1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4// 5// This proto file includes: 6// (1) Client side phishing and malware detection request and response 7// protocol buffers. Those protocol messages should be kept in sync 8// with the server implementation. 9// 10// (2) Safe Browsing reporting protocol buffers. 11// A ClientSafeBrowsingReportRequest is sent when a user opts-in to 12// sending detailed threat reports from the safe browsing interstitial page. 13// It is a list of Resource messages, which may contain the url of a 14// resource such as the page in the address bar or any other resource 15// that was loaded for this page. 16// In addition to the url, a resource can contain HTTP request and response 17// headers and bodies. 18// 19// If you want to change this protocol definition or you have questions 20// regarding its format please contact chrome-anti-phishing@googlegroups.com. 21 22syntax = "proto2"; 23 24option optimize_for = LITE_RUNTIME; 25 26package safe_browsing; 27 28// Protocol buffer describing the Chrome user population of the user reporting 29// data. 30message ChromeUserPopulation { 31 enum UserPopulation { 32 UNKNOWN_USER_POPULATION = 0; 33 SAFE_BROWSING = 1; 34 EXTENDED_REPORTING = 2; 35 } 36 optional UserPopulation user_population = 1; 37 38 // If user enabled history sync. 39 optional bool is_history_sync_enabled = 2; 40 41 // The finch active groups this user belongs to (if any). Active group is 42 // defined by finch trial name and group name. Trial name and group name are 43 // concatenated with separator "|", e.g. "PingOnlyTrial|DefaultGroup". 44 repeated string finch_active_groups = 4; 45} 46 47message ClientPhishingRequest { 48 // URL that the client visited. The CGI parameters are stripped by the 49 // client. 50 optional string url = 1; 51 52 // A 5-byte SHA-256 hash prefix of the URL. Before hashing the URL is 53 // canonicalized, converted to a suffix-prefix expression and broadened 54 // (www prefix is removed and everything past the last '/' is stripped). 55 // 56 // Marked OBSOLETE because the URL is sent for all users, making the hash 57 // prefix unnecessary. 58 optional bytes OBSOLETE_hash_prefix = 10; 59 60 // Score that was computed on the client. Value is between 0.0 and 1.0. 61 // The larger the value the more likely the url is phishing. 62 required float client_score = 2; 63 64 // Note: we're skipping tag 3 because it was previously used. 65 66 // Is true if the features for this URL were classified as phishing. 67 // Currently, this will always be true for all client-phishing requests 68 // that are sent to the server. 69 optional bool is_phishing = 4; 70 71 message Feature { 72 // Feature name. E.g., 'PageHasForms'. 73 required string name = 1; 74 75 // Feature value is always in the range [0.0, 1.0]. Boolean features 76 // have value 1.0. 77 required double value = 2; 78 } 79 80 // List of features that were extracted. Those are the features that were 81 // sent to the scorer and which resulted in client_score being computed. 82 repeated Feature feature_map = 5; 83 84 // The version number of the model that was used to compute the client-score. 85 // Copied from ClientSideModel.version(). 86 optional int32 model_version = 6; 87 88 // Field 7 is only used on the server. 89 90 // List of features that are extracted in the client but are not used in the 91 // machine learning model. 92 repeated Feature non_model_feature_map = 8; 93 94 // The referrer URL. This field might not be set, for example, in the case 95 // where the referrer uses HTTPs. 96 // OBSOLETE: Use feature 'Referrer=<referrer>' instead. 97 optional string OBSOLETE_referrer_url = 9; 98 99 // Field 11 is only used on the server. 100 101 // List of shingle hashes we extracted. 102 repeated uint32 shingle_hashes = 12 [packed = true]; 103 104 // The model filename (basename) that was used by the client. 105 optional string model_filename = 13; 106 107 // Population that the reporting user is part of. 108 optional ChromeUserPopulation population = 14; 109} 110 111message ClientPhishingResponse { 112 required bool phishy = 1; 113 114 // A list of SafeBrowsing host-suffix / path-prefix expressions that 115 // are whitelisted. The client must match the current top-level URL 116 // against these whitelisted expressions and only apply a positive 117 // phishing verdict above if the URL does not match any expression 118 // on this whitelist. The client must not cache these whitelisted 119 // expressions. This whitelist will be empty for the vast majority 120 // of the responses but might contain up to 100 entries in emergency 121 // situations. 122 // 123 // Marked OBSOLETE because the URL is sent for all users, so the server 124 // can do whitelist matching. 125 repeated string OBSOLETE_whitelist_expression = 2; 126} 127 128message ClientMalwareRequest { 129 // URL that the client visited. The CGI parameters are stripped by the 130 // client. 131 required string url = 1; 132 133 // Field 2 is deleted and no longer in use. 134 135 // Field 3 is only used on the server. 136 137 // The referrer URL. This field might not be set, for example, in the case 138 // where the referrer uses HTTPS. 139 optional string referrer_url = 4; 140 141 // Field 5 and 6 are only used on the server. 142 143 message UrlInfo { 144 required string ip = 1; 145 required string url = 2; 146 optional string method = 3; 147 optional string referrer = 4; 148 // Resource type, the int value is a direct cast from the Type enum 149 // of ResourceType class defined in //src/webkit/commom/resource_type.h 150 optional int32 resource_type = 5; 151 } 152 153 // List of resource urls that match the malware IP list. 154 repeated UrlInfo bad_ip_url_info = 7; 155 156 // Population that the reporting user is part of. 157 optional ChromeUserPopulation population = 9; 158} 159 160// The message is used for client request to determine whether the provided URL 161// is safe for the purposes of entering user credentials for logging in. 162message LoginReputationClientRequest { 163 // The top level frame URL of the webpage that hosts the login form. 164 optional string page_url = 1; 165 166 // Type for the request. 167 // It could be low reputation request or password reuse request. 168 enum TriggerType { 169 TRIGGER_TYPE_UNSPECIFIED = 0; 170 UNFAMILIAR_LOGIN_PAGE = 1; 171 PASSWORD_REUSE_EVENT = 2; 172 } 173 optional TriggerType trigger_type = 2; 174 175 // The message contains features which can describe a frame. A frame can be 176 // a top level web page or an iframe. 177 message Frame { 178 // Id of a frame. The frame whose index = 0 is the top level web page. 179 optional int32 frame_index = 1; 180 181 // Id of the parent frame. 182 optional int32 parent_frame_index = 2; 183 184 // Url of the frame. If could be top level url (from web page) or url of 185 // the iframe. 186 optional string url = 3; 187 188 // Whether the frame contains password field. 189 optional bool has_password_field = 4; 190 191 // URLs transitions in reverse chronological order, i.e. the top level url 192 // or the url of the iframe comes first in the list. 193 repeated ReferrerChainEntry referrer_chain = 5; 194 195 // The message contains features of a form. 196 message Form { 197 // Action url of the form. 198 optional string action_url = 1; 199 200 // Whether the form contains password field. 201 optional bool has_password_field = 2; 202 } 203 204 repeated Form forms = 6; 205 } 206 207 repeated Frame frames = 3; 208 209 // The message contains fields needed for a password reuse event. 210 // Next tag: 4 211 message PasswordReuseEvent { 212 // Domains from the Chrome password manager DB that are associated with 213 // the same password as the one triggering this event. The field is filled 214 // in only when TriggerType is PASSWORD_REUSE_EVENT, and only for users 215 // opted in to extended reporting. 216 repeated string domains_matching_password = 1; 217 218 // The frame that the password reuse is detected. 219 optional int32 frame_id = 2; 220 221 // Whether the reused password is used for Chrome signin. 222 optional bool is_chrome_signin_password = 3; 223 224 // Sync account type. Only set if |is_chrome_signin_password| is true. 225 enum SyncAccountType { 226 // Not a sign-in user. 227 NOT_SIGNED_IN = 0; 228 229 // User signed in with @gmail.com, or @googlemail.com account. 230 GMAIL = 1; 231 232 // User signed in with a G Suite account. 233 GSUITE = 2; 234 } 235 optional SyncAccountType sync_account_type = 4; 236 } 237 238 optional PasswordReuseEvent password_reuse_event = 4; 239 240 // The number of verdicts stored on the client. 241 optional int32 stored_verdict_cnt = 5; 242 243 // Chrome user population. 244 optional ChromeUserPopulation population = 6; 245 246 // If user clicked through safe browsing interstitial on this page. 247 optional bool clicked_through_interstitial = 7; 248} 249 250// The message is used for client response for login reputation requests. 251message LoginReputationClientResponse { 252 // Type of verdicts issued by the server. 253 enum VerdictType { 254 VERDICT_TYPE_UNSPECIFIED = 0; 255 // No warning will be displayed. 256 SAFE = 1; 257 // The site has low reputation or low popularity. 258 LOW_REPUTATION = 2; 259 // The url matches with blacklist entries. 260 PHISHING = 3; 261 } 262 optional VerdictType verdict_type = 1; 263 264 // TTL of the verdict in seconds. 265 optional int64 cache_duration_sec = 2; 266 267 // A host-suffix/path-prefix expression which defines a collections of pages 268 // with common ownership from the same domain. 269 // Generally, the pattern is defined on the granularity of domains. 270 // For domains managed by multiple parties, especially in the case of large 271 // hosting sites (e.g., geocities.com), we further divide the domains. 272 // 273 // Examples: 274 // www.google.com/foo/bar?param=val -> google.com 275 // www.geocities.com/foo/bar.html -> geocities.com/foo 276 // adwords.blogspot.com/index.html -> adwords.blogspot.com 277 // 278 // The pattern will always match the page_url of the request, and will be 279 // a substring of page_url. 280 optional string cache_expression = 3; 281 282 // Deprecated. 283 optional bool DEPRECATED_cache_expression_exact_match = 4 [deprecated = true]; 284 285 // A token unique to each request which correlates response and post-warning 286 // actions. 287 optional bytes verdict_token = 5; 288} 289 290message ClientMalwareResponse { 291 required bool blacklist = 1; 292 // The confirmed blacklisted bad IP and its url, which will be shown in 293 // malware warning, if the blacklist verdict is true. 294 // This IP string could be either in IPv4 or IPv6 format, which is the same 295 // as the ones client sent to server. 296 optional string bad_ip = 2; 297 optional string bad_url = 3; 298} 299 300message ClientDownloadRequest { 301 // The final URL of the download (after all redirects). 302 required string url = 1; 303 304 // This message contains various binary digests of the download payload. 305 message Digests { 306 optional bytes sha256 = 1; 307 optional bytes sha1 = 2; 308 optional bytes md5 = 3; 309 } 310 required Digests digests = 2; 311 312 // This is the length in bytes of the download payload. 313 required int64 length = 3; 314 315 // Type of the resources stored below. 316 enum ResourceType { 317 // The final URL of the download payload. The resource URL should 318 // correspond to the URL field above. 319 DOWNLOAD_URL = 0; 320 // A redirect URL that was fetched before hitting the final DOWNLOAD_URL. 321 DOWNLOAD_REDIRECT = 1; 322 // The final top-level URL of the tab that triggered the download. 323 TAB_URL = 2; 324 // A redirect URL thas was fetched before hitting the final TAB_URL. 325 TAB_REDIRECT = 3; 326 // The document URL for a PPAPI plugin instance that initiated the download. 327 // This is the document.url for the container element for the plugin 328 // instance. 329 PPAPI_DOCUMENT = 4; 330 // The plugin URL for a PPAPI plugin instance that initiated the download. 331 PPAPI_PLUGIN = 5; 332 } 333 334 message Resource { 335 required string url = 1; 336 required ResourceType type = 2; 337 optional bytes remote_ip = 3; 338 // This will only be set if the referrer is available and if the 339 // resource type is either TAB_URL or DOWNLOAD_URL. 340 optional string referrer = 4; 341 342 // TODO(noelutz): add the transition type? 343 } 344 345 // This repeated field will store all the redirects as well as the 346 // final URLs for the top-level tab URL (i.e., the URL that 347 // triggered the download) as well as for the download URL itself. 348 repeated Resource resources = 4; 349 350 // A trust chain of certificates. Each chain begins with the signing 351 // certificate of the binary, and ends with a self-signed certificate, 352 // typically from a trusted root CA. This structure is analogous to 353 // CERT_CHAIN_CONTEXT on Windows. 354 message CertificateChain { 355 // A single link in the chain. 356 message Element { 357 // DER-encoded X.509 representation of the certificate. 358 optional bytes certificate = 1; 359 // Fields 2 - 7 are only used on the server. 360 } 361 repeated Element element = 1; 362 } 363 364 // This is an OS X only message to report extended attribute informations. 365 // Extended attributes on OS X are used for various security mechanisms, 366 // which makes them interesting to Chrome. 367 message ExtendedAttr { 368 // This is the name of the extended attribute. 369 required string key = 1; 370 // This is the value of the extended attribute. 371 optional bytes value = 2; 372 } 373 374 message SignatureInfo { 375 // All certificate chains for each of the binary's signers. Multiple chains 376 // may be present if the binary or any certificate has multiple signers. 377 // Absence of certificate chains does not imply that the binary is not 378 // signed (in that case, SignedData blobs extracted from the binary may be 379 // preset), but does mean that trust has not been verified. 380 repeated CertificateChain certificate_chain = 1; 381 382 // True if the signature was trusted on the client. 383 optional bool trusted = 2; 384 385 // On Windows, PKCS#7 SignedData blobs extracted from a portable executable 386 // image's attribute certificate table. The presence of these does not imply 387 // that the signatures were deemed trusted by the client. 388 // On Mac, this is the code signature blob referenced by the 389 // LC_CODE_SIGNATURE load command. 390 repeated bytes signed_data = 3; 391 392 // On OS X, code signing data can be contained in the extended attributes of 393 // a file. As Gatekeeper respects this signature, we look for it and collect 394 // it. 395 repeated ExtendedAttr xattr = 4; 396 } 397 398 // This field will only be set if the binary is signed. 399 optional SignatureInfo signature = 5; 400 401 // True if the download was user initiated. 402 optional bool user_initiated = 6; 403 404 // Fields 7 and 8 are only used on the server. 405 406 // Name of the file where the download would be stored if the 407 // download completes. E.g., "bla.exe". 408 optional string file_basename = 9; 409 410 // Starting with Chrome M19 we're also sending back pings for Chrome 411 // extensions that get downloaded by users. 412 enum DownloadType { 413 WIN_EXECUTABLE = 0; // Currently all .exe, .cab and .msi files. 414 CHROME_EXTENSION = 1; // .crx files. 415 ANDROID_APK = 2; // .apk files. 416 // .zip files containing one of the other executable types. 417 ZIPPED_EXECUTABLE = 3; 418 MAC_EXECUTABLE = 4; // .dmg, .pkg, etc. 419 ZIPPED_ARCHIVE = 5; // .zip file containing another archive. 420 ARCHIVE = 6; // Archive that doesn't have a specific DownloadType. 421 // A .zip that Chrome failed to unpack to the point of finding exe/zips. 422 INVALID_ZIP = 7; 423 // A .dmg, .pkg, etc, that Chrome failed to unpack to the point of finding 424 // Mach O's. 425 INVALID_MAC_ARCHIVE = 8; 426 // A download request initiated via PPAPI. Typically the requestor is 427 // a Flash applet. 428 PPAPI_SAVE_REQUEST = 9; 429 // A file we don't support, but we've decided to sample and send 430 // a light-ping. 431 SAMPLED_UNSUPPORTED_FILE = 10; 432 } 433 optional DownloadType download_type = 10 [default = WIN_EXECUTABLE]; 434 435 // Locale of the device, eg en, en_US. 436 optional string locale = 11; 437 438 message PEImageHeaders { 439 // IMAGE_DOS_HEADER. 440 optional bytes dos_header = 1; 441 // IMAGE_FILE_HEADER. 442 optional bytes file_header = 2; 443 // IMAGE_OPTIONAL_HEADER32. Present only for 32-bit PE images. 444 optional bytes optional_headers32 = 3; 445 // IMAGE_OPTIONAL_HEADER64. Present only for 64-bit PE images. 446 optional bytes optional_headers64 = 4; 447 // IMAGE_SECTION_HEADER. 448 repeated bytes section_header = 5; 449 // Contents of the .edata section. 450 optional bytes export_section_data = 6; 451 452 message DebugData { 453 // IMAGE_DEBUG_DIRECTORY. 454 optional bytes directory_entry = 1; 455 optional bytes raw_data = 2; 456 } 457 458 repeated DebugData debug_data = 7; 459 } 460 461 message MachOHeaders { 462 // The mach_header or mach_header_64 struct. 463 required bytes mach_header = 1; 464 465 message LoadCommand { 466 // |command_id| is the first uint32 of |command| as well, but is 467 // extracted for easier processing. 468 required uint32 command_id = 1; 469 // The entire data stream of the load command. 470 required bytes command = 2; 471 } 472 473 // All the load commands of the Mach-O file. 474 repeated LoadCommand load_commands = 2; 475 } 476 477 message ImageHeaders { 478 // Windows Portable Executable image headers. 479 optional PEImageHeaders pe_headers = 1; 480 481 // OS X Mach-O image headers. 482 repeated MachOHeaders mach_o_headers = 2; 483 }; 484 485 // Fields 12-17 are reserved for server-side use and are never sent by the 486 // client. 487 488 optional ImageHeaders image_headers = 18; 489 490 // Fields 19-21 are reserved for server-side use and are never sent by the 491 // client. 492 493 // A binary or archive contained in an archive (e.g., a .exe in a .zip 494 // archive, or a .zip inside a .zip). 495 message ArchivedBinary { 496 optional string file_basename = 1; 497 optional DownloadType download_type = 2; 498 optional Digests digests = 3; 499 optional int64 length = 4; 500 optional SignatureInfo signature = 5; 501 optional ImageHeaders image_headers = 6; 502 } 503 504 repeated ArchivedBinary archived_binary = 22; 505 506 // Population that the reporting user is part of. 507 optional ChromeUserPopulation population = 24; 508 509 // True if the .zip or DMG, etc, was 100% successfully unpacked. 510 optional bool archive_valid = 26; 511 512 // True if this ClientDownloadRequest is from a whitelisted domain. 513 optional bool skipped_url_whitelist = 28; 514 515 // True if this ClientDownloadRequest contains a whitelisted certificate. 516 optional bool skipped_certificate_whitelist = 31; 517 518 // PPAPI_SAVE_REQUEST type messages may have more than one suggested filetype. 519 // Each element in this collection indicates an alternate extension including 520 // the leading extension separator. 521 repeated string alternate_extensions = 35; 522 523 // URLs transitions from landing referrer to download in reverse chronological 524 // order, i.e. download url comes first in this list, and landing referrer 525 // comes last. 526 repeated ReferrerChainEntry referrer_chain = 36; 527 528 // Deprecated. 529 optional bool DEPRECATED_download_attribution_finch_enabled = 39 530 [deprecated = true]; 531 532 // The Mac disk image code signature. 533 // The underlying structure of code signature is defined at 534 // https://opensource.apple.com/source/xnu/xnu-2782.1.97/bsd/sys/codesign.h 535 optional bytes udif_code_signature = 40; 536} 537 538// Please update SafeBrowsingNavigationObserverManager::SanitizeReferrerChain() 539// if you're adding more fields to this message. 540message ReferrerChainEntry { 541 enum URLType { 542 // URL of safe browsing events that are at the end of the referrer chain. 543 // e.g. URL of a download, URL of a low reputation login page, etc. 544 EVENT_URL = 1; // e.g. 545 546 // Landing page is the page user directly interacts with to trigger the 547 // above event, e.g. the page where user clicks a download button. 548 LANDING_PAGE = 2; 549 550 // Landing referrer is the one user directly interacts with right before 551 // navigating to the landing page. 552 LANDING_REFERRER = 3; 553 554 // Client redirect refers to committed navigation between landing page and 555 // the targeted event, or between landing referrer page and landing page. 556 // Client redirect is not triggered by user gesture. 557 CLIENT_REDIRECT = 4; 558 559 DEPRECATED_SERVER_REDIRECT = 5; // Deprecated 560 } 561 562 message ServerRedirect { 563 // [required] server redirect url 564 optional string url = 1; 565 566 // Additional fields for future expansion. 567 } 568 569 // [required] The url of this Entry. 570 optional string url = 1; 571 572 // Only set if it is different from |url|. 573 optional string main_frame_url = 9; 574 575 // Type of URLs, such as event url, landing page, etc. 576 optional URLType type = 2 [default = CLIENT_REDIRECT]; 577 578 // IP addresses corresponding to this host. 579 repeated string ip_addresses = 3; 580 581 // Referrer url of this entry. 582 optional string referrer_url = 4; 583 584 // Main frame URL of referrer. 585 // Only set if it is different from |referrer_url|. 586 optional string referrer_main_frame_url = 5; 587 588 // If this URL loads in a different tab/frame from previous one. 589 optional bool is_retargeting = 6; 590 591 optional double navigation_time_msec = 7; 592 593 // Set only if server redirects happened in navigation. 594 // The first entry in |server_redirect_chain| should be the original request 595 // url, and the last entry should be the same as |url|. 596 repeated ServerRedirect server_redirect_chain = 8; 597} // End of ReferrerChainEntry 598 599message ClientDownloadResponse { 600 enum Verdict { 601 // Download is considered safe. 602 SAFE = 0; 603 // Download is considered dangerous. Chrome should show a warning to the 604 // user. 605 DANGEROUS = 1; 606 // Download is uncommon. Chrome should display a less severe warning. 607 UNCOMMON = 2; 608 // The download is potentially unwanted. 609 POTENTIALLY_UNWANTED = 3; 610 // The download is from a dangerous host. 611 DANGEROUS_HOST = 4; 612 // The backend doesn't have confidence in its verdict of this file. 613 // Chrome should show the default warning if configured for this file type. 614 UNKNOWN = 5; 615 } 616 optional Verdict verdict = 1 [default = SAFE]; 617 618 message MoreInfo { 619 // A human-readable string describing the nature of the warning. 620 // Only if verdict != SAFE. Localized based on request.locale. 621 optional string description = 1; 622 623 // A URL to get more information about this warning, if available. 624 optional string url = 2; 625 } 626 optional MoreInfo more_info = 2; 627 628 // An arbitrary token that should be sent along for further server requests. 629 optional bytes token = 3; 630 631 // Whether the server requests that this binary be uploaded. 632 optional bool upload = 5; 633} 634 635// The following protocol buffer holds the feedback report gathered 636// from the user regarding the download. 637message ClientDownloadReport { 638 // The information of user who provided the feedback. 639 // This is going to be useful for handling appeals. 640 message UserInformation { optional string email = 1; } 641 642 enum Reason { 643 SHARE = 0; 644 FALSE_POSITIVE = 1; 645 APPEAL = 2; 646 } 647 648 // The type of feedback for this report. 649 optional Reason reason = 1; 650 651 // The original download ping 652 optional ClientDownloadRequest download_request = 2; 653 654 // Stores the information of the user who provided the feedback. 655 optional UserInformation user_information = 3; 656 657 // Unstructed comments provided by the user. 658 optional bytes comment = 4; 659 660 // The original download response sent from the verdict server. 661 optional ClientDownloadResponse download_response = 5; 662} 663 664// This is used to send back upload status to the client after upload completion 665message ClientUploadResponse { 666 enum UploadStatus { 667 // The upload was successful and a complete response can be expected 668 SUCCESS = 0; 669 670 // The upload was unsuccessful and the response is incomplete. 671 UPLOAD_FAILURE = 1; 672 } 673 674 // Holds the upload status 675 optional UploadStatus status = 1; 676 677 // Holds the permalink where the results of scanning the binary are available 678 optional string permalink = 2; 679} 680 681message ClientIncidentReport { 682 message IncidentData { 683 message TrackedPreferenceIncident { 684 enum ValueState { 685 UNKNOWN = 0; 686 CLEARED = 1; 687 WEAK_LEGACY_OBSOLETE = 2; 688 CHANGED = 3; 689 UNTRUSTED_UNKNOWN_VALUE = 4; 690 BYPASS_CLEARED = 5; 691 BYPASS_CHANGED = 6; 692 } 693 694 optional string path = 1; 695 optional string atomic_value = 2; 696 repeated string split_key = 3; 697 optional ValueState value_state = 4; 698 } 699 700 message BinaryIntegrityIncident { 701 optional string file_basename = 1; 702 optional ClientDownloadRequest.SignatureInfo signature = 2; 703 optional ClientDownloadRequest.ImageHeaders image_headers = 3; 704 optional int32 sec_error = 4; 705 706 message ContainedFile { 707 optional string relative_path = 1; 708 optional ClientDownloadRequest.SignatureInfo signature = 2; 709 optional ClientDownloadRequest.ImageHeaders image_headers = 3; 710 } 711 repeated ContainedFile contained_file = 5; 712 } 713 714 message ResourceRequestIncident { 715 enum Type { 716 UNKNOWN = 0; 717 TYPE_PATTERN = 3; 718 } 719 optional bytes digest = 1; 720 optional string origin = 2; 721 optional Type type = 3 [default = UNKNOWN]; 722 } 723 724 optional int64 incident_time_msec = 1; 725 optional TrackedPreferenceIncident tracked_preference = 2; 726 optional BinaryIntegrityIncident binary_integrity = 3; 727 // Note: skip tag 4,5,6 because they were previously used. 728 reserved 4 to 6; 729 optional ResourceRequestIncident resource_request = 7; 730 // Note: skip tag 8 because it was previously used. 731 reserved 8; 732 } 733 734 repeated IncidentData incident = 1; 735 736 message DownloadDetails { 737 optional bytes token = 1; 738 optional ClientDownloadRequest download = 2; 739 optional int64 download_time_msec = 3; 740 optional int64 open_time_msec = 4; 741 } 742 743 optional DownloadDetails download = 2; 744 745 message EnvironmentData { 746 message OS { 747 optional string os_name = 1; 748 optional string os_version = 2; 749 750 message RegistryValue { 751 optional string name = 1; 752 optional uint32 type = 2; 753 optional bytes data = 3; 754 } 755 756 message RegistryKey { 757 optional string name = 1; 758 repeated RegistryValue value = 2; 759 repeated RegistryKey key = 3; 760 } 761 762 repeated RegistryKey registry_key = 3; 763 764 optional bool is_enrolled_to_domain = 4; 765 } 766 optional OS os = 1; 767 message Machine { 768 optional string cpu_architecture = 1; 769 optional string cpu_vendor = 2; 770 optional uint32 cpuid = 3; 771 } 772 optional Machine machine = 2; 773 message Process { 774 optional string version = 1; 775 repeated string OBSOLETE_dlls = 2; 776 message Patch { 777 optional string function = 1; 778 optional string target_dll = 2; 779 } 780 repeated Patch patches = 3; 781 message NetworkProvider {} 782 repeated NetworkProvider network_providers = 4; 783 enum Channel { 784 CHANNEL_UNKNOWN = 0; 785 CHANNEL_CANARY = 1; 786 CHANNEL_DEV = 2; 787 CHANNEL_BETA = 3; 788 CHANNEL_STABLE = 4; 789 } 790 optional Channel chrome_update_channel = 5; 791 optional int64 uptime_msec = 6; 792 optional bool metrics_consent = 7; 793 // Obsolete: extended consent is now required for incident reporting. 794 optional bool OBSOLETE_extended_consent = 8; 795 message Dll { 796 enum Feature { 797 UNKNOWN = 0; 798 LSP = 1; 799 } 800 optional string path = 1; 801 optional uint64 base_address = 2; 802 optional uint32 length = 3; 803 repeated Feature feature = 4; 804 optional ClientDownloadRequest.ImageHeaders image_headers = 5; 805 } 806 repeated Dll dll = 9; 807 repeated string blacklisted_dll = 10; 808 message ModuleState { 809 enum ModifiedState { 810 UNKNOWN = 0; 811 MODULE_STATE_UNKNOWN = 1; 812 MODULE_STATE_UNMODIFIED = 2; 813 MODULE_STATE_MODIFIED = 3; 814 } 815 optional string name = 1; 816 optional ModifiedState modified_state = 2; 817 repeated string OBSOLETE_modified_export = 3; 818 819 message Modification { 820 optional uint32 file_offset = 1; 821 optional int32 byte_count = 2; 822 optional bytes modified_bytes = 3; 823 optional string export_name = 4; 824 } 825 repeated Modification modification = 4; 826 } 827 repeated ModuleState module_state = 11; 828 // Obsolete: field trials no longer enable incident reporting. 829 optional bool OBSOLETE_field_trial_participant = 12; 830 } 831 optional Process process = 3; 832 } 833 834 message ExtensionData { 835 message ExtensionInfo { 836 enum ExtensionState { 837 STATE_UNKNOWN = 0; 838 STATE_ENABLED = 1; 839 STATE_DISABLED = 2; 840 STATE_BLACKLISTED = 3; 841 STATE_BLOCKED = 4; 842 STATE_TERMINATED = 5; 843 } 844 845 optional string id = 1; 846 optional string version = 2; 847 optional string name = 3; 848 optional string description = 4; 849 optional ExtensionState state = 5 [default = STATE_UNKNOWN]; 850 optional int32 type = 6; 851 optional string update_url = 7; 852 optional bool has_signature_validation = 8; 853 optional bool signature_is_valid = 9; 854 optional bool installed_by_custodian = 10; 855 optional bool installed_by_default = 11; 856 optional bool installed_by_oem = 12; 857 optional bool from_bookmark = 13; 858 optional bool from_webstore = 14; 859 optional bool converted_from_user_script = 15; 860 optional bool may_be_untrusted = 16; 861 optional int64 install_time_msec = 17; 862 optional int32 manifest_location_type = 18; 863 optional string manifest = 19; 864 } 865 866 optional ExtensionInfo last_installed_extension = 1; 867 } 868 869 optional EnvironmentData environment = 3; 870 871 // Population that the reporting user is part of. 872 optional ChromeUserPopulation population = 7; 873 874 optional ExtensionData extension_data = 8; 875 876 message NonBinaryDownloadDetails { 877 optional string file_type = 1; 878 optional bytes url_spec_sha256 = 2; 879 optional string host = 3; 880 optional int64 length = 4; 881 } 882 883 optional NonBinaryDownloadDetails non_binary_download = 9; 884} 885 886message ClientIncidentResponse { 887 optional bytes token = 1; 888 optional bool download_requested = 2; 889 890 message EnvironmentRequest { optional int32 dll_index = 1; } 891 892 repeated EnvironmentRequest environment_requests = 3; 893} 894 895message DownloadMetadata { 896 optional uint32 download_id = 1; 897 898 optional ClientIncidentReport.DownloadDetails download = 2; 899} 900 901// A Detailed Safebrowsing Report from clients. Chrome safebrowsing reports are 902// only sent by Chrome users who have opted into extended Safe Browsing. 903// This proto is replacing ClientMalwareReportRequest. 904// Next tag: 19 905message ClientSafeBrowsingReportRequest { 906 // Note: A lot of the "optional" fields would make sense to be 907 // "required" instead. However, having them as optional allows the 908 // clients to send "stripped down" versions of the message in the 909 // future, if we want to. 910 911 enum ReportType { 912 UNKNOWN = 0; 913 URL_PHISHING = 1; 914 URL_MALWARE = 2; 915 URL_UNWANTED = 3; 916 URL_CLIENT_SIDE_PHISHING = 4; 917 URL_CLIENT_SIDE_MALWARE = 5; 918 DANGEROUS_DOWNLOAD_RECOVERY = 6; 919 DANGEROUS_DOWNLOAD_WARNING = 7; 920 DANGEROUS_DOWNLOAD_BY_API = 10; 921 URL_PASSWORD_PROTECTION_PHISHING = 12; 922 DANGEROUS_DOWNLOAD_OPENED = 13; 923 AD_SAMPLE = 14; 924 } 925 926 message HTTPHeader { 927 required bytes name = 1; 928 optional bytes value = 2; 929 } 930 931 message HTTPRequest { 932 message FirstLine { 933 optional bytes verb = 1; 934 optional bytes uri = 2; 935 optional bytes version = 3; 936 } 937 938 optional FirstLine firstline = 1; 939 repeated HTTPHeader headers = 2; 940 optional bytes body = 3; 941 942 // bodydigest and bodylength can be useful if the report does not 943 // contain the body itself. 944 optional bytes bodydigest = 4; // 32-byte hex md5 digest of body. 945 optional int32 bodylength = 5; // length of body. 946 } 947 948 message HTTPResponse { 949 message FirstLine { 950 optional int32 code = 1; 951 optional bytes message = 2; 952 optional bytes version = 3; 953 } 954 955 optional FirstLine firstline = 1; 956 repeated HTTPHeader headers = 2; 957 optional bytes body = 3; 958 optional bytes bodydigest = 4; // 32-byte hex md5 digest of body. 959 optional int32 bodylength = 5; // length of body. 960 optional bytes remote_ip = 6; // IP of the server. 961 } 962 963 message Resource { 964 required int32 id = 1; 965 optional string url = 2; 966 optional HTTPRequest request = 3; 967 optional HTTPResponse response = 4; 968 optional int32 parent_id = 5; 969 repeated int32 child_ids = 6; 970 optional string tag_name = 7; 971 } 972 973 optional ReportType type = 10; 974 975 // Only set if ReportType is DANGEROUS_DOWNLOAD_RECOVERY, 976 // DANGEROUS_DOWNLOAD_WARNING or DANGEROUS_DOWNLOAD_BY_API. 977 optional ClientDownloadResponse.Verdict download_verdict = 11; 978 979 // URL of the page in the address bar. 980 optional string url = 1; 981 optional string page_url = 2; 982 optional string referrer_url = 3; 983 984 repeated Resource resources = 4; 985 986 // Contains the hierarchy of elements on the page (ie: the DOM). Some 987 // elements can be Resources and will refer to the resources list (above). 988 repeated HTMLElement dom = 16; 989 990 // Whether the report is complete. 991 optional bool complete = 5; 992 993 // The ASN and country of the client IP. These fields are filled up by 994 // csd_frontend 995 repeated string client_asn = 6; 996 optional string client_country = 7; 997 998 // Whether user chose to proceed. 999 optional bool did_proceed = 8; 1000 1001 // Whether user visited this origin before. 1002 optional bool repeat_visit = 9; 1003 1004 // The same token in ClientDownloadResponse or LoginReputationClientResponse. 1005 // This field is only set if its report type is DANGEROUS_DOWNLOAD_RECOVERY, 1006 // DANGEROUS_DOWNLOAD_WARNING, DANGEROUS_DOWNLOAD_BY_API, 1007 // URL_PASSWORD_PROTECTION_PHISHING, or DANGEROUS_DOWNLOAD_OPENED. 1008 optional bytes token = 15; 1009 1010 enum SafeBrowsingUrlApiType { 1011 SAFE_BROWSING_URL_API_TYPE_UNSPECIFIED = 0; 1012 // Native implementation of Safe Browsing API v3 protocol. 1013 PVER3_NATIVE = 1; 1014 // Native implementation of Safe Browsing API v4 protocol. 1015 PVER4_NATIVE = 2; 1016 // Android SafetyNet API. 1017 // https://developer.android.com/training/safetynet/safebrowsing.html 1018 ANDROID_SAFETYNET = 3; 1019 // Flywheel (data compression service). 1020 FLYWHEEL = 4; 1021 } 1022 1023 // The information propagated from the client about various environment 1024 // variables including SDK version, Google Play Services version and so on. 1025 message SafeBrowsingClientProperties { 1026 optional string client_version = 1; 1027 optional int64 google_play_services_version = 2; 1028 optional bool is_instant_apps = 3; 1029 optional SafeBrowsingUrlApiType url_api_type = 4; 1030 } 1031 optional SafeBrowsingClientProperties client_properties = 17; 1032 1033 // Only set if report type is DANGEROUS_DOWNLOAD_EXECUTION. 1034 // True means user opened the folder where this download is in via browser. 1035 // False means user directly executed this download via download shelf or 1036 // other download UIs. 1037 optional bool show_download_in_folder = 18; 1038} 1039 1040// An HTML Element on the page (eg: iframe, div, script, etc). 1041message HTMLElement { 1042 // Id of this element. 1043 optional int32 id = 1; 1044 1045 // The tag type of this element (eg: iframe, div, script, etc). 1046 optional string tag = 2; 1047 1048 // IDs of elements that are children of this element. 1049 repeated int32 child_ids = 3; 1050 1051 // If this element represents a Resource then this is the id of the 1052 // Resource, which contains additional data about the Resource. Otherwise 1053 // unset. 1054 optional int32 resource_id = 5; 1055 1056 // An Attribute of the element (eg: id, border, foo etc) and its value. 1057 message Attribute { 1058 optional string name = 1; 1059 optional string value = 2; 1060 } 1061 repeated Attribute attribute = 6; 1062} 1063 1064// Canonical representation of raster image data. 1065message ImageData { 1066 // Image bitmap, after downscaling to <= 512x512. 1067 optional bytes data = 1; 1068 1069 // Encoding scheme for the bitmap. 1070 optional string mime_type = 2; 1071 1072 message Dimensions { 1073 optional int32 width = 1; 1074 optional int32 height = 2; 1075 } 1076 1077 // Dimensions of the image stored in |data|. 1078 optional Dimensions dimensions = 3; 1079 optional Dimensions original_dimensions = 4; // iff downscaled 1080} 1081 1082// Reporting protobuf for an image served as part of a browser notification. 1083// There is no response (an empty body) to this request. 1084message NotificationImageReportRequest { 1085 optional string notification_origin = 1; // Src-origin of the notification. 1086 optional ImageData image = 2; // The bitmap of the image. 1087 1088 // Note that the image URL is deliberately omitted as it would be untrusted, 1089 // since the notification image fetch may be intercepted by a Service Worker 1090 // (even if the image URL is cross-origin). Otherwise a website could mislead 1091 // Safe Browsing into associating phishing image bitmaps with safe image URLs. 1092} 1093