// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// This file includes Safe Browsing V4 API blocklist request and response
// protocol buffers. They should be kept in sync with the server implementation.
syntax = "proto2";
option optimize_for = LITE_RUNTIME;
package safe_browsing;
message ThreatInfo {
// The threat types to be checked.
repeated ThreatType threat_types = 1;
// The platform types to be checked.
repeated PlatformType platform_types = 2;
// The entry types to be checked.
repeated ThreatEntryType threat_entry_types = 4;
// The threat entries to be checked.
repeated ThreatEntry threat_entries = 3;
}
// A match when checking a threat entry in the Safe Browsing threat lists.
message ThreatMatch {
// The threat type matching this threat.
optional ThreatType threat_type = 1;
// The platform type matching this threat.
optional PlatformType platform_type = 2;
// The threat entry type matching this threat.
optional ThreatEntryType threat_entry_type = 6;
// The threat matching this threat.
optional ThreatEntry threat = 3;
// Optional metadata associated with this threat.
optional ThreatEntryMetadata threat_entry_metadata = 4;
// The cache lifetime for the returned match. Clients must not cache this
// response for more than this duration to avoid false positives.
optional Duration cache_duration = 5;
}
// Request to check entries against lists.
message FindThreatMatchesRequest {
// The client metadata.
optional ClientInfo client = 1;
// The lists and entries to be checked for matches.
optional ThreatInfo threat_info = 2;
}
// Response type for requests to find threat matches.
message FindThreatMatchesResponse {
// The threat list matches.
repeated ThreatMatch matches = 1;
}
// Describes a Safe Browsing API update request. Clients can request updates for
// multiple lists in a single request.
message FetchThreatListUpdatesRequest {
// The client metadata.
optional ClientInfo client = 1;
// A single list update request.
message ListUpdateRequest {
// The type of threat posed by entries present in the list.
optional ThreatType threat_type = 1;
// The type of platform at risk by entries present in the list.
optional PlatformType platform_type = 2;
// The types of entries present in the list.
optional ThreatEntryType threat_entry_type = 5;
// The current state of the client for the requested list (the encrypted
// ClientState that was sent to the client from the previous update
// request).
optional bytes state = 3;
// The constraints for this update.
message Constraints {
// The maximum size in number of entries. The update will not contain more
// entries than this value. This should be a power of 2 between 2**10 and
// 2**20. If zero, no update size limit is set.
optional int32 max_update_entries = 1;
// Sets the maxmimum number of entries that the client is willing to have
// in the local database. This should be a power of 2 between 2**10 and
// 2**20. If zero, no database size limit is set.
optional int32 max_database_entries = 2;
// Requests the list for a specific geographic location. If not set the
// server may pick that value based on the user's IP address. Expects ISO
// 3166-1 alpha-2 format.
optional string region = 3;
// The compression types supported by the client.
repeated CompressionType supported_compressions = 4;
}
// The constraints associated with this request.
optional Constraints constraints = 4;
}
// The requested threat list updates.
repeated ListUpdateRequest list_update_requests = 3;
// Chrome-specific client information.
optional ChromeClientInfo chrome_client_info = 4;
}
// Response type for threat list update requests.
message FetchThreatListUpdatesResponse {
// An update to an individual list.
message ListUpdateResponse {
// The threat type for which data is returned.
optional ThreatType threat_type = 1;
// The format of the threats.
optional ThreatEntryType threat_entry_type = 2;
// The platform type for which data is returned.
optional PlatformType platform_type = 3;
// The type of response sent to the client.
enum ResponseType {
// Unknown.
RESPONSE_TYPE_UNSPECIFIED = 0;
// Partial updates are applied to the client's existing local database.
PARTIAL_UPDATE = 1;
// Full updates replace the client's entire local database. This means
// that either the client was seriously out-of-date or the client is
// believed to be corrupt.
FULL_UPDATE = 2;
}
// The type of response. This may indicate that an action is required by the
// client when the response is received.
optional ResponseType response_type = 4;
// A set of entries to add to a local threat type's list. Repeated to allow
// for a combination of compressed and raw data to be sent in a single
// response.
repeated ThreatEntrySet additions = 5;
// A set of entries to remove from a local threat type's list. In practice,
// this field is empty or contains exactly one ThreatEntrySet.
repeated ThreatEntrySet removals = 6;
// The new client state, in encrypted format. Opaque to clients.
optional bytes new_client_state = 7;
// The expected SHA256 hash of the client state; that is, of the sorted list
// of all hashes present in the database after applying the provided update.
// If the client state doesn't match the expected state, the client must
// disregard this update and retry later.
optional Checksum checksum = 8;
}
// The list updates requested by the clients.
repeated ListUpdateResponse list_update_responses = 1;
// The minimum duration the client must wait before issuing any update
// request. If this field is not set clients may update as soon as they want.
optional Duration minimum_wait_duration = 2;
}
// Request to return full hashes matched by the provided hash prefixes.
message FindFullHashesRequest {
// The client metadata.
optional ClientInfo client = 1;
// The current client states for each of the client's local threat lists.
repeated bytes client_states = 2;
// The lists and hashes to be checked.
optional ThreatInfo threat_info = 3;
}
// Response type for requests to find full hashes.
message FindFullHashesResponse {
// The full hashes that matched the requested prefixes.
repeated ThreatMatch matches = 1;
// The minimum duration the client must wait before issuing any find hashes
// request. If this field is not set, clients can issue a request as soon as
// they want.
optional Duration minimum_wait_duration = 2;
// For requested entities that did not match the threat list, how long to
// cache the response.
optional Duration negative_cache_duration = 3;
}
// A hit comprised of multiple resources; one is the threat list entry that was
// encountered by the client, while others give context as to how the client
// arrived at the unsafe entry.
message ThreatHit {
// The threat type reported.
optional ThreatType threat_type = 1;
// The platform type reported.
optional PlatformType platform_type = 2;
// The threat entry responsible for the hit. Full hash should be reported for
// hash-based hits.
optional ThreatEntry entry = 3;
// Types of resources reported by the client as part of a single hit.
enum ThreatSourceType {
// Unknown.
THREAT_SOURCE_TYPE_UNSPECIFIED = 0;
// The URL that matched the threat list (for which GetFullHash returned a
// valid hash).
MATCHING_URL = 1;
// The final top-level URL of the tab that the client was browsing when the
// match occurred.
TAB_URL = 2;
// A redirect URL that was fetched before hitting the final TAB_URL.
TAB_REDIRECT = 3;
}
// A single resource related to a threat hit.
message ThreatSource {
// The URL of the resource.
optional string url = 1;
// The type of source reported.
optional ThreatSourceType type = 2;
// The remote IP of the resource in ASCII format. Either IPv4 or IPv6.
optional string remote_ip = 3;
// Referrer of the resource. Only set if the referrer is available.
optional string referrer = 4;
}
// The resources related to the threat hit.
repeated ThreatSource resources = 4;
}
// Types of threats.
enum ThreatType {
// Unknown.
THREAT_TYPE_UNSPECIFIED = 0;
// Malware threat type.
MALWARE_THREAT = 1;
// Social engineering threat type.
SOCIAL_ENGINEERING_PUBLIC = 2;
// Unwanted software threat type.
UNWANTED_SOFTWARE = 3;
// Potentially harmful application threat type.
POTENTIALLY_HARMFUL_APPLICATION = 4;
// Social engineering threat type for internal use.
SOCIAL_ENGINEERING = 5;
// API abuse threat type.
API_ABUSE = 6;
// Malicious binary threat type.
MALICIOUS_BINARY = 7;
// Client side detection allowlist threat type.
CSD_ALLOWLIST = 8;
// Client side download detection allowlist threat type.
CSD_DOWNLOAD_ALLOWLIST = 9;
// Client incident threat type.
CLIENT_INCIDENT = 10;
// Patterns to be used for activating the subresource filter. Interstitial
// will not be shown for patterns from this list.
SUBRESOURCE_FILTER = 13;
// Entities that are suspected to present a threat.
SUSPICIOUS = 14;
// Billing threat list. The internal proto's enum name is different
BILLING = 15;
// Safe list to ship hashes of known safe URL expressions.
HIGH_CONFIDENCE_ALLOWLIST = 16;
// List of URLs that should show an accuracy tip.
// DEPRECATED: ACCURACY_TIPS = 17;
}
// Types of platforms.
enum PlatformType {
// Unknown platform.
PLATFORM_TYPE_UNSPECIFIED = 0;
// Threat posed to Windows.
WINDOWS_PLATFORM = 1;
// Threat posed to Linux.
LINUX_PLATFORM = 2;
// Threat posed to Android.
// This cannot be ANDROID because that symbol is defined for android builds
// here: build/config/android/BUILD.gn line21.
ANDROID_PLATFORM = 3;
// Threat posed to OSX.
OSX_PLATFORM = 4;
// Threat posed to iOS.
IOS_PLATFORM = 5;
// Threat posed to at least one of the defined platforms.
ANY_PLATFORM = 6;
// Threat posed to all defined platforms.
ALL_PLATFORMS = 7;
// Threat posed to Chrome.
CHROME_PLATFORM = 8;
}
// The client metadata associated with Safe Browsing API requests.
message ClientInfo {
// A client ID that (hopefully) uniquely identifies the client implementation
// of the Safe Browsing API.
optional string client_id = 1;
// The version of the client implementation.
optional string client_version = 2;
}
// The client metadata associated with Safe Browsing API requests specific to
// users of Chrome.
message ChromeClientInfo {
// Safe Browsing reporting populations in Chrome.
enum SafeBrowsingReportingPopulation {
// Unspecified reporting verbosity.
UNSPECIFIED = 0;
// Client is opted out of reporting.
OPT_OUT = 1;
// Legacy extended reporting population.
EXTENDED = 2;
// Scout reporting population.
SCOUT = 3;
// Enhanced safe browsing population.
ENHANCED_PROTECTION = 4;
}
// The reporting population of the user.
optional SafeBrowsingReportingPopulation reporting_population = 1;
}
// The expected state of a client's local database.
message Checksum {
// The SHA256 hash of the client state; that is, of the sorted list of all
// hashes present in the database.
optional bytes sha256 = 1;
}
// The ways in which threat entry sets can be compressed.
enum CompressionType {
// Unknown.
COMPRESSION_TYPE_UNSPECIFIED = 0;
// Raw, uncompressed data.
RAW = 1;
// Rice-Golomb encoded data.
RICE = 2;
}
// An individual threat; for example, a malicious URL or its hash
// representation. Only one of these fields should be set.
message ThreatEntry {
// A variable-length SHA256 hash with size between 4 and 32 bytes inclusive.
optional bytes hash = 1;
// A URL.
optional string url = 2;
}
// Types of entries that pose threats. Threat lists are collections of entries
// of a single type.
enum ThreatEntryType {
// Unspecified.
THREAT_ENTRY_TYPE_UNSPECIFIED = 0;
// A host-suffix/path-prefix URL expression; for example, "foo.bar.com/baz/".
URL = 1;
// An executable program.
EXECUTABLE = 2;
// An IP range.
IP_RANGE = 3;
// Chrome extension.
CHROME_EXTENSION = 4;
// Filename.
FILENAME = 5;
// CERT.
CERT = 6;
}
// A set of threats that should be added or removed from a client's local
// database.
message ThreatEntrySet {
// The compression type for the entries in this set.
optional CompressionType compression_type = 1;
// At most one of the following fields should be set.
// The raw SHA256-formatted entries.
optional RawHashes raw_hashes = 2;
// The raw removal indices for a local list.
optional RawIndices raw_indices = 3;
// The encoded 4-byte prefixes of SHA256-formatted entries, using a
// Golomb-Rice encoding.
optional RiceDeltaEncoding rice_hashes = 4;
// The encoded local, lexicographically-sorted list indices, using a
// Golomb-Rice encoding. Used for sending compressed removal indicies.
optional RiceDeltaEncoding rice_indices = 5;
}
// A set of raw indicies to remove from a local list.
message RawIndices {
// The indicies to remove from a lexicographically-sorted local list.
repeated int32 indices = 1;
}
// The uncompressed threat entries in hash format of a particular prefix length.
// Hashes can be anywhere from 4 to 32 bytes in size. A large majority are 4
// bytes, but some hashes are lengthened if they collide with the hash of a
// popular URL.
//
// Used for sending ThreatEntrySet to clients that do not support compression,
// or when sending non-4-byte hashes to clients that do support compression.
message RawHashes {
// The number of bytes for each prefix encoded below. This field can be
// anywhere from 4 (shortest prefix) to 32 (full SHA256 hash).
optional int32 prefix_size = 1;
// The hashes, all concatenated into one long string. Each hash has a prefix
// size of |prefix_size| above. Hashes are sorted in lexicographic order.
optional bytes raw_hashes = 2;
}
// The Rice-Golomb encoded data. Used for sending compressed 4-byte hashes or
// compressed removal indices.
message RiceDeltaEncoding {
// The offset of the first entry in the encoded data, or, if only a single
// integer was encoded, that single integer's value.
optional int64 first_value = 1;
// The Golomb-Rice parameter which is a number between 2 and 28. This field
// is missing (that is, zero) if num_entries is zero.
optional int32 rice_parameter = 2;
// The number of entries that are delta encoded in the encoded data. If only a
// single integer was encoded, this will be zero and the single value will be
// stored in first_value.
optional int32 num_entries = 3;
// The encoded deltas that are encoded using the Golomb-Rice coder.
optional bytes encoded_data = 4;
}
// The metadata associated with a specific threat entry. The client is expected
// to know the metadata key/value pairs associated with each threat type.
message ThreatEntryMetadata {
// A single metadata entry.
message MetadataEntry {
// The metadata entry key.
optional bytes key = 1;
// The metadata entry value.
optional bytes value = 2;
}
// The metadata entries.
repeated MetadataEntry entries = 1;
}
// Describes an individual threat list. A list is defined by three parameters:
// the type of threat posed, the type of platform targeted by the threat, and
// the type of entries in the list.
message ThreatListDescriptor {
// The threat type posed by the list's entries.
optional ThreatType threat_type = 1;
// The platform type targeted by the list's entries.
optional PlatformType platform_type = 2;
// The entry types contained in the list.
optional ThreatEntryType threat_entry_type = 3;
}
// A collection of lists available for download.
message ListThreatListsResponse {
// The lists available for download.
repeated ThreatListDescriptor threat_lists = 1;
}
message Duration {
// Signed seconds of the span of time. Must be from -315,576,000,000
// to +315,576,000,000 inclusive.
optional int64 seconds = 1;
// Signed fractions of a second at nanosecond resolution of the span
// of time. Durations less than one second are represented with a 0
// `seconds` field and a positive or negative `nanos` field. For durations
// of one second or more, a non-zero value for the `nanos` field must be
// of the same sign as the `seconds` field. Must be from -999,999,999
// to +999,999,999 inclusive.
optional int32 nanos = 2;
}