string url = 1; | |
299 required ResourceType type = 2; | |
300 optional bytes remote_ip = 3; | |
301 // This will only be set if the referrer is available and if the | |
302 // resource type is either TAB_URL or DOWNLOAD_URL. | |
303 optional string referrer = 4; | |
304 | |
305 // TODO(noelutz): add the transition type? | |
306 } | |
307 | |
308 // This repeated field will store all the redirects as well as the | |
309 // final URLs for the top-level tab URL (i.e., the URL that | |
310 // triggered the download) as well as for the download URL itself. | |
311 repeated Resource resources = 4; | |
312 | |
313 // A trust chain of certificates. Each chain begins with the signing | |
314 // certificate of the binary, and ends with a self-signed certificate, | |
315 // typically from a trusted root CA. This structure is analogous to | |
316 // CERT_CHAIN_CONTEXT on Windows. | |
317 message CertificateChain { | |
318 // A single link in the chain. | |
319 message Element { | |
320 // DER-encoded X.509 representation of the certificate. | |
321 optional bytes certificate = 1; | |
322 // Fields 2 - 7 are only used on the server. | |
323 } | |
324 repeated Element element = 1; | |
325 } | |
326 | |
327 // This is an OS X only message to report extended attribute informations. | |
328 // Extended attributes on OS X are used for various security mechanisms, | |
329 // which makes them interesting to Chrome. | |
330 message ExtendedAttr { | |
331 // This is the name of the extended attribute. | |
332 required string key = 1; | |
333 // This is the value of the extended attribute. | |
334 optional bytes value = 2; | |
335 } | |
336 | |
337 message SignatureInfo { | |
338 // All certificate chains for each of the binary's signers. Multiple chains | |
339 // may be present if the binary or any certificate has multiple signers. | |
340 // Absence of certificate chains does not imply that the binary is not | |
341 // signed (in that case, SignedData blobs extracted from the binary may be | |
342 // preset), but does mean that trust has not been verified. | |
343 repeated CertificateChain certificate_chain = 1; | |
344 | |
345 // True if the signature was trusted on the client. | |
346 optional bool trusted = 2; | |
347 | |
348 // On Windows, PKCS#7 SignedData blobs extracted from a portable executable | |
349 // image's attribute certificate table. The presence of these does not imply | |
350 // that the signatures were deemed trusted by the client. | |
351 // On Mac, this is the code signature blob referenced by the | |
352 // LC_CODE_SIGNATURE load command. | |
353 repeated bytes signed_data = 3; | |
354 | |
355 // On OS X, code signing data can be contained in the extended attributes of | |
356 // a file. As Gatekeeper respects this signature, we look for it and collect | |
357 // it. | |
358 repeated ExtendedAttr xattr = 4; | |
359 } | |
360 | |
361 // This field will only be set if the binary is signed. | |
362 optional SignatureInfo signature = 5; | |
363 | |
364 // True if the download was user initiated. | |
365 optional bool user_initiated = 6; | |
366 | |
367 // Fields 7 and 8 are only used on the server. | |
368 | |
369 // Name of the file where the download would be stored if the | |
370 // download completes. E.g., "bla.exe". | |
371 optional string file_basename = 9; | |
372 | |
373 // Starting with Chrome M19 we're also sending back pings for Chrome | |
374 // extensions that get downloaded by users. | |
375 enum DownloadType { | |
376 WIN_EXECUTABLE = 0; // Currently all .exe, .cab and .msi files. | |
377 CHROME_EXTENSION = 1; // .crx files. | |
378 ANDROID_APK = 2; // .apk files. | |
379 // .zip files containing one of the other executable types. | |
380 ZIPPED_EXECUTABLE = 3; | |
381 MAC_EXECUTABLE = 4; // .dmg, .pkg, etc. | |
382 ZIPPED_ARCHIVE = 5; // .zip file containing another archive. | |
383 ARCHIVE = 6; // Archive that doesn't have a specific DownloadType. | |
384 // A .zip that Chrome failed to unpack to the point of finding exe/zips. | |
385 INVALID_ZIP = 7; | |
386 // A .dmg, .pkg, etc, that Chrome failed to unpack to the point of finding | |
387 // Mach O's. | |
388 INVALID_MAC_ARCHIVE = 8; | |
389 // A download request initiated via PPAPI. Typically the requestor is | |
390 // a Flash applet. | |
391 PPAPI_SAVE_REQUEST = 9; | |
392 // A file we don't support, but we've decided to sample and send | |
393 // a light-ping. | |
394 SAMPLED_UNSUPPORTED_FILE = 10; | |
395 } | |
396 optional DownloadType download_type = 10 [default = WIN_EXECUTABLE]; | |
397 | |
398 // Locale of the device, eg en, en_US. | |
399 optional string locale = 11; | |
400 | |
401 message PEImageHeaders { | |
402 // IMAGE_DOS_HEADER. | |
403 optional bytes dos_header = 1; | |
404 // IMAGE_FILE_HEADER. | |
405 optional bytes file_header = 2; | |
406 // IMAGE_OPTIONAL_HEADER32. Present only for 32-bit PE images. | |
407 optional bytes optional_headers32 = 3; | |
408 // IMAGE_OPTIONAL_HEADER64. Present only for 64-bit PE images. | |
409 optional bytes optional_headers64 = 4; | |
410 // IMAGE_SECTION_HEADER. | |
411 repeated bytes section_header = 5; | |
412 // Contents of the .edata section. | |
413 optional bytes export_section_data = 6; | |
414 | |
415 message DebugData { | |
416 // IMAGE_DEBUG_DIRECTORY. | |
417 optional bytes directory_entry = 1; | |
418 optional bytes raw_data = 2; | |
419 } | |
420 | |
421 repeated DebugData debug_data = 7; | |
422 } | |
423 | |
424 message MachOHeaders { | |
425 // The mach_header or mach_header_64 struct. | |
426 required bytes mach_header = 1; | |
427 | |
428 message LoadCommand { | |
429 // |command_id| is the first uint32 of |command| as well, but is | |
430 // extracted for easier processing. | |
431 required uint32 command_id = 1; | |
432 // The entire data stream of the load command. | |
433 required bytes command = 2; | |
434 } | |
435 | |
436 // All the load commands of the Mach-O file. | |
437 repeated LoadCommand load_commands = 2; | |
438 } | |
439 | |
440 message ImageHeaders { | |
441 // Windows Portable Executable image headers. | |
442 optional PEImageHeaders pe_headers = 1; | |
443 | |
444 // OS X Mach-O image headers. | |
445 repeated MachOHeaders mach_o_headers = 2; | |
446 }; | |
447 | |
448 // Fields 12-17 are reserved for server-side use and are never sent by the | |
449 // client. | |
450 | |
451 optional ImageHeaders image_headers = 18; | |
452 | |
453 // Fields 19-21 are reserved for server-side use and are never sent by the | |
454 // client. | |
455 | |
456 // A binary contained in an archive (e.g., a .zip archive). | |
457 message ArchivedBinary { | |
458 optional string file_basename = 1; | |
459 optional DownloadType download_type = 2; | |
460 optional Digests digests = 3; | |
461 optional int64 length = 4; | |
462 optional SignatureInfo signature = 5; | |
463 optional ImageHeaders image_headers = 6; | |
464 } | |
465 | |
466 repeated ArchivedBinary archived_binary = 22; | |
467 | |
468 // Population that the reporting user is part of. | |
469 optional ChromeUserPopulation population = 24; | |
470 | |
471 // True if the .zip or DMG, etc, was 100% successfully unpacked. | |
472 optional bool archive_valid = 26; | |
473 | |
474 // True if this ClientDownloadRequest is from a whitelisted domain. | |
475 optional bool skipped_url_whitelist = 28; | |
476 | |
477 // True if this ClientDownloadRequest contains a whitelisted certificate. | |
478 optional bool skipped_certificate_whitelist = 31; | |
479 | |
480 // PPAPI_SAVE_REQUEST type messages may have more than one suggested filetype. | |
481 // Each element in this collection indicates an alternate extension including | |
482 // the leading extension separator. | |
483 repeated string alternate_extensions = 35; | |
484 | |
485 // URLs transitions from landing referrer to download in reverse chronological | |
486 // order, i.e. download url comes first in this list, and landing referrer | |
487 // comes last. | |
488 repeated ReferrerChainEntry referrer_chain = 36; | |
489 | |
490 // Whether DownloadAttribution Finch experiment is enabled for this ping. | |
491 optional bool download_attribution_finch_enabled = 39; | |
492 } | |
493 | |
494 message ReferrerChainEntry { | |
495 enum URLType { | |
496 DOWNLOAD_URL = 1; | |
497 LANDING_PAGE = 2; | |
498 LANDING_REFERRER = 3; | |
499 CLIENT_REDIRECT = 4; | |
500 DEPRECATED_SERVER_REDIRECT = 5; // Deprecated | |
501 } | |
502 | |
503 message ServerRedirect { | |
504 // [required] server redirect url | |
505 optional string url = 1; | |
506 | |
507 // Additional fields for future expansion. | |
508 } | |
509 | |
510 // [required] The url of this Entry. | |
511 optional string url = 1; | |
512 | |
513 // Only set if it is different from |url|. | |
514 optional string main_frame_url = 9; | |
515 | |
516 // Type of URLs, such as download url, download referrer, etc. | |
517 optional URLType type = 2 [default = CLIENT_REDIRECT]; | |
518 | |
519 // IP addresses corresponding to this host. | |
520 repeated string ip_addresses = 3; | |
521 | |
522 // Referrer url of this entry. | |
523 optional string referrer_url = 4; | |
524 | |
525 // Main frame URL of referrer. | |
526 // Only set if it is different from |referrer_url|. | |
527 optional string referrer_main_frame_url = 5; | |
528 | |
529 // If this URL loads in a different tab/frame from previous one. | |
530 optional bool is_retargeting = 6; | |
531 | |
532 optional double navigation_time_msec = 7; | |
533 | |
534 // Set only if server redirects happened in navigation. | |
535 // The first entry in |server_redirect_chain| should be the original request | |
536 // url, and the last entry should be the same as |url|. | |
537 repeated ServerRedirect server_redirect_chain = 8; | |
538 } // End of ReferrerChainEntry | |
539 | |
540 message ClientDownloadResponse { | |
541 enum Verdict { | |
542 // Download is considered safe. | |
543 SAFE = 0; | |
544 // Download is considered dangerous. Chrome should show a warning to the | |
545 // user. | |
546 DANGEROUS = 1; | |
547 // Download is uncommon. Chrome should display a less severe warning. | |
548 UNCOMMON = 2; | |
549 // The download is potentially unwanted. | |
550 POTENTIALLY_UNWANTED = 3; | |
551 // The download is from a dangerous host. | |
552 DANGEROUS_HOST = 4; | |
553 // The backend doesn't have confidence in its verdict of this file. | |
554 // Chrome should show the default warning if configured for this file type. | |
555 UNKNOWN = 5; | |
556 } | |
557 optional Verdict verdict = 1 [default = SAFE]; | |
558 | |
559 message MoreInfo { | |
560 // A human-readable string describing the nature of the warning. | |
561 // Only if verdict != SAFE. Localized based on request.locale. | |
562 optional string description = 1; | |
563 | |
564 // A URL to get more information about this warning, if available. | |
565 optional string url = 2; | |
566 } | |
567 optional MoreInfo more_info = 2; | |
568 | |
569 // An arbitrary token that should be sent along for further server requests. | |
570 optional bytes token = 3; | |
571 | |
572 // Whether the server requests that this binary be uploaded. | |
573 optional bool upload = 5; | |
574 } | |
575 | |
576 // The following protocol buffer holds the feedback report gathered | |
577 // from the user regarding the download. | |
578 message ClientDownloadReport { | |
579 // The information of user who provided the feedback. | |
580 // This is going to be useful for handling appeals. | |
581 message UserInformation { | |
582 optional string email = 1; | |
583 } | |
584 | |
585 enum Reason { | |
586 SHARE = 0; | |
587 FALSE_POSITIVE = 1; | |
588 APPEAL = 2; | |
589 } | |
590 | |
591 // The type of feedback for this report. | |
592 optional Reason reason = 1; | |
593 | |
594 // The original download ping | |
595 optional ClientDownloadRequest download_request = 2; | |
596 | |
597 // Stores the information of the user who provided the feedback. | |
598 optional UserInformation user_information = 3; | |
599 | |
600 // Unstructed comments provided by the user. | |
601 optional bytes comment = 4; | |
602 | |
603 // The original download response sent from the verdict server. | |
604 optional ClientDownloadResponse download_response = 5; | |
605 } | |
606 | |
607 // This is used to send back upload status to the client after upload completion | |
608 message ClientUploadResponse { | |
609 enum UploadStatus { | |
610 // The upload was successful and a complete response can be expected | |
611 SUCCESS = 0; | |
612 | |
613 // The upload was unsuccessful and the response is incomplete. | |
614 UPLOAD_FAILURE = 1; | |
615 } | |
616 | |
617 // Holds the upload status | |
618 optional UploadStatus status = 1; | |
619 | |
620 // Holds the permalink where the results of scanning the binary are available | |
621 optional string permalink = 2; | |
622 } | |
623 | |
624 message ClientIncidentReport { | |
625 message IncidentData { | |
626 message TrackedPreferenceIncident { | |
627 enum ValueState { | |
628 UNKNOWN = 0; | |
629 CLEARED = 1; | |
630 WEAK_LEGACY_OBSOLETE = 2; | |
631 CHANGED = 3; | |
632 UNTRUSTED_UNKNOWN_VALUE = 4; | |
633 BYPASS_CLEARED = 5; | |
634 BYPASS_CHANGED = 6; | |
635 } | |
636 | |
637 optional string path = 1; | |
638 optional string atomic_value = 2; | |
639 repeated string split_key = 3; | |
640 optional ValueState value_state = 4; | |
641 } | |
642 | |
643 message BinaryIntegrityIncident { | |
644 optional string file_basename = 1; | |
645 optional ClientDownloadRequest.SignatureInfo signature = 2; | |
646 optional ClientDownloadRequest.ImageHeaders image_headers = 3; | |
647 optional int32 sec_error = 4; | |
648 | |
649 message ContainedFile { | |
650 optional string relative_path = 1; | |
651 optional ClientDownloadRequest.SignatureInfo signature = 2; | |
652 optional ClientDownloadRequest.ImageHeaders image_headers = 3; | |
653 } | |
654 repeated ContainedFile contained_file = 5; | |
655 } | |
656 | |
657 message BlacklistLoadIncident { | |
658 optional string path = 1; | |
659 optional ClientDownloadRequest.Digests digest = 2; | |
660 optional string version = 3; | |
661 optional bool blacklist_initialized = 4; | |
662 optional ClientDownloadRequest.SignatureInfo signature = 5; | |
663 optional ClientDownloadRequest.ImageHeaders image_headers = 6; | |
664 } | |
665 message VariationsSeedSignatureIncident { | |
666 optional string variations_seed_signature = 1; | |
667 } | |
668 message ResourceRequestIncident { | |
669 enum Type { | |
670 UNKNOWN = 0; | |
671 TYPE_PATTERN = 3; | |
672 } | |
673 optional bytes digest = 1; | |
674 optional string origin = 2; | |
675 optional Type type = 3 [default = UNKNOWN]; | |
676 } | |
677 message SuspiciousModuleIncident { | |
678 optional string path = 1; | |
679 optional ClientDownloadRequest.Digests digest = 2; | |
680 optional string version = 3; | |
681 optional ClientDownloadRequest.SignatureInfo signature = 4; | |
682 optional ClientDownloadRequest.ImageHeaders image_headers = 5; | |
683 } | |
684 optional int64 incident_time_msec = 1; | |
685 optional TrackedPreferenceIncident tracked_preference = 2; | |
686 optional BinaryIntegrityIncident binary_integrity = 3; | |
687 optional BlacklistLoadIncident blacklist_load = 4; | |
688 // Note: skip tag 5 because it was previously used. | |
689 optional VariationsSeedSignatureIncident variations_seed_signature = 6; | |
690 optional ResourceRequestIncident resource_request = 7; | |
691 optional SuspiciousModuleIncident suspicious_module = 8; | |
692 } | |
693 | |
694 repeated IncidentData incident = 1; | |
695 | |
696 message DownloadDetails { | |
697 optional bytes token = 1; | |
698 optional ClientDownloadRequest download = 2; | |
699 optional int64 download_time_msec = 3; | |
700 optional int64 open_time_msec = 4; | |
701 } | |
702 | |
703 optional DownloadDetails download = 2; | |
704 | |
705 message EnvironmentData { | |
706 message OS { | |
707 optional string os_name = 1; | |
708 optional string os_version = 2; | |
709 | |
710 message RegistryValue { | |
711 optional string name = 1; | |
712 optional uint32 type = 2; | |
713 optional bytes data = 3; | |
714 } | |
715 | |
716 message RegistryKey { | |
717 optional string name = 1; | |
718 repeated RegistryValue value = 2; | |
719 repeated RegistryKey key = 3; | |
720 } | |
721 | |
722 repeated RegistryKey registry_key = 3; | |
723 | |
724 optional bool is_enrolled_to_domain = 4; | |
725 } | |
726 optional OS os = 1; | |
727 message Machine { | |
728 optional string cpu_architecture = 1; | |
729 optional string cpu_vendor = 2; | |
730 optional uint32 cpuid = 3; | |
731 } | |
732 optional Machine machine = 2; | |
733 message Process { | |
734 optional string version = 1; | |
735 repeated string OBSOLETE_dlls = 2; | |
736 message Patch { | |
737 optional string function = 1; | |
738 optional string target_dll = 2; | |
739 } | |
740 repeated Patch patches = 3; | |
741 message NetworkProvider {} | |
742 repeated NetworkProvider network_providers = 4; | |
743 enum Channel { | |
744 CHANNEL_UNKNOWN = 0; | |
745 CHANNEL_CANARY = 1; | |
746 CHANNEL_DEV = 2; | |
747 CHANNEL_BETA = 3; | |
748 CHANNEL_STABLE = 4; | |
749 } | |
750 optional Channel chrome_update_channel = 5; | |
751 optional int64 uptime_msec = 6; | |
752 optional bool metrics_consent = 7; | |
753 // Obsolete: extended consent is now required for incident reporting. | |
754 optional bool OBSOLETE_extended_consent = 8; | |
755 message Dll { | |
756 enum Feature { | |
757 UNKNOWN = 0; | |
758 LSP = 1; | |
759 } | |
760 optional string path = 1; | |
761 optional uint64 base_address = 2; | |
762 optional uint32 length = 3; | |
763 repeated Feature feature = 4; | |
764 optional ClientDownloadRequest.ImageHeaders image_headers = 5; | |
765 } | |
766 repeated Dll dll = 9; | |
767 repeated string blacklisted_dll = 10; | |
768 message ModuleState { | |
769 enum ModifiedState { | |
770 UNKNOWN = 0; | |
771 MODULE_STATE_UNKNOWN = 1; | |
772 MODULE_STATE_UNMODIFIED = 2; | |
773 MODULE_STATE_MODIFIED = 3; | |
774 } | |
775 optional string name = 1; | |
776 optional ModifiedState modified_state = 2; | |
777 repeated string OBSOLETE_modified_export = 3; | |
778 | |
779 message Modification { | |
780 optional uint32 file_offset = 1; | |
781 optional int32 byte_count = 2; | |
782 optional bytes modified_bytes = 3; | |
783 optional string export_name = 4; | |
784 } | |
785 repeated Modification modification = 4; | |
786 } | |
787 repeated ModuleState module_state = 11; | |
788 // Obsolete: field trials no longer enable incident reporting. | |
789 optional bool OBSOLETE_field_trial_participant = 12; | |
790 } | |
791 optional Process process = 3; | |
792 } | |
793 | |
794 message ExtensionData { | |
795 message ExtensionInfo { | |
796 enum ExtensionState { | |
797 STATE_UNKNOWN = 0; | |
798 STATE_ENABLED = 1; | |
799 STATE_DISABLED = 2; | |
800 STATE_BLACKLISTED = 3; | |
801 STATE_BLOCKED = 4; | |
802 STATE_TERMINATED = 5; | |
803 } | |
804 | |
805 optional string id = 1; | |
806 optional string version = 2; | |
807 optional string name = 3; | |
808 optional string description = 4; | |
809 optional ExtensionState state = 5 [default = STATE_UNKNOWN]; | |
810 optional int32 type = 6; | |
811 optional string update_url = 7; | |
812 optional bool has_signature_validation = 8; | |
813 optional bool signature_is_valid = 9; | |
814 optional bool installed_by_custodian = 10; | |
815 optional bool installed_by_default = 11; | |
816 optional bool installed_by_oem = 12; | |
817 optional bool from_bookmark = 13; | |
818 optional bool from_webstore = 14; | |
819 optional bool converted_from_user_script = 15; | |
820 optional bool may_be_untrusted = 16; | |
821 optional int64 install_time_msec = 17; | |
822 optional int32 manifest_location_type = 18; | |
823 optional string manifest = 19; | |
824 } | |
825 | |
826 optional ExtensionInfo last_installed_extension = 1; | |
827 } | |
828 | |
829 optional EnvironmentData environment = 3; | |
830 | |
831 // Population that the reporting user is part of. | |
832 optional ChromeUserPopulation population = 7; | |
833 | |
834 optional ExtensionData extension_data = 8; | |
835 | |
836 message NonBinaryDownloadDetails { | |
837 optional string file_type = 1; | |
838 optional bytes url_spec_sha256 = 2; | |
839 optional string host = 3; | |
840 optional int64 length = 4; | |
841 } | |
842 | |
843 optional NonBinaryDownloadDetails non_binary_download = 9; | |
844 } | |
845 | |
846 message ClientIncidentResponse { | |
847 optional bytes token = 1; | |
848 optional bool download_requested = 2; | |
849 | |
850 message EnvironmentRequest { optional int32 dll_index = 1; } | |
851 | |
852 repeated EnvironmentRequest environment_requests = 3; | |
853 } | |
854 | |
855 message DownloadMetadata { | |
856 optional uint32 download_id = 1; | |
857 | |
858 optional ClientIncidentReport.DownloadDetails download = 2; | |
859 } | |
860 | |
861 // A Detailed Safebrowsing Report from clients. Chrome safebrowsing reports are | |
862 // only sent by Chrome users who have opted into extended Safe Browsing. | |
863 // This proto is replacing ClientMalwareReportRequest. | |
864 // Next tag: 17 | |
865 message ClientSafeBrowsingReportRequest { | |
866 // Note: A lot of the "optional" fields would make sense to be | |
867 // "required" instead. However, having them as optional allows the | |
868 // clients to send "stripped down" versions of the message in the | |
869 // future, if we want to. | |
870 | |
871 enum ReportType { | |
872 UNKNOWN = 0; | |
873 URL_PHISHING = 1; | |
874 URL_MALWARE = 2; | |
875 URL_UNWANTED = 3; | |
876 CLIENT_SIDE_PHISHING_URL = 4; | |
877 CLIENT_SIDE_MALWARE_URL = 5; | |
878 DANGEROUS_DOWNLOAD_RECOVERY = 6; | |
879 DANGEROUS_DOWNLOAD_WARNING = 7; | |
880 DANGEROUS_DOWNLOAD_BY_API = 10; | |
881 } | |
882 | |
883 message HTTPHeader { | |
884 required bytes name = 1; | |
885 optional bytes value = 2; | |
886 } | |
887 | |
888 message HTTPRequest { | |
889 message FirstLine { | |
890 optional bytes verb = 1; | |
891 optional bytes uri = 2; | |
892 optional bytes version = 3; | |
893 } | |
894 | |
895 optional FirstLine firstline = 1; | |
896 repeated HTTPHeader headers = 2; | |
897 optional bytes body = 3; | |
898 | |
899 // bodydigest and bodylength can be useful if the report does not | |
900 // contain the body itself. | |
901 optional bytes bodydigest = 4; // 32-byte hex md5 digest of body. | |
902 optional int32 bodylength = 5; // length of body. | |
903 } | |
904 | |
905 message HTTPResponse { | |
906 message FirstLine { | |
907 optional int32 code = 1; | |
908 optional bytes reason = 2; | |
909 optional bytes version = 3; | |
910 } | |
911 | |
912 optional FirstLine firstline = 1; | |
913 repeated HTTPHeader headers = 2; | |
914 optional bytes body = 3; | |
915 optional bytes bodydigest = 4; // 32-byte hex md5 digest of body. | |
916 optional int32 bodylength = 5; // length of body. | |
917 optional bytes remote_ip = 6; // IP of the server. | |
918 } | |
919 | |
920 message Resource { | |
921 required int32 id = 1; | |
922 optional string url = 2; | |
923 optional HTTPRequest request = 3; | |
924 optional HTTPResponse response = 4; | |
925 optional int32 parent_id = 5; | |
926 repeated int32 child_ids = 6; | |
927 optional string tag_name = 7; | |
928 } | |
929 | |
930 optional ReportType type = 10; | |
931 | |
932 // Only set if ReportType is DANGEROUS_DOWNLOAD_RECOVERY, | |
933 // DANGEROUS_DOWNLOAD_WARNING or DANGEROUS_DOWNLOAD_BY_API. | |
934 optional ClientDownloadResponse.Verdict download_verdict = 11; | |
935 | |
936 // URL of the page in the address bar. | |
937 optional string url = 1; | |
938 optional string page_url = 2; | |
939 optional string referrer_url = 3; | |
940 | |
941 repeated Resource resources = 4; | |
942 | |
943 // Contains the hierarchy of elements on the page (ie: the DOM). Some | |
944 // elements can be Resources and will refer to the resources list (above). | |
945 repeated HTMLElement dom = 16; | |
946 | |
947 // Whether the report is complete. | |
948 optional bool complete = 5; | |
949 | |
950 // The ASN and country of the client IP. These fields are filled up by | |
951 // csd_frontend | |
952 repeated string client_asn = 6; | |
953 optional string client_country = 7; | |
954 | |
955 // Whether user chose to proceed. | |
956 optional bool did_proceed = 8; | |
957 | |
958 // Whether user visited this origin before. | |
959 optional bool repeat_visit = 9; | |
960 | |
961 // The same token in ClientDownloadResponse. This field is only set if its | |
962 // report type is DANGEROUS_DOWNLOAD_RECOVERY, DANGEROUS_DOWNLOAD_WARNING or | |
963 // DANGEROUS_DOWNLOAD_BY_API. | |
964 optional bytes token = 15; | |
965 } | |
966 | |
967 // An HTML Element on the page (eg: iframe, div, script, etc). | |
968 message HTMLElement { | |
969 // Id of this element. | |
970 optional int32 id = 1; | |
971 | |
972 // The tag type of this element (eg: iframe, div, script, etc). | |
973 optional string tag = 2; | |
974 | |
975 // IDs of elements that are children of this element. | |
976 repeated int32 child_ids = 3; | |
977 | |
978 // If this element represents a Resource then this is the id of the | |
979 // Resource, which contains additional data about the Resource. Otherwise | |
980 // unset. | |
981 optional int32 resource_id = 5; | |
982 | |
983 // An Attribute of the element (eg: id, border, foo etc) and its value. | |
984 message Attribute { | |
985 optional string name = 1; | |
986 optional string value = 2; | |
987 } | |
988 repeated Attribute attribute = 6; | |
989 } | |
990 | |
991 // Canonical representation of raster image data. | |
992 message ImageData { | |
993 // Image bitmap, after downscaling to <= 512x512. | |
994 optional bytes data = 1; | |
995 | |
996 // Encoding scheme for the bitmap. | |
997 optional string mime_type = 2; | |
998 | |
999 message Dimensions { | |
1000 optional int32 width = 1; | |
1001 optional int32 height = 2; | |
1002 } | |
1003 | |
1004 // Dimensions of the image stored in |data|. | |
1005 optional Dimensions dimensions = 3; | |
1006 optional Dimensions original_dimensions = 4; // iff downscaled | |
1007 } | |
1008 | |
1009 // Reporting protobuf for an image served as part of a browser notification. | |
1010 // There is no response (an empty body) to this request. | |
1011 message NotificationImageReportRequest { | |
1012 optional string notification_origin = 1; // Src-origin of the notification. | |
1013 optional ImageData image = 2; // The bitmap of the image. | |
1014 | |
1015 // Note that the image URL is deliberately omitted as it would be untrusted, | |
1016 // since the notification image fetch may be intercepted by a Service Worker | |
1017 // (even if the image URL is cross-origin). Otherwise a website could mislead | |
1018 // Safe Browsing into associating phishing image bitmaps with safe image URLs. | |
1019 } | |
OLD | NEW |