// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // // This proto file includes: // (1) Client side phishing and malware detection request and response // protocol buffers. Those protocol messages should be kept in sync // with the server implementation. // // (2) Safe Browsing reporting protocol buffers. // A ClientSafeBrowsingReportRequest is sent when a user opts-in to // sending detailed threat reports from the safe browsing interstitial page. // It is a list of Resource messages, which may contain the url of a // resource such as the page in the address bar or any other resource // that was loaded for this page. // In addition to the url, a resource can contain HTTP request and response // headers and bodies. // // If you want to change this protocol definition or you have questions // regarding its format please contact chrome-anti-phishing@googlegroups.com. syntax = "proto2"; option optimize_for = LITE_RUNTIME; package safe_browsing; // Protocol buffer describing the Chrome user population of the user reporting // data. message ChromeUserPopulation { enum UserPopulation { UNKNOWN_USER_POPULATION = 0; SAFE_BROWSING = 1; EXTENDED_REPORTING = 2; } optional UserPopulation user_population = 1; // If user enabled history sync. optional bool is_history_sync_enabled = 2; // The finch active groups this user belongs to (if any). Active group is // defined by finch trial name and group name. Trial name and group name are // concatenated with separator "|", e.g. "PingOnlyTrial|DefaultGroup". repeated string finch_active_groups = 4; } message ClientPhishingRequest { // URL that the client visited. The CGI parameters are stripped by the // client. optional string url = 1; // A 5-byte SHA-256 hash prefix of the URL. Before hashing the URL is // canonicalized, converted to a suffix-prefix expression and broadened // (www prefix is removed and everything past the last '/' is stripped). // // Marked OBSOLETE because the URL is sent for all users, making the hash // prefix unnecessary. optional bytes OBSOLETE_hash_prefix = 10; // Score that was computed on the client. Value is between 0.0 and 1.0. // The larger the value the more likely the url is phishing. required float client_score = 2; // Note: we're skipping tag 3 because it was previously used. // Is true if the features for this URL were classified as phishing. // Currently, this will always be true for all client-phishing requests // that are sent to the server. optional bool is_phishing = 4; message Feature { // Feature name. E.g., 'PageHasForms'. required string name = 1; // Feature value is always in the range [0.0, 1.0]. Boolean features // have value 1.0. required double value = 2; } // List of features that were extracted. Those are the features that were // sent to the scorer and which resulted in client_score being computed. repeated Feature feature_map = 5; // The version number of the model that was used to compute the client-score. // Copied from ClientSideModel.version(). optional int32 model_version = 6; // Field 7 is only used on the server. // List of features that are extracted in the client but are not used in the // machine learning model. repeated Feature non_model_feature_map = 8; // The referrer URL. This field might not be set, for example, in the case // where the referrer uses HTTPs. // OBSOLETE: Use feature 'Referrer=' instead. optional string OBSOLETE_referrer_url = 9; // Field 11 is only used on the server. // List of shingle hashes we extracted. repeated uint32 shingle_hashes = 12 [packed = true]; // The model filename (basename) that was used by the client. optional string model_filename = 13; // Population that the reporting user is part of. optional ChromeUserPopulation population = 14; } message ClientPhishingResponse { required bool phishy = 1; // A list of SafeBrowsing host-suffix / path-prefix expressions that // are whitelisted. The client must match the current top-level URL // against these whitelisted expressions and only apply a positive // phishing verdict above if the URL does not match any expression // on this whitelist. The client must not cache these whitelisted // expressions. This whitelist will be empty for the vast majority // of the responses but might contain up to 100 entries in emergency // situations. // // Marked OBSOLETE because the URL is sent for all users, so the server // can do whitelist matching. repeated string OBSOLETE_whitelist_expression = 2; } message ClientMalwareRequest { // URL that the client visited. The CGI parameters are stripped by the // client. required string url = 1; // Field 2 is deleted and no longer in use. // Field 3 is only used on the server. // The referrer URL. This field might not be set, for example, in the case // where the referrer uses HTTPS. optional string referrer_url = 4; // Field 5 and 6 are only used on the server. message UrlInfo { required string ip = 1; required string url = 2; optional string method = 3; optional string referrer = 4; // Resource type, the int value is a direct cast from the Type enum // of ResourceType class defined in //src/webkit/commom/resource_type.h optional int32 resource_type = 5; } // List of resource urls that match the malware IP list. repeated UrlInfo bad_ip_url_info = 7; // Population that the reporting user is part of. optional ChromeUserPopulation population = 9; } // The message is used for client request to determine whether the provided URL // is safe for the purposes of entering user credentials for logging in. message LoginReputationClientRequest { // The top level frame URL of the webpage that hosts the login form. optional string page_url = 1; // Type for the request. // It could be low reputation request or password reuse request. enum TriggerType { TRIGGER_TYPE_UNSPECIFIED = 0; UNFAMILIAR_LOGIN_PAGE = 1; PASSWORD_REUSE_EVENT = 2; } optional TriggerType trigger_type = 2; // The message contains features which can describe a frame. A frame can be // a top level web page or an iframe. message Frame { // Id of a frame. The frame whose index = 0 is the top level web page. optional int32 frame_index = 1; // Id of the parent frame. optional int32 parent_frame_index = 2; // Url of the frame. If could be top level url (from web page) or url of // the iframe. optional string url = 3; // Whether the frame contains password field. optional bool has_password_field = 4; // If we can find the complete referrer chain, this field will contains URLs // transitions from landing referrer to event in reverse chronological // order, i.e. event url comes first in this list, and landing referrer // comes last. // For Safe Browsing Extended Reporting or Scout users, if the referrer // chain is empty or partially missing, we will add/append recent navigation // events to this list. The type of these entries will be RECENT_NAVIGATION. repeated ReferrerChainEntry referrer_chain = 5; // Options and metadata about the above referrer chain. optional ReferrerChainOptions referrer_chain_options = 7; // The message contains features of a form. message Form { // Action url of the form. optional string action_url = 1; // Whether the form contains password field. optional bool has_password_field = 2; } repeated Form forms = 6; // next available tag number: 8. } repeated Frame frames = 3; // The message contains fields needed for a password reuse event. // Next tag: 4 message PasswordReuseEvent { // Domains from the Chrome password manager DB that are associated with // the same password as the one triggering this event. The field is filled // in only when TriggerType is PASSWORD_REUSE_EVENT, and only for users // opted in to extended reporting. repeated string domains_matching_password = 1; // The frame that the password reuse is detected. optional int32 frame_id = 2; // Whether the reused password is used for Chrome signin. optional bool is_chrome_signin_password = 3; // Sync account type. Only set if |is_chrome_signin_password| is true. enum SyncAccountType { // Not a sign-in user. NOT_SIGNED_IN = 0; // User signed in with @gmail.com, or @googlemail.com account. GMAIL = 1; // User signed in with a G Suite account. GSUITE = 2; } optional SyncAccountType sync_account_type = 4; } optional PasswordReuseEvent password_reuse_event = 4; // The number of verdicts stored on the client. optional int32 stored_verdict_cnt = 5; // Chrome user population. optional ChromeUserPopulation population = 6; // If user clicked through safe browsing interstitial on this page. optional bool clicked_through_interstitial = 7; } // The message is used for client response for login reputation requests. message LoginReputationClientResponse { // Type of verdicts issued by the server. enum VerdictType { VERDICT_TYPE_UNSPECIFIED = 0; // No warning will be displayed. SAFE = 1; // The site has low reputation or low popularity. LOW_REPUTATION = 2; // The url matches with blacklist entries. PHISHING = 3; } optional VerdictType verdict_type = 1; // TTL of the verdict in seconds. optional int64 cache_duration_sec = 2; // A host-suffix/path-prefix expression which defines a collections of pages // with common ownership from the same domain. // Generally, the pattern is defined on the granularity of domains. // For domains managed by multiple parties, especially in the case of large // hosting sites (e.g., geocities.com), we further divide the domains. // // Examples: // www.google.com/foo/bar?param=val -> google.com // www.geocities.com/foo/bar.html -> geocities.com/foo // adwords.blogspot.com/index.html -> adwords.blogspot.com // // The pattern will always match the page_url of the request, and will be // a substring of page_url. optional string cache_expression = 3; // Deprecated. optional bool DEPRECATED_cache_expression_exact_match = 4 [deprecated = true]; // A token unique to each request which correlates response and post-warning // actions. optional bytes verdict_token = 5; } message ClientMalwareResponse { required bool blacklist = 1; // The confirmed blacklisted bad IP and its url, which will be shown in // malware warning, if the blacklist verdict is true. // This IP string could be either in IPv4 or IPv6 format, which is the same // as the ones client sent to server. optional string bad_ip = 2; optional string bad_url = 3; } message ClientDownloadRequest { // The final URL of the download (after all redirects). required string url = 1; // This message contains various binary digests of the download payload. message Digests { optional bytes sha256 = 1; optional bytes sha1 = 2; optional bytes md5 = 3; } required Digests digests = 2; // This is the length in bytes of the download payload. required int64 length = 3; // Type of the resources stored below. enum ResourceType { // The final URL of the download payload. The resource URL should // correspond to the URL field above. DOWNLOAD_URL = 0; // A redirect URL that was fetched before hitting the final DOWNLOAD_URL. DOWNLOAD_REDIRECT = 1; // The final top-level URL of the tab that triggered the download. TAB_URL = 2; // A redirect URL thas was fetched before hitting the final TAB_URL. TAB_REDIRECT = 3; // The document URL for a PPAPI plugin instance that initiated the download. // This is the document.url for the container element for the plugin // instance. PPAPI_DOCUMENT = 4; // The plugin URL for a PPAPI plugin instance that initiated the download. PPAPI_PLUGIN = 5; } message Resource { required string url = 1; required ResourceType type = 2; optional bytes remote_ip = 3; // This will only be set if the referrer is available and if the // resource type is either TAB_URL or DOWNLOAD_URL. optional string referrer = 4; // TODO(noelutz): add the transition type? } // This repeated field will store all the redirects as well as the // final URLs for the top-level tab URL (i.e., the URL that // triggered the download) as well as for the download URL itself. repeated Resource resources = 4; // A trust chain of certificates. Each chain begins with the signing // certificate of the binary, and ends with a self-signed certificate, // typically from a trusted root CA. This structure is analogous to // CERT_CHAIN_CONTEXT on Windows. message CertificateChain { // A single link in the chain. message Element { // DER-encoded X.509 representation of the certificate. optional bytes certificate = 1; // Fields 2 - 7 are only used on the server. } repeated Element element = 1; } // This is an OS X only message to report extended attribute informations. // Extended attributes on OS X are used for various security mechanisms, // which makes them interesting to Chrome. message ExtendedAttr { // This is the name of the extended attribute. required string key = 1; // This is the value of the extended attribute. optional bytes value = 2; } message SignatureInfo { // All certificate chains for each of the binary's signers. Multiple chains // may be present if the binary or any certificate has multiple signers. // Absence of certificate chains does not imply that the binary is not // signed (in that case, SignedData blobs extracted from the binary may be // preset), but does mean that trust has not been verified. repeated CertificateChain certificate_chain = 1; // True if the signature was trusted on the client. optional bool trusted = 2; // On Windows, PKCS#7 SignedData blobs extracted from a portable executable // image's attribute certificate table. The presence of these does not imply // that the signatures were deemed trusted by the client. // On Mac, this is the code signature blob referenced by the // LC_CODE_SIGNATURE load command. repeated bytes signed_data = 3; // On OS X, code signing data can be contained in the extended attributes of // a file. As Gatekeeper respects this signature, we look for it and collect // it. repeated ExtendedAttr xattr = 4; } // This field will only be set if the binary is signed. optional SignatureInfo signature = 5; // True if the download was user initiated. optional bool user_initiated = 6; // Fields 7 and 8 are only used on the server. // Name of the file where the download would be stored if the // download completes. E.g., "bla.exe". optional string file_basename = 9; // Starting with Chrome M19 we're also sending back pings for Chrome // extensions that get downloaded by users. enum DownloadType { WIN_EXECUTABLE = 0; // Currently all .exe, .cab and .msi files. CHROME_EXTENSION = 1; // .crx files. ANDROID_APK = 2; // .apk files. // .zip files containing one of the other executable types. ZIPPED_EXECUTABLE = 3; MAC_EXECUTABLE = 4; // .dmg, .pkg, etc. ZIPPED_ARCHIVE = 5; // .zip file containing another archive. ARCHIVE = 6; // Archive that doesn't have a specific DownloadType. // A .zip that Chrome failed to unpack to the point of finding exe/zips. INVALID_ZIP = 7; // A .dmg, .pkg, etc, that Chrome failed to unpack to the point of finding // Mach O's. INVALID_MAC_ARCHIVE = 8; // A download request initiated via PPAPI. Typically the requestor is // a Flash applet. PPAPI_SAVE_REQUEST = 9; // A file we don't support, but we've decided to sample and send // a light-ping. SAMPLED_UNSUPPORTED_FILE = 10; } optional DownloadType download_type = 10 [default = WIN_EXECUTABLE]; // Locale of the device, eg en, en_US. optional string locale = 11; message PEImageHeaders { // IMAGE_DOS_HEADER. optional bytes dos_header = 1; // IMAGE_FILE_HEADER. optional bytes file_header = 2; // IMAGE_OPTIONAL_HEADER32. Present only for 32-bit PE images. optional bytes optional_headers32 = 3; // IMAGE_OPTIONAL_HEADER64. Present only for 64-bit PE images. optional bytes optional_headers64 = 4; // IMAGE_SECTION_HEADER. repeated bytes section_header = 5; // Contents of the .edata section. optional bytes export_section_data = 6; message DebugData { // IMAGE_DEBUG_DIRECTORY. optional bytes directory_entry = 1; optional bytes raw_data = 2; } repeated DebugData debug_data = 7; } message MachOHeaders { // The mach_header or mach_header_64 struct. required bytes mach_header = 1; message LoadCommand { // |command_id| is the first uint32 of |command| as well, but is // extracted for easier processing. required uint32 command_id = 1; // The entire data stream of the load command. required bytes command = 2; } // All the load commands of the Mach-O file. repeated LoadCommand load_commands = 2; } message ImageHeaders { // Windows Portable Executable image headers. optional PEImageHeaders pe_headers = 1; // OS X Mach-O image headers. repeated MachOHeaders mach_o_headers = 2; }; // Fields 12-17 are reserved for server-side use and are never sent by the // client. optional ImageHeaders image_headers = 18; // Fields 19-21 are reserved for server-side use and are never sent by the // client. // A binary or archive contained in an archive (e.g., a .exe in a .zip // archive, or a .zip inside a .zip). message ArchivedBinary { optional string file_basename = 1; optional DownloadType download_type = 2; optional Digests digests = 3; optional int64 length = 4; optional SignatureInfo signature = 5; optional ImageHeaders image_headers = 6; } repeated ArchivedBinary archived_binary = 22; // Population that the reporting user is part of. optional ChromeUserPopulation population = 24; // True if the .zip or DMG, etc, was 100% successfully unpacked. optional bool archive_valid = 26; // True if this ClientDownloadRequest is from a whitelisted domain. optional bool skipped_url_whitelist = 28; // True if this ClientDownloadRequest contains a whitelisted certificate. optional bool skipped_certificate_whitelist = 31; // PPAPI_SAVE_REQUEST type messages may have more than one suggested filetype. // Each element in this collection indicates an alternate extension including // the leading extension separator. repeated string alternate_extensions = 35; // If we can find the complete referrer chain, this field will contains URLs // transitions from landing referrer to event in reverse chronological // order, i.e. event url comes first in this list, and landing referrer // comes last. // For Safe Browsing Extended Reporting or Scout users, if the referrer chain // is empty or partially missing, we will add/append recent navigation events // to this list. The type of these entries will be RECENT_NAVIGATION. repeated ReferrerChainEntry referrer_chain = 36; // Options and metadata about the above referrer chain. optional ReferrerChainOptions referrer_chain_options = 50; // Deprecated. optional bool DEPRECATED_download_attribution_finch_enabled = 39 [deprecated = true]; // The Mac disk image code signature. // The underlying structure of code signature is defined at // https://opensource.apple.com/source/xnu/xnu-2782.1.97/bsd/sys/codesign.h optional bytes udif_code_signature = 40; // next available tag number: 51; } message ReferrerChainOptions { // The number of recent navigations we'd like to collect. This number is // controlled by Finch parameter and its default value is 0. optional int32 recent_navigations_to_collect = 1 [default = 0]; } // Please update SafeBrowsingNavigationObserverManager::SanitizeReferrerChain() // if you're adding more fields to this message. message ReferrerChainEntry { enum URLType { // URL of safe browsing events that are at the end of the referrer chain. // e.g. URL of a download, URL of a low reputation login page, etc. EVENT_URL = 1; // e.g. // Landing page is the page user directly interacts with to trigger the // above event, e.g. the page where user clicks a download button. LANDING_PAGE = 2; // Landing referrer is the one user directly interacts with right before // navigating to the landing page. LANDING_REFERRER = 3; // Client redirect refers to committed navigation between landing page and // the targeted event, or between landing referrer page and landing page. // Client redirect is not triggered by user gesture. CLIENT_REDIRECT = 4; DEPRECATED_SERVER_REDIRECT = 5; // Deprecated // For Safe Browsing Extended Reporting or Scout users, if the referrer // chain is empty or partially missing, we will add/append recent navigation // events to this list. RECENT_NAVIGATION type is set for these cases. RECENT_NAVIGATION = 6; } enum NavigationInitiation { // Convenient default value, should not be used in real ReferrerChainEntry. UNDEFINED = 0; // Navigation is initiated by the browser process. e.g. user enters url into // address bar, or user opens a bookmark. BROWSER_INITIATED = 1; // Navigation is initiated by the renderer process and there is no user // gesture associate with this navigation. e.g. // * redirect via the tag // * change window.location.href RENDERER_INITIATED_WITHOUT_USER_GESTURE = 2; // Navigation is initiated by the renderer process and there is a clear user // gesture associate with this navigation. e.g. // * link click // * using window.history.pushState (i.e. back, forward button interaction) RENDERER_INITIATED_WITH_USER_GESTURE = 3; } message ServerRedirect { // [required] server redirect url optional string url = 1; // Additional fields for future expansion. } // [required] The url of this Entry. optional string url = 1; // Only set if it is different from |url|. optional string main_frame_url = 9; // Type of URLs, such as event url, landing page, etc. optional URLType type = 2 [default = CLIENT_REDIRECT]; // IP addresses corresponding to this host. repeated string ip_addresses = 3; // Referrer url of this entry. optional string referrer_url = 4; // Main frame URL of referrer. // Only set if it is different from |referrer_url|. optional string referrer_main_frame_url = 5; // If this URL loads in a different tab/frame from previous one. optional bool is_retargeting = 6; optional double navigation_time_msec = 7; // Set only if server redirects happened in navigation. // The first entry in |server_redirect_chain| should be the original request // url, and the last entry should be the same as |url|. repeated ServerRedirect server_redirect_chain = 8; // How this navigation is initiated. optional NavigationInitiation navigation_initiation = 10; // next available tag number: 11. } // End of ReferrerChainEntry message ClientDownloadResponse { enum Verdict { // Download is considered safe. SAFE = 0; // Download is considered dangerous. Chrome should show a warning to the // user. DANGEROUS = 1; // Download is uncommon. Chrome should display a less severe warning. UNCOMMON = 2; // The download is potentially unwanted. POTENTIALLY_UNWANTED = 3; // The download is from a dangerous host. DANGEROUS_HOST = 4; // The backend doesn't have confidence in its verdict of this file. // Chrome should show the default warning if configured for this file type. UNKNOWN = 5; } optional Verdict verdict = 1 [default = SAFE]; message MoreInfo { // A human-readable string describing the nature of the warning. // Only if verdict != SAFE. Localized based on request.locale. optional string description = 1; // A URL to get more information about this warning, if available. optional string url = 2; } optional MoreInfo more_info = 2; // An arbitrary token that should be sent along for further server requests. optional bytes token = 3; // Whether the server requests that this binary be uploaded. optional bool upload = 5; } // The following protocol buffer holds the feedback report gathered // from the user regarding the download. message ClientDownloadReport { // The information of user who provided the feedback. // This is going to be useful for handling appeals. message UserInformation { optional string email = 1; } enum Reason { SHARE = 0; FALSE_POSITIVE = 1; APPEAL = 2; } // The type of feedback for this report. optional Reason reason = 1; // The original download ping optional ClientDownloadRequest download_request = 2; // Stores the information of the user who provided the feedback. optional UserInformation user_information = 3; // Unstructed comments provided by the user. optional bytes comment = 4; // The original download response sent from the verdict server. optional ClientDownloadResponse download_response = 5; } // This is used to send back upload status to the client after upload completion message ClientUploadResponse { enum UploadStatus { // The upload was successful and a complete response can be expected SUCCESS = 0; // The upload was unsuccessful and the response is incomplete. UPLOAD_FAILURE = 1; } // Holds the upload status optional UploadStatus status = 1; // Holds the permalink where the results of scanning the binary are available optional string permalink = 2; } message ClientIncidentReport { message IncidentData { message TrackedPreferenceIncident { enum ValueState { UNKNOWN = 0; CLEARED = 1; WEAK_LEGACY_OBSOLETE = 2; CHANGED = 3; UNTRUSTED_UNKNOWN_VALUE = 4; BYPASS_CLEARED = 5; BYPASS_CHANGED = 6; } optional string path = 1; optional string atomic_value = 2; repeated string split_key = 3; optional ValueState value_state = 4; } message BinaryIntegrityIncident { optional string file_basename = 1; optional ClientDownloadRequest.SignatureInfo signature = 2; optional ClientDownloadRequest.ImageHeaders image_headers = 3; optional int32 sec_error = 4; message ContainedFile { optional string relative_path = 1; optional ClientDownloadRequest.SignatureInfo signature = 2; optional ClientDownloadRequest.ImageHeaders image_headers = 3; } repeated ContainedFile contained_file = 5; } message ResourceRequestIncident { enum Type { UNKNOWN = 0; TYPE_PATTERN = 3; } optional bytes digest = 1; optional string origin = 2; optional Type type = 3 [default = UNKNOWN]; } optional int64 incident_time_msec = 1; optional TrackedPreferenceIncident tracked_preference = 2; optional BinaryIntegrityIncident binary_integrity = 3; // Note: skip tag 4,5,6 because they were previously used. reserved 4 to 6; optional ResourceRequestIncident resource_request = 7; // Note: skip tag 8 because it was previously used. reserved 8; } repeated IncidentData incident = 1; message DownloadDetails { optional bytes token = 1; optional ClientDownloadRequest download = 2; optional int64 download_time_msec = 3; optional int64 open_time_msec = 4; } optional DownloadDetails download = 2; message EnvironmentData { message OS { optional string os_name = 1; optional string os_version = 2; message RegistryValue { optional string name = 1; optional uint32 type = 2; optional bytes data = 3; } message RegistryKey { optional string name = 1; repeated RegistryValue value = 2; repeated RegistryKey key = 3; } repeated RegistryKey registry_key = 3; optional bool is_enrolled_to_domain = 4; } optional OS os = 1; message Machine { optional string cpu_architecture = 1; optional string cpu_vendor = 2; optional uint32 cpuid = 3; } optional Machine machine = 2; message Process { optional string version = 1; repeated string OBSOLETE_dlls = 2; message Patch { optional string function = 1; optional string target_dll = 2; } repeated Patch patches = 3; message NetworkProvider {} repeated NetworkProvider network_providers = 4; enum Channel { CHANNEL_UNKNOWN = 0; CHANNEL_CANARY = 1; CHANNEL_DEV = 2; CHANNEL_BETA = 3; CHANNEL_STABLE = 4; } optional Channel chrome_update_channel = 5; optional int64 uptime_msec = 6; optional bool metrics_consent = 7; // Obsolete: extended consent is now required for incident reporting. optional bool OBSOLETE_extended_consent = 8; message Dll { enum Feature { UNKNOWN = 0; LSP = 1; } optional string path = 1; optional uint64 base_address = 2; optional uint32 length = 3; repeated Feature feature = 4; optional ClientDownloadRequest.ImageHeaders image_headers = 5; } repeated Dll dll = 9; repeated string blacklisted_dll = 10; message ModuleState { enum ModifiedState { UNKNOWN = 0; MODULE_STATE_UNKNOWN = 1; MODULE_STATE_UNMODIFIED = 2; MODULE_STATE_MODIFIED = 3; } optional string name = 1; optional ModifiedState modified_state = 2; repeated string OBSOLETE_modified_export = 3; message Modification { optional uint32 file_offset = 1; optional int32 byte_count = 2; optional bytes modified_bytes = 3; optional string export_name = 4; } repeated Modification modification = 4; } repeated ModuleState module_state = 11; // Obsolete: field trials no longer enable incident reporting. optional bool OBSOLETE_field_trial_participant = 12; } optional Process process = 3; } message ExtensionData { message ExtensionInfo { enum ExtensionState { STATE_UNKNOWN = 0; STATE_ENABLED = 1; STATE_DISABLED = 2; STATE_BLACKLISTED = 3; STATE_BLOCKED = 4; STATE_TERMINATED = 5; } optional string id = 1; optional string version = 2; optional string name = 3; optional string description = 4; optional ExtensionState state = 5 [default = STATE_UNKNOWN]; optional int32 type = 6; optional string update_url = 7; optional bool has_signature_validation = 8; optional bool signature_is_valid = 9; optional bool installed_by_custodian = 10; optional bool installed_by_default = 11; optional bool installed_by_oem = 12; optional bool from_bookmark = 13; optional bool from_webstore = 14; optional bool converted_from_user_script = 15; optional bool may_be_untrusted = 16; optional int64 install_time_msec = 17; optional int32 manifest_location_type = 18; optional string manifest = 19; } optional ExtensionInfo last_installed_extension = 1; } optional EnvironmentData environment = 3; // Population that the reporting user is part of. optional ChromeUserPopulation population = 7; optional ExtensionData extension_data = 8; message NonBinaryDownloadDetails { optional string file_type = 1; optional bytes url_spec_sha256 = 2; optional string host = 3; optional int64 length = 4; } optional NonBinaryDownloadDetails non_binary_download = 9; } message ClientIncidentResponse { optional bytes token = 1; optional bool download_requested = 2; message EnvironmentRequest { optional int32 dll_index = 1; } repeated EnvironmentRequest environment_requests = 3; } message DownloadMetadata { optional uint32 download_id = 1; optional ClientIncidentReport.DownloadDetails download = 2; } // A Detailed Safebrowsing Report from clients. Chrome safebrowsing reports are // only sent by Chrome users who have opted into extended Safe Browsing. // This proto is replacing ClientMalwareReportRequest. // Next tag: 19 message ClientSafeBrowsingReportRequest { // Note: A lot of the "optional" fields would make sense to be // "required" instead. However, having them as optional allows the // clients to send "stripped down" versions of the message in the // future, if we want to. enum ReportType { UNKNOWN = 0; URL_PHISHING = 1; URL_MALWARE = 2; URL_UNWANTED = 3; URL_CLIENT_SIDE_PHISHING = 4; URL_CLIENT_SIDE_MALWARE = 5; DANGEROUS_DOWNLOAD_RECOVERY = 6; DANGEROUS_DOWNLOAD_WARNING = 7; DANGEROUS_DOWNLOAD_BY_API = 10; URL_PASSWORD_PROTECTION_PHISHING = 12; DANGEROUS_DOWNLOAD_OPENED = 13; AD_SAMPLE = 14; URL_SUSPICIOUS = 15; } message HTTPHeader { required bytes name = 1; optional bytes value = 2; } message HTTPRequest { message FirstLine { optional bytes verb = 1; optional bytes uri = 2; optional bytes version = 3; } optional FirstLine firstline = 1; repeated HTTPHeader headers = 2; optional bytes body = 3; // bodydigest and bodylength can be useful if the report does not // contain the body itself. optional bytes bodydigest = 4; // 32-byte hex md5 digest of body. optional int32 bodylength = 5; // length of body. } message HTTPResponse { message FirstLine { optional int32 code = 1; optional bytes message = 2; optional bytes version = 3; } optional FirstLine firstline = 1; repeated HTTPHeader headers = 2; optional bytes body = 3; optional bytes bodydigest = 4; // 32-byte hex md5 digest of body. optional int32 bodylength = 5; // length of body. optional bytes remote_ip = 6; // IP of the server. } message Resource { required int32 id = 1; optional string url = 2; optional HTTPRequest request = 3; optional HTTPResponse response = 4; optional int32 parent_id = 5; repeated int32 child_ids = 6; optional string tag_name = 7; } optional ReportType type = 10; // Only set if ReportType is DANGEROUS_DOWNLOAD_RECOVERY, // DANGEROUS_DOWNLOAD_WARNING or DANGEROUS_DOWNLOAD_BY_API. optional ClientDownloadResponse.Verdict download_verdict = 11; // URL of the page in the address bar. optional string url = 1; optional string page_url = 2; optional string referrer_url = 3; repeated Resource resources = 4; // Contains the hierarchy of elements on the page (ie: the DOM). Some // elements can be Resources and will refer to the resources list (above). repeated HTMLElement dom = 16; // Whether the report is complete. optional bool complete = 5; // The ASN and country of the client IP. These fields are filled up by // csd_frontend repeated string client_asn = 6; optional string client_country = 7; // Whether user chose to proceed. optional bool did_proceed = 8; // Whether user visited this origin before. optional bool repeat_visit = 9; // The same token in ClientDownloadResponse or LoginReputationClientResponse. // This field is only set if its report type is DANGEROUS_DOWNLOAD_RECOVERY, // DANGEROUS_DOWNLOAD_WARNING, DANGEROUS_DOWNLOAD_BY_API, // URL_PASSWORD_PROTECTION_PHISHING, or DANGEROUS_DOWNLOAD_OPENED. optional bytes token = 15; enum SafeBrowsingUrlApiType { SAFE_BROWSING_URL_API_TYPE_UNSPECIFIED = 0; // Native implementation of Safe Browsing API v3 protocol. PVER3_NATIVE = 1; // Native implementation of Safe Browsing API v4 protocol. PVER4_NATIVE = 2; // Android SafetyNet API. // https://developer.android.com/training/safetynet/safebrowsing.html ANDROID_SAFETYNET = 3; // Flywheel (data compression service). FLYWHEEL = 4; } // The information propagated from the client about various environment // variables including SDK version, Google Play Services version and so on. message SafeBrowsingClientProperties { optional string client_version = 1; optional int64 google_play_services_version = 2; optional bool is_instant_apps = 3; optional SafeBrowsingUrlApiType url_api_type = 4; } optional SafeBrowsingClientProperties client_properties = 17; // Only set if report type is DANGEROUS_DOWNLOAD_EXECUTION. // True means user opened the folder where this download is in via browser. // False means user directly executed this download via download shelf or // other download UIs. optional bool show_download_in_folder = 18; } // An HTML Element on the page (eg: iframe, div, script, etc). message HTMLElement { // Id of this element. optional int32 id = 1; // The tag type of this element (eg: iframe, div, script, etc). optional string tag = 2; // IDs of elements that are children of this element. repeated int32 child_ids = 3; // If this element represents a Resource then this is the id of the // Resource, which contains additional data about the Resource. Otherwise // unset. optional int32 resource_id = 5; // An Attribute of the element (eg: id, border, foo etc) and its value. message Attribute { optional string name = 1; optional string value = 2; } repeated Attribute attribute = 6; } // Canonical representation of raster image data. message ImageData { // Image bitmap, after downscaling to <= 512x512. optional bytes data = 1; // Encoding scheme for the bitmap. optional string mime_type = 2; message Dimensions { optional int32 width = 1; optional int32 height = 2; } // Dimensions of the image stored in |data|. optional Dimensions dimensions = 3; optional Dimensions original_dimensions = 4; // iff downscaled } // Reporting protobuf for an image served as part of a browser notification. // There is no response (an empty body) to this request. message NotificationImageReportRequest { optional string notification_origin = 1; // Src-origin of the notification. optional ImageData image = 2; // The bitmap of the image. // Note that the image URL is deliberately omitted as it would be untrusted, // since the notification image fetch may be intercepted by a Service Worker // (even if the image URL is cross-origin). Otherwise a website could mislead // Safe Browsing into associating phishing image bitmaps with safe image URLs. } // Protobuf for Chrome extension webstore install request. message ExtensionWebStoreInstallRequest { // If we can find the complete referrer chain, this field will contain URL // transitions from landing referrer to event in reverse chronological // order, i.e. event url comes first in this list, and landing referrer // comes last. // For Safe Browsing Extended Reporting or Scout users, if the referrer // chain is empty or partially missing, we will add/append recent navigation // events to this list. The type of these entries will be RECENT_NAVIGATION. repeated ReferrerChainEntry referrer_chain = 1; // Options and metadata about the above referrer chain. optional ReferrerChainOptions referrer_chain_options = 2; }