OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 // |
| 5 // This proto file includes: |
| 6 // (1) Client side phishing and malware detection request and response |
| 7 // protocol buffers. Those protocol messages should be kept in sync |
| 8 // with the server implementation. |
| 9 // |
| 10 // (2) Safe Browsing reporting protocol buffers. |
| 11 // A ClientSafeBrowsingReportRequest is sent when a user opts-in to |
| 12 // sending detailed threat reports from the safe browsing interstitial page. |
| 13 // It is a list of Resource messages, which may contain the url of a |
| 14 // resource such as the page in the address bar or any other resource |
| 15 // that was loaded for this page. |
| 16 // In addition to the url, a resource can contain HTTP request and response |
| 17 // headers and bodies. |
| 18 // |
| 19 // If you want to change this protocol definition or you have questions |
| 20 // regarding its format please contact chrome-anti-phishing@googlegroups.com. |
| 21 |
| 22 syntax = "proto2"; |
| 23 |
| 24 option optimize_for = LITE_RUNTIME; |
| 25 |
| 26 package safe_browsing; |
| 27 |
| 28 // Protocol buffer describing the Chrome user population of the user reporting |
| 29 // data. |
| 30 message ChromeUserPopulation { |
| 31 enum UserPopulation { |
| 32 UNKNOWN_USER_POPULATION = 0; |
| 33 SAFE_BROWSING = 1; |
| 34 EXTENDED_REPORTING = 2; |
| 35 } |
| 36 optional UserPopulation user_population = 1; |
| 37 } |
| 38 |
| 39 |
| 40 message ClientPhishingRequest { |
| 41 // URL that the client visited. The CGI parameters are stripped by the |
| 42 // client. |
| 43 optional string url = 1; |
| 44 |
| 45 // A 5-byte SHA-256 hash prefix of the URL. Before hashing the URL is |
| 46 // canonicalized, converted to a suffix-prefix expression and broadened |
| 47 // (www prefix is removed and everything past the last '/' is stripped). |
| 48 // |
| 49 // Marked OBSOLETE because the URL is sent for all users, making the hash |
| 50 // prefix unnecessary. |
| 51 optional bytes OBSOLETE_hash_prefix = 10; |
| 52 |
| 53 // Score that was computed on the client. Value is between 0.0 and 1.0. |
| 54 // The larger the value the more likely the url is phishing. |
| 55 required float client_score = 2; |
| 56 |
| 57 // Note: we're skipping tag 3 because it was previously used. |
| 58 |
| 59 // Is true if the features for this URL were classified as phishing. |
| 60 // Currently, this will always be true for all client-phishing requests |
| 61 // that are sent to the server. |
| 62 optional bool is_phishing = 4; |
| 63 |
| 64 message Feature { |
| 65 // Feature name. E.g., 'PageHasForms'. |
| 66 required string name = 1; |
| 67 |
| 68 // Feature value is always in the range [0.0, 1.0]. Boolean features |
| 69 // have value 1.0. |
| 70 required double value = 2; |
| 71 } |
| 72 |
| 73 // List of features that were extracted. Those are the features that were |
| 74 // sent to the scorer and which resulted in client_score being computed. |
| 75 repeated Feature feature_map = 5; |
| 76 |
| 77 // The version number of the model that was used to compute the client-score. |
| 78 // Copied from ClientSideModel.version(). |
| 79 optional int32 model_version = 6; |
| 80 |
| 81 // Field 7 is only used on the server. |
| 82 |
| 83 // List of features that are extracted in the client but are not used in the |
| 84 // machine learning model. |
| 85 repeated Feature non_model_feature_map = 8; |
| 86 |
| 87 // The referrer URL. This field might not be set, for example, in the case |
| 88 // where the referrer uses HTTPs. |
| 89 // OBSOLETE: Use feature 'Referrer=<referrer>' instead. |
| 90 optional string OBSOLETE_referrer_url = 9; |
| 91 |
| 92 // Field 11 is only used on the server. |
| 93 |
| 94 // List of shingle hashes we extracted. |
| 95 repeated uint32 shingle_hashes = 12 [packed = true]; |
| 96 |
| 97 // The model filename (basename) that was used by the client. |
| 98 optional string model_filename = 13; |
| 99 |
| 100 // Population that the reporting user is part of. |
| 101 optional ChromeUserPopulation population = 14; |
| 102 } |
| 103 |
| 104 message ClientPhishingResponse { |
| 105 required bool phishy = 1; |
| 106 |
| 107 // A list of SafeBrowsing host-suffix / path-prefix expressions that |
| 108 // are whitelisted. The client must match the current top-level URL |
| 109 // against these whitelisted expressions and only apply a positive |
| 110 // phishing verdict above if the URL does not match any expression |
| 111 // on this whitelist. The client must not cache these whitelisted |
| 112 // expressions. This whitelist will be empty for the vast majority |
| 113 // of the responses but might contain up to 100 entries in emergency |
| 114 // situations. |
| 115 // |
| 116 // Marked OBSOLETE because the URL is sent for all users, so the server |
| 117 // can do whitelist matching. |
| 118 repeated string OBSOLETE_whitelist_expression = 2; |
| 119 } |
| 120 |
| 121 message ClientMalwareRequest { |
| 122 // URL that the client visited. The CGI parameters are stripped by the |
| 123 // client. |
| 124 required string url = 1; |
| 125 |
| 126 // Field 2 is deleted and no longer in use. |
| 127 |
| 128 // Field 3 is only used on the server. |
| 129 |
| 130 // The referrer URL. This field might not be set, for example, in the case |
| 131 // where the referrer uses HTTPS. |
| 132 optional string referrer_url = 4; |
| 133 |
| 134 // Field 5 and 6 are only used on the server. |
| 135 |
| 136 message UrlInfo { |
| 137 required string ip = 1; |
| 138 required string url = 2; |
| 139 optional string method = 3; |
| 140 optional string referrer = 4; |
| 141 // Resource type, the int value is a direct cast from the Type enum |
| 142 // of ResourceType class defined in //src/webkit/commom/resource_type.h |
| 143 optional int32 resource_type = 5; |
| 144 } |
| 145 |
| 146 // List of resource urls that match the malware IP list. |
| 147 repeated UrlInfo bad_ip_url_info = 7; |
| 148 |
| 149 // Population that the reporting user is part of. |
| 150 optional ChromeUserPopulation population = 9; |
| 151 } |
| 152 |
| 153 // The message is used for client request to determine whether the provided URL |
| 154 // is safe for the purposes of entering user credentials for logging in. |
| 155 message LoginReputationClientRequest { |
| 156 // The top level frame URL of the webpage that hosts the login form. |
| 157 // The client will strip CGI parameters. |
| 158 optional string page_url = 1; |
| 159 |
| 160 // Type for the request. |
| 161 // It could be low reputation request or password reuse request. |
| 162 enum TriggerType { |
| 163 TRIGGER_TYPE_UNSPECIFIED = 0; |
| 164 UNFAMILIAR_LOGIN_PAGE = 1; |
| 165 PASSWORD_REUSE_EVENT = 2; |
| 166 } |
| 167 optional TriggerType trigger_type = 2; |
| 168 |
| 169 // The message contains features which can describe a frame. A frame can be |
| 170 // a top level web page or an iframe. |
| 171 message Frame { |
| 172 // Id of a frame. The frame whose index = 0 is the top level web page. |
| 173 optional int32 frame_index = 1; |
| 174 |
| 175 // Id of the parent frame. |
| 176 optional int32 parent_frame_index = 2; |
| 177 |
| 178 // Url of the frame. If could be top level url (from web page) or url of |
| 179 // the iframe. |
| 180 optional string url = 3; |
| 181 |
| 182 // Whether the frame contains password field. |
| 183 optional bool has_password_field = 4; |
| 184 |
| 185 // URLs transitions in reverse chronological order, i.e. the top level url |
| 186 // or the url of the iframe comes first in the list. |
| 187 repeated ReferrerChainEntry referrer_chain = 5; |
| 188 |
| 189 // The message contains features of a form. |
| 190 message Form { |
| 191 // Action url of the form. |
| 192 optional string action_url = 1; |
| 193 |
| 194 // Whether the form contains password field. |
| 195 optional bool has_password_field = 2; |
| 196 } |
| 197 |
| 198 repeated Form forms = 6; |
| 199 } |
| 200 |
| 201 repeated Frame frames = 3; |
| 202 |
| 203 // The message contains fields needed for a password reuse event. |
| 204 message PasswordReuseEvent { |
| 205 // Origins that the reused password had been used on. The origins are |
| 206 // maintained by Chrome password manager. |
| 207 // The field is filled in only when TriggerType is PASSWORD_REUSE_EVENT. |
| 208 repeated string password_reused_original_origins = 1; |
| 209 |
| 210 // The frame that the password reuse is detected. |
| 211 optional int32 frame_id = 2; |
| 212 } |
| 213 |
| 214 optional PasswordReuseEvent password_reuse_event = 4; |
| 215 |
| 216 // The number of verdicts stored on the client. |
| 217 optional int32 stored_verdict_cnt = 5; |
| 218 } |
| 219 |
| 220 // The message is used for client response for login reputation requests. |
| 221 message LoginReputationClientResponse { |
| 222 // Type of verdicts issued by the server. |
| 223 enum VerdictType { |
| 224 VERDICT_TYPE_UNSPECIFIED = 0; |
| 225 // No warning will be displayed. |
| 226 SAFE = 1; |
| 227 // The site has low reputation or low popularity. |
| 228 LOW_REPUTATION = 2; |
| 229 // The url matches with blacklist entries. |
| 230 PHISHING = 3; |
| 231 } |
| 232 optional VerdictType verdict_type = 1; |
| 233 |
| 234 // TTL of the verdict in seconds. |
| 235 optional int64 cache_duration_sec = 2; |
| 236 |
| 237 // A host-suffix/path-prefix expression which defines a collections of pages |
| 238 // with common ownership from the same domain. |
| 239 // Generally, the pattern is defined on the granularity of domains. |
| 240 // For domains managed by multiple parties, especially in the case of large |
| 241 // hosting sites (e.g., geocities.com), we further divide the domains. |
| 242 // |
| 243 // Examples: |
| 244 // www.google.com/foo/bar?param=val -> google.com |
| 245 // www.geocities.com/foo/bar.html -> geocities.com/foo |
| 246 // adwords.blogspot.com/index.html -> adwords.blogspot.com |
| 247 // |
| 248 // The pattern will always match the page_url of the request, and will be |
| 249 // a substring of page_url. |
| 250 optional string cache_expression = 3; |
| 251 } |
| 252 |
| 253 message ClientMalwareResponse { |
| 254 required bool blacklist = 1; |
| 255 // The confirmed blacklisted bad IP and its url, which will be shown in |
| 256 // malware warning, if the blacklist verdict is true. |
| 257 // This IP string could be either in IPv4 or IPv6 format, which is the same |
| 258 // as the ones client sent to server. |
| 259 optional string bad_ip = 2; |
| 260 optional string bad_url = 3; |
| 261 } |
| 262 |
| 263 message ClientDownloadRequest { |
| 264 // The final URL of the download (after all redirects). |
| 265 required string url = 1; |
| 266 |
| 267 // This message contains various binary digests of the download payload. |
| 268 message Digests { |
| 269 optional bytes sha256 = 1; |
| 270 optional bytes sha1 = 2; |
| 271 optional bytes md5 = 3; |
| 272 } |
| 273 required Digests digests = 2; |
| 274 |
| 275 // This is the length in bytes of the download payload. |
| 276 required int64 length = 3; |
| 277 |
| 278 // Type of the resources stored below. |
| 279 enum ResourceType { |
| 280 // The final URL of the download payload. The resource URL should |
| 281 // correspond to the URL field above. |
| 282 DOWNLOAD_URL = 0; |
| 283 // A redirect URL that was fetched before hitting the final DOWNLOAD_URL. |
| 284 DOWNLOAD_REDIRECT = 1; |
| 285 // The final top-level URL of the tab that triggered the download. |
| 286 TAB_URL = 2; |
| 287 // A redirect URL thas was fetched before hitting the final TAB_URL. |
| 288 TAB_REDIRECT = 3; |
| 289 // The document URL for a PPAPI plugin instance that initiated the download. |
| 290 // This is the document.url for the container element for the plugin |
| 291 // instance. |
| 292 PPAPI_DOCUMENT = 4; |
| 293 // The plugin URL for a PPAPI plugin instance that initiated the download. |
| 294 PPAPI_PLUGIN = 5; |
| 295 } |
| 296 |
| 297 message Resource { |
| 298 required string url = 1; |
| 299 required ResourceType type = 2; |
| 300 optional bytes remote_ip = 3; |
| 301 // This will only be set if the referrer is available and if the |
| 302 // resource type is either TAB_URL or DOWNLOAD_URL. |
| 303 optional string referrer = 4; |
| 304 |
| 305 // TODO(noelutz): add the transition type? |
| 306 } |
| 307 |
| 308 // This repeated field will store all the redirects as well as the |
| 309 // final URLs for the top-level tab URL (i.e., the URL that |
| 310 // triggered the download) as well as for the download URL itself. |
| 311 repeated Resource resources = 4; |
| 312 |
| 313 // A trust chain of certificates. Each chain begins with the signing |
| 314 // certificate of the binary, and ends with a self-signed certificate, |
| 315 // typically from a trusted root CA. This structure is analogous to |
| 316 // CERT_CHAIN_CONTEXT on Windows. |
| 317 message CertificateChain { |
| 318 // A single link in the chain. |
| 319 message Element { |
| 320 // DER-encoded X.509 representation of the certificate. |
| 321 optional bytes certificate = 1; |
| 322 // Fields 2 - 7 are only used on the server. |
| 323 } |
| 324 repeated Element element = 1; |
| 325 } |
| 326 |
| 327 // This is an OS X only message to report extended attribute informations. |
| 328 // Extended attributes on OS X are used for various security mechanisms, |
| 329 // which makes them interesting to Chrome. |
| 330 message ExtendedAttr { |
| 331 // This is the name of the extended attribute. |
| 332 required string key = 1; |
| 333 // This is the value of the extended attribute. |
| 334 optional bytes value = 2; |
| 335 } |
| 336 |
| 337 message SignatureInfo { |
| 338 // All certificate chains for each of the binary's signers. Multiple chains |
| 339 // may be present if the binary or any certificate has multiple signers. |
| 340 // Absence of certificate chains does not imply that the binary is not |
| 341 // signed (in that case, SignedData blobs extracted from the binary may be |
| 342 // preset), but does mean that trust has not been verified. |
| 343 repeated CertificateChain certificate_chain = 1; |
| 344 |
| 345 // True if the signature was trusted on the client. |
| 346 optional bool trusted = 2; |
| 347 |
| 348 // On Windows, PKCS#7 SignedData blobs extracted from a portable executable |
| 349 // image's attribute certificate table. The presence of these does not imply |
| 350 // that the signatures were deemed trusted by the client. |
| 351 // On Mac, this is the code signature blob referenced by the |
| 352 // LC_CODE_SIGNATURE load command. |
| 353 repeated bytes signed_data = 3; |
| 354 |
| 355 // On OS X, code signing data can be contained in the extended attributes of |
| 356 // a file. As Gatekeeper respects this signature, we look for it and collect |
| 357 // it. |
| 358 repeated ExtendedAttr xattr = 4; |
| 359 } |
| 360 |
| 361 // This field will only be set if the binary is signed. |
| 362 optional SignatureInfo signature = 5; |
| 363 |
| 364 // True if the download was user initiated. |
| 365 optional bool user_initiated = 6; |
| 366 |
| 367 // Fields 7 and 8 are only used on the server. |
| 368 |
| 369 // Name of the file where the download would be stored if the |
| 370 // download completes. E.g., "bla.exe". |
| 371 optional string file_basename = 9; |
| 372 |
| 373 // Starting with Chrome M19 we're also sending back pings for Chrome |
| 374 // extensions that get downloaded by users. |
| 375 enum DownloadType { |
| 376 WIN_EXECUTABLE = 0; // Currently all .exe, .cab and .msi files. |
| 377 CHROME_EXTENSION = 1; // .crx files. |
| 378 ANDROID_APK = 2; // .apk files. |
| 379 // .zip files containing one of the other executable types. |
| 380 ZIPPED_EXECUTABLE = 3; |
| 381 MAC_EXECUTABLE = 4; // .dmg, .pkg, etc. |
| 382 ZIPPED_ARCHIVE = 5; // .zip file containing another archive. |
| 383 ARCHIVE = 6; // Archive that doesn't have a specific DownloadType. |
| 384 // A .zip that Chrome failed to unpack to the point of finding exe/zips. |
| 385 INVALID_ZIP = 7; |
| 386 // A .dmg, .pkg, etc, that Chrome failed to unpack to the point of finding |
| 387 // Mach O's. |
| 388 INVALID_MAC_ARCHIVE = 8; |
| 389 // A download request initiated via PPAPI. Typically the requestor is |
| 390 // a Flash applet. |
| 391 PPAPI_SAVE_REQUEST = 9; |
| 392 // A file we don't support, but we've decided to sample and send |
| 393 // a light-ping. |
| 394 SAMPLED_UNSUPPORTED_FILE = 10; |
| 395 } |
| 396 optional DownloadType download_type = 10 [default = WIN_EXECUTABLE]; |
| 397 |
| 398 // Locale of the device, eg en, en_US. |
| 399 optional string locale = 11; |
| 400 |
| 401 message PEImageHeaders { |
| 402 // IMAGE_DOS_HEADER. |
| 403 optional bytes dos_header = 1; |
| 404 // IMAGE_FILE_HEADER. |
| 405 optional bytes file_header = 2; |
| 406 // IMAGE_OPTIONAL_HEADER32. Present only for 32-bit PE images. |
| 407 optional bytes optional_headers32 = 3; |
| 408 // IMAGE_OPTIONAL_HEADER64. Present only for 64-bit PE images. |
| 409 optional bytes optional_headers64 = 4; |
| 410 // IMAGE_SECTION_HEADER. |
| 411 repeated bytes section_header = 5; |
| 412 // Contents of the .edata section. |
| 413 optional bytes export_section_data = 6; |
| 414 |
| 415 message DebugData { |
| 416 // IMAGE_DEBUG_DIRECTORY. |
| 417 optional bytes directory_entry = 1; |
| 418 optional bytes raw_data = 2; |
| 419 } |
| 420 |
| 421 repeated DebugData debug_data = 7; |
| 422 } |
| 423 |
| 424 message MachOHeaders { |
| 425 // The mach_header or mach_header_64 struct. |
| 426 required bytes mach_header = 1; |
| 427 |
| 428 message LoadCommand { |
| 429 // |command_id| is the first uint32 of |command| as well, but is |
| 430 // extracted for easier processing. |
| 431 required uint32 command_id = 1; |
| 432 // The entire data stream of the load command. |
| 433 required bytes command = 2; |
| 434 } |
| 435 |
| 436 // All the load commands of the Mach-O file. |
| 437 repeated LoadCommand load_commands = 2; |
| 438 } |
| 439 |
| 440 message ImageHeaders { |
| 441 // Windows Portable Executable image headers. |
| 442 optional PEImageHeaders pe_headers = 1; |
| 443 |
| 444 // OS X Mach-O image headers. |
| 445 repeated MachOHeaders mach_o_headers = 2; |
| 446 }; |
| 447 |
| 448 // Fields 12-17 are reserved for server-side use and are never sent by the |
| 449 // client. |
| 450 |
| 451 optional ImageHeaders image_headers = 18; |
| 452 |
| 453 // Fields 19-21 are reserved for server-side use and are never sent by the |
| 454 // client. |
| 455 |
| 456 // A binary contained in an archive (e.g., a .zip archive). |
| 457 message ArchivedBinary { |
| 458 optional string file_basename = 1; |
| 459 optional DownloadType download_type = 2; |
| 460 optional Digests digests = 3; |
| 461 optional int64 length = 4; |
| 462 optional SignatureInfo signature = 5; |
| 463 optional ImageHeaders image_headers = 6; |
| 464 } |
| 465 |
| 466 repeated ArchivedBinary archived_binary = 22; |
| 467 |
| 468 // Population that the reporting user is part of. |
| 469 optional ChromeUserPopulation population = 24; |
| 470 |
| 471 // True if the .zip or DMG, etc, was 100% successfully unpacked. |
| 472 optional bool archive_valid = 26; |
| 473 |
| 474 // True if this ClientDownloadRequest is from a whitelisted domain. |
| 475 optional bool skipped_url_whitelist = 28; |
| 476 |
| 477 // True if this ClientDownloadRequest contains a whitelisted certificate. |
| 478 optional bool skipped_certificate_whitelist = 31; |
| 479 |
| 480 // PPAPI_SAVE_REQUEST type messages may have more than one suggested filetype. |
| 481 // Each element in this collection indicates an alternate extension including |
| 482 // the leading extension separator. |
| 483 repeated string alternate_extensions = 35; |
| 484 |
| 485 // URLs transitions from landing referrer to download in reverse chronological |
| 486 // order, i.e. download url comes first in this list, and landing referrer |
| 487 // comes last. |
| 488 repeated ReferrerChainEntry referrer_chain = 36; |
| 489 |
| 490 // Whether DownloadAttribution Finch experiment is enabled for this ping. |
| 491 optional bool download_attribution_finch_enabled = 39; |
| 492 } |
| 493 |
| 494 message ReferrerChainEntry { |
| 495 enum URLType { |
| 496 DOWNLOAD_URL = 1; |
| 497 LANDING_PAGE = 2; |
| 498 LANDING_REFERRER = 3; |
| 499 CLIENT_REDIRECT = 4; |
| 500 DEPRECATED_SERVER_REDIRECT = 5; // Deprecated |
| 501 } |
| 502 |
| 503 message ServerRedirect { |
| 504 // [required] server redirect url |
| 505 optional string url = 1; |
| 506 |
| 507 // Additional fields for future expansion. |
| 508 } |
| 509 |
| 510 // [required] The url of this Entry. |
| 511 optional string url = 1; |
| 512 |
| 513 // Only set if it is different from |url|. |
| 514 optional string main_frame_url = 9; |
| 515 |
| 516 // Type of URLs, such as download url, download referrer, etc. |
| 517 optional URLType type = 2 [default = CLIENT_REDIRECT]; |
| 518 |
| 519 // IP addresses corresponding to this host. |
| 520 repeated string ip_addresses = 3; |
| 521 |
| 522 // Referrer url of this entry. |
| 523 optional string referrer_url = 4; |
| 524 |
| 525 // Main frame URL of referrer. |
| 526 // Only set if it is different from |referrer_url|. |
| 527 optional string referrer_main_frame_url = 5; |
| 528 |
| 529 // If this URL loads in a different tab/frame from previous one. |
| 530 optional bool is_retargeting = 6; |
| 531 |
| 532 optional double navigation_time_msec = 7; |
| 533 |
| 534 // Set only if server redirects happened in navigation. |
| 535 // The first entry in |server_redirect_chain| should be the original request |
| 536 // url, and the last entry should be the same as |url|. |
| 537 repeated ServerRedirect server_redirect_chain = 8; |
| 538 } // End of ReferrerChainEntry |
| 539 |
| 540 message ClientDownloadResponse { |
| 541 enum Verdict { |
| 542 // Download is considered safe. |
| 543 SAFE = 0; |
| 544 // Download is considered dangerous. Chrome should show a warning to the |
| 545 // user. |
| 546 DANGEROUS = 1; |
| 547 // Download is uncommon. Chrome should display a less severe warning. |
| 548 UNCOMMON = 2; |
| 549 // The download is potentially unwanted. |
| 550 POTENTIALLY_UNWANTED = 3; |
| 551 // The download is from a dangerous host. |
| 552 DANGEROUS_HOST = 4; |
| 553 // The backend doesn't have confidence in its verdict of this file. |
| 554 // Chrome should show the default warning if configured for this file type. |
| 555 UNKNOWN = 5; |
| 556 } |
| 557 optional Verdict verdict = 1 [default = SAFE]; |
| 558 |
| 559 message MoreInfo { |
| 560 // A human-readable string describing the nature of the warning. |
| 561 // Only if verdict != SAFE. Localized based on request.locale. |
| 562 optional string description = 1; |
| 563 |
| 564 // A URL to get more information about this warning, if available. |
| 565 optional string url = 2; |
| 566 } |
| 567 optional MoreInfo more_info = 2; |
| 568 |
| 569 // An arbitrary token that should be sent along for further server requests. |
| 570 optional bytes token = 3; |
| 571 |
| 572 // Whether the server requests that this binary be uploaded. |
| 573 optional bool upload = 5; |
| 574 } |
| 575 |
| 576 // The following protocol buffer holds the feedback report gathered |
| 577 // from the user regarding the download. |
| 578 message ClientDownloadReport { |
| 579 // The information of user who provided the feedback. |
| 580 // This is going to be useful for handling appeals. |
| 581 message UserInformation { |
| 582 optional string email = 1; |
| 583 } |
| 584 |
| 585 enum Reason { |
| 586 SHARE = 0; |
| 587 FALSE_POSITIVE = 1; |
| 588 APPEAL = 2; |
| 589 } |
| 590 |
| 591 // The type of feedback for this report. |
| 592 optional Reason reason = 1; |
| 593 |
| 594 // The original download ping |
| 595 optional ClientDownloadRequest download_request = 2; |
| 596 |
| 597 // Stores the information of the user who provided the feedback. |
| 598 optional UserInformation user_information = 3; |
| 599 |
| 600 // Unstructed comments provided by the user. |
| 601 optional bytes comment = 4; |
| 602 |
| 603 // The original download response sent from the verdict server. |
| 604 optional ClientDownloadResponse download_response = 5; |
| 605 } |
| 606 |
| 607 // This is used to send back upload status to the client after upload completion |
| 608 message ClientUploadResponse { |
| 609 enum UploadStatus { |
| 610 // The upload was successful and a complete response can be expected |
| 611 SUCCESS = 0; |
| 612 |
| 613 // The upload was unsuccessful and the response is incomplete. |
| 614 UPLOAD_FAILURE = 1; |
| 615 } |
| 616 |
| 617 // Holds the upload status |
| 618 optional UploadStatus status = 1; |
| 619 |
| 620 // Holds the permalink where the results of scanning the binary are available |
| 621 optional string permalink = 2; |
| 622 } |
| 623 |
| 624 message ClientIncidentReport { |
| 625 message IncidentData { |
| 626 message TrackedPreferenceIncident { |
| 627 enum ValueState { |
| 628 UNKNOWN = 0; |
| 629 CLEARED = 1; |
| 630 WEAK_LEGACY_OBSOLETE = 2; |
| 631 CHANGED = 3; |
| 632 UNTRUSTED_UNKNOWN_VALUE = 4; |
| 633 BYPASS_CLEARED = 5; |
| 634 BYPASS_CHANGED = 6; |
| 635 } |
| 636 |
| 637 optional string path = 1; |
| 638 optional string atomic_value = 2; |
| 639 repeated string split_key = 3; |
| 640 optional ValueState value_state = 4; |
| 641 } |
| 642 |
| 643 message BinaryIntegrityIncident { |
| 644 optional string file_basename = 1; |
| 645 optional ClientDownloadRequest.SignatureInfo signature = 2; |
| 646 optional ClientDownloadRequest.ImageHeaders image_headers = 3; |
| 647 optional int32 sec_error = 4; |
| 648 |
| 649 message ContainedFile { |
| 650 optional string relative_path = 1; |
| 651 optional ClientDownloadRequest.SignatureInfo signature = 2; |
| 652 optional ClientDownloadRequest.ImageHeaders image_headers = 3; |
| 653 } |
| 654 repeated ContainedFile contained_file = 5; |
| 655 } |
| 656 |
| 657 message BlacklistLoadIncident { |
| 658 optional string path = 1; |
| 659 optional ClientDownloadRequest.Digests digest = 2; |
| 660 optional string version = 3; |
| 661 optional bool blacklist_initialized = 4; |
| 662 optional ClientDownloadRequest.SignatureInfo signature = 5; |
| 663 optional ClientDownloadRequest.ImageHeaders image_headers = 6; |
| 664 } |
| 665 message VariationsSeedSignatureIncident { |
| 666 optional string variations_seed_signature = 1; |
| 667 } |
| 668 message ResourceRequestIncident { |
| 669 enum Type { |
| 670 UNKNOWN = 0; |
| 671 TYPE_PATTERN = 3; |
| 672 } |
| 673 optional bytes digest = 1; |
| 674 optional string origin = 2; |
| 675 optional Type type = 3 [default = UNKNOWN]; |
| 676 } |
| 677 message SuspiciousModuleIncident { |
| 678 optional string path = 1; |
| 679 optional ClientDownloadRequest.Digests digest = 2; |
| 680 optional string version = 3; |
| 681 optional ClientDownloadRequest.SignatureInfo signature = 4; |
| 682 optional ClientDownloadRequest.ImageHeaders image_headers = 5; |
| 683 } |
| 684 optional int64 incident_time_msec = 1; |
| 685 optional TrackedPreferenceIncident tracked_preference = 2; |
| 686 optional BinaryIntegrityIncident binary_integrity = 3; |
| 687 optional BlacklistLoadIncident blacklist_load = 4; |
| 688 // Note: skip tag 5 because it was previously used. |
| 689 optional VariationsSeedSignatureIncident variations_seed_signature = 6; |
| 690 optional ResourceRequestIncident resource_request = 7; |
| 691 optional SuspiciousModuleIncident suspicious_module = 8; |
| 692 } |
| 693 |
| 694 repeated IncidentData incident = 1; |
| 695 |
| 696 message DownloadDetails { |
| 697 optional bytes token = 1; |
| 698 optional ClientDownloadRequest download = 2; |
| 699 optional int64 download_time_msec = 3; |
| 700 optional int64 open_time_msec = 4; |
| 701 } |
| 702 |
| 703 optional DownloadDetails download = 2; |
| 704 |
| 705 message EnvironmentData { |
| 706 message OS { |
| 707 optional string os_name = 1; |
| 708 optional string os_version = 2; |
| 709 |
| 710 message RegistryValue { |
| 711 optional string name = 1; |
| 712 optional uint32 type = 2; |
| 713 optional bytes data = 3; |
| 714 } |
| 715 |
| 716 message RegistryKey { |
| 717 optional string name = 1; |
| 718 repeated RegistryValue value = 2; |
| 719 repeated RegistryKey key = 3; |
| 720 } |
| 721 |
| 722 repeated RegistryKey registry_key = 3; |
| 723 |
| 724 optional bool is_enrolled_to_domain = 4; |
| 725 } |
| 726 optional OS os = 1; |
| 727 message Machine { |
| 728 optional string cpu_architecture = 1; |
| 729 optional string cpu_vendor = 2; |
| 730 optional uint32 cpuid = 3; |
| 731 } |
| 732 optional Machine machine = 2; |
| 733 message Process { |
| 734 optional string version = 1; |
| 735 repeated string OBSOLETE_dlls = 2; |
| 736 message Patch { |
| 737 optional string function = 1; |
| 738 optional string target_dll = 2; |
| 739 } |
| 740 repeated Patch patches = 3; |
| 741 message NetworkProvider {} |
| 742 repeated NetworkProvider network_providers = 4; |
| 743 enum Channel { |
| 744 CHANNEL_UNKNOWN = 0; |
| 745 CHANNEL_CANARY = 1; |
| 746 CHANNEL_DEV = 2; |
| 747 CHANNEL_BETA = 3; |
| 748 CHANNEL_STABLE = 4; |
| 749 } |
| 750 optional Channel chrome_update_channel = 5; |
| 751 optional int64 uptime_msec = 6; |
| 752 optional bool metrics_consent = 7; |
| 753 // Obsolete: extended consent is now required for incident reporting. |
| 754 optional bool OBSOLETE_extended_consent = 8; |
| 755 message Dll { |
| 756 enum Feature { |
| 757 UNKNOWN = 0; |
| 758 LSP = 1; |
| 759 } |
| 760 optional string path = 1; |
| 761 optional uint64 base_address = 2; |
| 762 optional uint32 length = 3; |
| 763 repeated Feature feature = 4; |
| 764 optional ClientDownloadRequest.ImageHeaders image_headers = 5; |
| 765 } |
| 766 repeated Dll dll = 9; |
| 767 repeated string blacklisted_dll = 10; |
| 768 message ModuleState { |
| 769 enum ModifiedState { |
| 770 UNKNOWN = 0; |
| 771 MODULE_STATE_UNKNOWN = 1; |
| 772 MODULE_STATE_UNMODIFIED = 2; |
| 773 MODULE_STATE_MODIFIED = 3; |
| 774 } |
| 775 optional string name = 1; |
| 776 optional ModifiedState modified_state = 2; |
| 777 repeated string OBSOLETE_modified_export = 3; |
| 778 |
| 779 message Modification { |
| 780 optional uint32 file_offset = 1; |
| 781 optional int32 byte_count = 2; |
| 782 optional bytes modified_bytes = 3; |
| 783 optional string export_name = 4; |
| 784 } |
| 785 repeated Modification modification = 4; |
| 786 } |
| 787 repeated ModuleState module_state = 11; |
| 788 // Obsolete: field trials no longer enable incident reporting. |
| 789 optional bool OBSOLETE_field_trial_participant = 12; |
| 790 } |
| 791 optional Process process = 3; |
| 792 } |
| 793 |
| 794 message ExtensionData { |
| 795 message ExtensionInfo { |
| 796 enum ExtensionState { |
| 797 STATE_UNKNOWN = 0; |
| 798 STATE_ENABLED = 1; |
| 799 STATE_DISABLED = 2; |
| 800 STATE_BLACKLISTED = 3; |
| 801 STATE_BLOCKED = 4; |
| 802 STATE_TERMINATED = 5; |
| 803 } |
| 804 |
| 805 optional string id = 1; |
| 806 optional string version = 2; |
| 807 optional string name = 3; |
| 808 optional string description = 4; |
| 809 optional ExtensionState state = 5 [default = STATE_UNKNOWN]; |
| 810 optional int32 type = 6; |
| 811 optional string update_url = 7; |
| 812 optional bool has_signature_validation = 8; |
| 813 optional bool signature_is_valid = 9; |
| 814 optional bool installed_by_custodian = 10; |
| 815 optional bool installed_by_default = 11; |
| 816 optional bool installed_by_oem = 12; |
| 817 optional bool from_bookmark = 13; |
| 818 optional bool from_webstore = 14; |
| 819 optional bool converted_from_user_script = 15; |
| 820 optional bool may_be_untrusted = 16; |
| 821 optional int64 install_time_msec = 17; |
| 822 optional int32 manifest_location_type = 18; |
| 823 optional string manifest = 19; |
| 824 } |
| 825 |
| 826 optional ExtensionInfo last_installed_extension = 1; |
| 827 } |
| 828 |
| 829 optional EnvironmentData environment = 3; |
| 830 |
| 831 // Population that the reporting user is part of. |
| 832 optional ChromeUserPopulation population = 7; |
| 833 |
| 834 optional ExtensionData extension_data = 8; |
| 835 |
| 836 message NonBinaryDownloadDetails { |
| 837 optional string file_type = 1; |
| 838 optional bytes url_spec_sha256 = 2; |
| 839 optional string host = 3; |
| 840 optional int64 length = 4; |
| 841 } |
| 842 |
| 843 optional NonBinaryDownloadDetails non_binary_download = 9; |
| 844 } |
| 845 |
| 846 message ClientIncidentResponse { |
| 847 optional bytes token = 1; |
| 848 optional bool download_requested = 2; |
| 849 |
| 850 message EnvironmentRequest { optional int32 dll_index = 1; } |
| 851 |
| 852 repeated EnvironmentRequest environment_requests = 3; |
| 853 } |
| 854 |
| 855 message DownloadMetadata { |
| 856 optional uint32 download_id = 1; |
| 857 |
| 858 optional ClientIncidentReport.DownloadDetails download = 2; |
| 859 } |
| 860 |
| 861 // A Detailed Safebrowsing Report from clients. Chrome safebrowsing reports are |
| 862 // only sent by Chrome users who have opted into extended Safe Browsing. |
| 863 // This proto is replacing ClientMalwareReportRequest. |
| 864 // Next tag: 17 |
| 865 message ClientSafeBrowsingReportRequest { |
| 866 // Note: A lot of the "optional" fields would make sense to be |
| 867 // "required" instead. However, having them as optional allows the |
| 868 // clients to send "stripped down" versions of the message in the |
| 869 // future, if we want to. |
| 870 |
| 871 enum ReportType { |
| 872 UNKNOWN = 0; |
| 873 URL_PHISHING = 1; |
| 874 URL_MALWARE = 2; |
| 875 URL_UNWANTED = 3; |
| 876 CLIENT_SIDE_PHISHING_URL = 4; |
| 877 CLIENT_SIDE_MALWARE_URL = 5; |
| 878 DANGEROUS_DOWNLOAD_RECOVERY = 6; |
| 879 DANGEROUS_DOWNLOAD_WARNING = 7; |
| 880 DANGEROUS_DOWNLOAD_BY_API = 10; |
| 881 } |
| 882 |
| 883 message HTTPHeader { |
| 884 required bytes name = 1; |
| 885 optional bytes value = 2; |
| 886 } |
| 887 |
| 888 message HTTPRequest { |
| 889 message FirstLine { |
| 890 optional bytes verb = 1; |
| 891 optional bytes uri = 2; |
| 892 optional bytes version = 3; |
| 893 } |
| 894 |
| 895 optional FirstLine firstline = 1; |
| 896 repeated HTTPHeader headers = 2; |
| 897 optional bytes body = 3; |
| 898 |
| 899 // bodydigest and bodylength can be useful if the report does not |
| 900 // contain the body itself. |
| 901 optional bytes bodydigest = 4; // 32-byte hex md5 digest of body. |
| 902 optional int32 bodylength = 5; // length of body. |
| 903 } |
| 904 |
| 905 message HTTPResponse { |
| 906 message FirstLine { |
| 907 optional int32 code = 1; |
| 908 optional bytes reason = 2; |
| 909 optional bytes version = 3; |
| 910 } |
| 911 |
| 912 optional FirstLine firstline = 1; |
| 913 repeated HTTPHeader headers = 2; |
| 914 optional bytes body = 3; |
| 915 optional bytes bodydigest = 4; // 32-byte hex md5 digest of body. |
| 916 optional int32 bodylength = 5; // length of body. |
| 917 optional bytes remote_ip = 6; // IP of the server. |
| 918 } |
| 919 |
| 920 message Resource { |
| 921 required int32 id = 1; |
| 922 optional string url = 2; |
| 923 optional HTTPRequest request = 3; |
| 924 optional HTTPResponse response = 4; |
| 925 optional int32 parent_id = 5; |
| 926 repeated int32 child_ids = 6; |
| 927 optional string tag_name = 7; |
| 928 } |
| 929 |
| 930 optional ReportType type = 10; |
| 931 |
| 932 // Only set if ReportType is DANGEROUS_DOWNLOAD_RECOVERY, |
| 933 // DANGEROUS_DOWNLOAD_WARNING or DANGEROUS_DOWNLOAD_BY_API. |
| 934 optional ClientDownloadResponse.Verdict download_verdict = 11; |
| 935 |
| 936 // URL of the page in the address bar. |
| 937 optional string url = 1; |
| 938 optional string page_url = 2; |
| 939 optional string referrer_url = 3; |
| 940 |
| 941 repeated Resource resources = 4; |
| 942 |
| 943 // Contains the hierarchy of elements on the page (ie: the DOM). Some |
| 944 // elements can be Resources and will refer to the resources list (above). |
| 945 repeated HTMLElement dom = 16; |
| 946 |
| 947 // Whether the report is complete. |
| 948 optional bool complete = 5; |
| 949 |
| 950 // The ASN and country of the client IP. These fields are filled up by |
| 951 // csd_frontend |
| 952 repeated string client_asn = 6; |
| 953 optional string client_country = 7; |
| 954 |
| 955 // Whether user chose to proceed. |
| 956 optional bool did_proceed = 8; |
| 957 |
| 958 // Whether user visited this origin before. |
| 959 optional bool repeat_visit = 9; |
| 960 |
| 961 // The same token in ClientDownloadResponse. This field is only set if its |
| 962 // report type is DANGEROUS_DOWNLOAD_RECOVERY, DANGEROUS_DOWNLOAD_WARNING or |
| 963 // DANGEROUS_DOWNLOAD_BY_API. |
| 964 optional bytes token = 15; |
| 965 } |
| 966 |
| 967 // An HTML Element on the page (eg: iframe, div, script, etc). |
| 968 message HTMLElement { |
| 969 // Id of this element. |
| 970 optional int32 id = 1; |
| 971 |
| 972 // The tag type of this element (eg: iframe, div, script, etc). |
| 973 optional string tag = 2; |
| 974 |
| 975 // IDs of elements that are children of this element. |
| 976 repeated int32 child_ids = 3; |
| 977 |
| 978 // If this element represents a Resource then this is the id of the |
| 979 // Resource, which contains additional data about the Resource. Otherwise |
| 980 // unset. |
| 981 optional int32 resource_id = 5; |
| 982 |
| 983 // An Attribute of the element (eg: id, border, foo etc) and its value. |
| 984 message Attribute { |
| 985 optional string name = 1; |
| 986 optional string value = 2; |
| 987 } |
| 988 repeated Attribute attribute = 6; |
| 989 } |
| 990 |
| 991 // Canonical representation of raster image data. |
| 992 message ImageData { |
| 993 // Image bitmap, after downscaling to <= 512x512. |
| 994 optional bytes data = 1; |
| 995 |
| 996 // Encoding scheme for the bitmap. |
| 997 optional string mime_type = 2; |
| 998 |
| 999 message Dimensions { |
| 1000 optional int32 width = 1; |
| 1001 optional int32 height = 2; |
| 1002 } |
| 1003 |
| 1004 // Dimensions of the image stored in |data|. |
| 1005 optional Dimensions dimensions = 3; |
| 1006 optional Dimensions original_dimensions = 4; // iff downscaled |
| 1007 } |
| 1008 |
| 1009 // Reporting protobuf for an image served as part of a browser notification. |
| 1010 // There is no response (an empty body) to this request. |
| 1011 message NotificationImageReportRequest { |
| 1012 optional string notification_origin = 1; // Src-origin of the notification. |
| 1013 optional ImageData image = 2; // The bitmap of the image. |
| 1014 |
| 1015 // Note that the image URL is deliberately omitted as it would be untrusted, |
| 1016 // since the notification image fetch may be intercepted by a Service Worker |
| 1017 // (even if the image URL is cross-origin). Otherwise a website could mislead |
| 1018 // Safe Browsing into associating phishing image bitmaps with safe image URLs. |
| 1019 } |
OLD | NEW |