diff options
Diffstat (limited to 'toolkit/components/reputationservice/chromium/chrome/common/safe_browsing/csd.proto')
-rw-r--r-- | toolkit/components/reputationservice/chromium/chrome/common/safe_browsing/csd.proto | 1092 |
1 files changed, 1092 insertions, 0 deletions
diff --git a/toolkit/components/reputationservice/chromium/chrome/common/safe_browsing/csd.proto b/toolkit/components/reputationservice/chromium/chrome/common/safe_browsing/csd.proto new file mode 100644 index 0000000000..4a5282bf2f --- /dev/null +++ b/toolkit/components/reputationservice/chromium/chrome/common/safe_browsing/csd.proto @@ -0,0 +1,1092 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. +// +// This proto file includes: +// (1) Client side phishing and malware detection request and response +// protocol buffers. Those protocol messages should be kept in sync +// with the server implementation. +// +// (2) Safe Browsing reporting protocol buffers. +// A ClientSafeBrowsingReportRequest is sent when a user opts-in to +// sending detailed threat reports from the safe browsing interstitial page. +// It is a list of Resource messages, which may contain the url of a +// resource such as the page in the address bar or any other resource +// that was loaded for this page. +// In addition to the url, a resource can contain HTTP request and response +// headers and bodies. +// +// If you want to change this protocol definition or you have questions +// regarding its format please contact chrome-anti-phishing@googlegroups.com. + +syntax = "proto2"; + +option optimize_for = LITE_RUNTIME; + +package safe_browsing; + +// Protocol buffer describing the Chrome user population of the user reporting +// data. +message ChromeUserPopulation { + enum UserPopulation { + UNKNOWN_USER_POPULATION = 0; + SAFE_BROWSING = 1; + EXTENDED_REPORTING = 2; + } + optional UserPopulation user_population = 1; + + // If user enabled history sync. + optional bool is_history_sync_enabled = 2; + + // The finch active groups this user belongs to (if any). Active group is + // defined by finch trial name and group name. Trial name and group name are + // concatenated with separator "|", e.g. "PingOnlyTrial|DefaultGroup". + repeated string finch_active_groups = 4; +} + +message ClientPhishingRequest { + // URL that the client visited. The CGI parameters are stripped by the + // client. + optional string url = 1; + + // A 5-byte SHA-256 hash prefix of the URL. Before hashing the URL is + // canonicalized, converted to a suffix-prefix expression and broadened + // (www prefix is removed and everything past the last '/' is stripped). + // + // Marked OBSOLETE because the URL is sent for all users, making the hash + // prefix unnecessary. + optional bytes OBSOLETE_hash_prefix = 10; + + // Score that was computed on the client. Value is between 0.0 and 1.0. + // The larger the value the more likely the url is phishing. + required float client_score = 2; + + // Note: we're skipping tag 3 because it was previously used. + + // Is true if the features for this URL were classified as phishing. + // Currently, this will always be true for all client-phishing requests + // that are sent to the server. + optional bool is_phishing = 4; + + message Feature { + // Feature name. E.g., 'PageHasForms'. + required string name = 1; + + // Feature value is always in the range [0.0, 1.0]. Boolean features + // have value 1.0. + required double value = 2; + } + + // List of features that were extracted. Those are the features that were + // sent to the scorer and which resulted in client_score being computed. + repeated Feature feature_map = 5; + + // The version number of the model that was used to compute the client-score. + // Copied from ClientSideModel.version(). + optional int32 model_version = 6; + + // Field 7 is only used on the server. + + // List of features that are extracted in the client but are not used in the + // machine learning model. + repeated Feature non_model_feature_map = 8; + + // The referrer URL. This field might not be set, for example, in the case + // where the referrer uses HTTPs. + // OBSOLETE: Use feature 'Referrer=<referrer>' instead. + optional string OBSOLETE_referrer_url = 9; + + // Field 11 is only used on the server. + + // List of shingle hashes we extracted. + repeated uint32 shingle_hashes = 12 [packed = true]; + + // The model filename (basename) that was used by the client. + optional string model_filename = 13; + + // Population that the reporting user is part of. + optional ChromeUserPopulation population = 14; +} + +message ClientPhishingResponse { + required bool phishy = 1; + + // A list of SafeBrowsing host-suffix / path-prefix expressions that + // are whitelisted. The client must match the current top-level URL + // against these whitelisted expressions and only apply a positive + // phishing verdict above if the URL does not match any expression + // on this whitelist. The client must not cache these whitelisted + // expressions. This whitelist will be empty for the vast majority + // of the responses but might contain up to 100 entries in emergency + // situations. + // + // Marked OBSOLETE because the URL is sent for all users, so the server + // can do whitelist matching. + repeated string OBSOLETE_whitelist_expression = 2; +} + +message ClientMalwareRequest { + // URL that the client visited. The CGI parameters are stripped by the + // client. + required string url = 1; + + // Field 2 is deleted and no longer in use. + + // Field 3 is only used on the server. + + // The referrer URL. This field might not be set, for example, in the case + // where the referrer uses HTTPS. + optional string referrer_url = 4; + + // Field 5 and 6 are only used on the server. + + message UrlInfo { + required string ip = 1; + required string url = 2; + optional string method = 3; + optional string referrer = 4; + // Resource type, the int value is a direct cast from the Type enum + // of ResourceType class defined in //src/webkit/commom/resource_type.h + optional int32 resource_type = 5; + } + + // List of resource urls that match the malware IP list. + repeated UrlInfo bad_ip_url_info = 7; + + // Population that the reporting user is part of. + optional ChromeUserPopulation population = 9; +} + +// The message is used for client request to determine whether the provided URL +// is safe for the purposes of entering user credentials for logging in. +message LoginReputationClientRequest { + // The top level frame URL of the webpage that hosts the login form. + optional string page_url = 1; + + // Type for the request. + // It could be low reputation request or password reuse request. + enum TriggerType { + TRIGGER_TYPE_UNSPECIFIED = 0; + UNFAMILIAR_LOGIN_PAGE = 1; + PASSWORD_REUSE_EVENT = 2; + } + optional TriggerType trigger_type = 2; + + // The message contains features which can describe a frame. A frame can be + // a top level web page or an iframe. + message Frame { + // Id of a frame. The frame whose index = 0 is the top level web page. + optional int32 frame_index = 1; + + // Id of the parent frame. + optional int32 parent_frame_index = 2; + + // Url of the frame. If could be top level url (from web page) or url of + // the iframe. + optional string url = 3; + + // Whether the frame contains password field. + optional bool has_password_field = 4; + + // URLs transitions in reverse chronological order, i.e. the top level url + // or the url of the iframe comes first in the list. + repeated ReferrerChainEntry referrer_chain = 5; + + // The message contains features of a form. + message Form { + // Action url of the form. + optional string action_url = 1; + + // Whether the form contains password field. + optional bool has_password_field = 2; + } + + repeated Form forms = 6; + } + + repeated Frame frames = 3; + + // The message contains fields needed for a password reuse event. + // Next tag: 4 + message PasswordReuseEvent { + // Domains from the Chrome password manager DB that are associated with + // the same password as the one triggering this event. The field is filled + // in only when TriggerType is PASSWORD_REUSE_EVENT, and only for users + // opted in to extended reporting. + repeated string domains_matching_password = 1; + + // The frame that the password reuse is detected. + optional int32 frame_id = 2; + + // Whether the reused password is used for Chrome signin. + optional bool is_chrome_signin_password = 3; + + // Sync account type. Only set if |is_chrome_signin_password| is true. + enum SyncAccountType { + // Not a sign-in user. + NOT_SIGNED_IN = 0; + + // User signed in with @gmail.com, or @googlemail.com account. + GMAIL = 1; + + // User signed in with a G Suite account. + GSUITE = 2; + } + optional SyncAccountType sync_account_type = 4; + } + + optional PasswordReuseEvent password_reuse_event = 4; + + // The number of verdicts stored on the client. + optional int32 stored_verdict_cnt = 5; + + // Chrome user population. + optional ChromeUserPopulation population = 6; + + // If user clicked through safe browsing interstitial on this page. + optional bool clicked_through_interstitial = 7; +} + +// The message is used for client response for login reputation requests. +message LoginReputationClientResponse { + // Type of verdicts issued by the server. + enum VerdictType { + VERDICT_TYPE_UNSPECIFIED = 0; + // No warning will be displayed. + SAFE = 1; + // The site has low reputation or low popularity. + LOW_REPUTATION = 2; + // The url matches with blacklist entries. + PHISHING = 3; + } + optional VerdictType verdict_type = 1; + + // TTL of the verdict in seconds. + optional int64 cache_duration_sec = 2; + + // A host-suffix/path-prefix expression which defines a collections of pages + // with common ownership from the same domain. + // Generally, the pattern is defined on the granularity of domains. + // For domains managed by multiple parties, especially in the case of large + // hosting sites (e.g., geocities.com), we further divide the domains. + // + // Examples: + // www.google.com/foo/bar?param=val -> google.com + // www.geocities.com/foo/bar.html -> geocities.com/foo + // adwords.blogspot.com/index.html -> adwords.blogspot.com + // + // The pattern will always match the page_url of the request, and will be + // a substring of page_url. + optional string cache_expression = 3; + + // Deprecated. + optional bool DEPRECATED_cache_expression_exact_match = 4 [deprecated = true]; + + // A token unique to each request which correlates response and post-warning + // actions. + optional bytes verdict_token = 5; +} + +message ClientMalwareResponse { + required bool blacklist = 1; + // The confirmed blacklisted bad IP and its url, which will be shown in + // malware warning, if the blacklist verdict is true. + // This IP string could be either in IPv4 or IPv6 format, which is the same + // as the ones client sent to server. + optional string bad_ip = 2; + optional string bad_url = 3; +} + +message ClientDownloadRequest { + // The final URL of the download (after all redirects). + required string url = 1; + + // This message contains various binary digests of the download payload. + message Digests { + optional bytes sha256 = 1; + optional bytes sha1 = 2; + optional bytes md5 = 3; + } + required Digests digests = 2; + + // This is the length in bytes of the download payload. + required int64 length = 3; + + // Type of the resources stored below. + enum ResourceType { + // The final URL of the download payload. The resource URL should + // correspond to the URL field above. + DOWNLOAD_URL = 0; + // A redirect URL that was fetched before hitting the final DOWNLOAD_URL. + DOWNLOAD_REDIRECT = 1; + // The final top-level URL of the tab that triggered the download. + TAB_URL = 2; + // A redirect URL thas was fetched before hitting the final TAB_URL. + TAB_REDIRECT = 3; + // The document URL for a PPAPI plugin instance that initiated the download. + // This is the document.url for the container element for the plugin + // instance. + PPAPI_DOCUMENT = 4; + // The plugin URL for a PPAPI plugin instance that initiated the download. + PPAPI_PLUGIN = 5; + } + + message Resource { + required string url = 1; + required ResourceType type = 2; + optional bytes remote_ip = 3; + // This will only be set if the referrer is available and if the + // resource type is either TAB_URL or DOWNLOAD_URL. + optional string referrer = 4; + + // TODO(noelutz): add the transition type? + } + + // This repeated field will store all the redirects as well as the + // final URLs for the top-level tab URL (i.e., the URL that + // triggered the download) as well as for the download URL itself. + repeated Resource resources = 4; + + // A trust chain of certificates. Each chain begins with the signing + // certificate of the binary, and ends with a self-signed certificate, + // typically from a trusted root CA. This structure is analogous to + // CERT_CHAIN_CONTEXT on Windows. + message CertificateChain { + // A single link in the chain. + message Element { + // DER-encoded X.509 representation of the certificate. + optional bytes certificate = 1; + // Fields 2 - 7 are only used on the server. + } + repeated Element element = 1; + } + + // This is an OS X only message to report extended attribute informations. + // Extended attributes on OS X are used for various security mechanisms, + // which makes them interesting to Chrome. + message ExtendedAttr { + // This is the name of the extended attribute. + required string key = 1; + // This is the value of the extended attribute. + optional bytes value = 2; + } + + message SignatureInfo { + // All certificate chains for each of the binary's signers. Multiple chains + // may be present if the binary or any certificate has multiple signers. + // Absence of certificate chains does not imply that the binary is not + // signed (in that case, SignedData blobs extracted from the binary may be + // preset), but does mean that trust has not been verified. + repeated CertificateChain certificate_chain = 1; + + // True if the signature was trusted on the client. + optional bool trusted = 2; + + // On Windows, PKCS#7 SignedData blobs extracted from a portable executable + // image's attribute certificate table. The presence of these does not imply + // that the signatures were deemed trusted by the client. + // On Mac, this is the code signature blob referenced by the + // LC_CODE_SIGNATURE load command. + repeated bytes signed_data = 3; + + // On OS X, code signing data can be contained in the extended attributes of + // a file. As Gatekeeper respects this signature, we look for it and collect + // it. + repeated ExtendedAttr xattr = 4; + } + + // This field will only be set if the binary is signed. + optional SignatureInfo signature = 5; + + // True if the download was user initiated. + optional bool user_initiated = 6; + + // Fields 7 and 8 are only used on the server. + + // Name of the file where the download would be stored if the + // download completes. E.g., "bla.exe". + optional string file_basename = 9; + + // Starting with Chrome M19 we're also sending back pings for Chrome + // extensions that get downloaded by users. + enum DownloadType { + WIN_EXECUTABLE = 0; // Currently all .exe, .cab and .msi files. + CHROME_EXTENSION = 1; // .crx files. + ANDROID_APK = 2; // .apk files. + // .zip files containing one of the other executable types. + ZIPPED_EXECUTABLE = 3; + MAC_EXECUTABLE = 4; // .dmg, .pkg, etc. + ZIPPED_ARCHIVE = 5; // .zip file containing another archive. + ARCHIVE = 6; // Archive that doesn't have a specific DownloadType. + // A .zip that Chrome failed to unpack to the point of finding exe/zips. + INVALID_ZIP = 7; + // A .dmg, .pkg, etc, that Chrome failed to unpack to the point of finding + // Mach O's. + INVALID_MAC_ARCHIVE = 8; + // A download request initiated via PPAPI. Typically the requestor is + // a Flash applet. + PPAPI_SAVE_REQUEST = 9; + // A file we don't support, but we've decided to sample and send + // a light-ping. + SAMPLED_UNSUPPORTED_FILE = 10; + } + optional DownloadType download_type = 10 [default = WIN_EXECUTABLE]; + + // Locale of the device, eg en, en_US. + optional string locale = 11; + + message PEImageHeaders { + // IMAGE_DOS_HEADER. + optional bytes dos_header = 1; + // IMAGE_FILE_HEADER. + optional bytes file_header = 2; + // IMAGE_OPTIONAL_HEADER32. Present only for 32-bit PE images. + optional bytes optional_headers32 = 3; + // IMAGE_OPTIONAL_HEADER64. Present only for 64-bit PE images. + optional bytes optional_headers64 = 4; + // IMAGE_SECTION_HEADER. + repeated bytes section_header = 5; + // Contents of the .edata section. + optional bytes export_section_data = 6; + + message DebugData { + // IMAGE_DEBUG_DIRECTORY. + optional bytes directory_entry = 1; + optional bytes raw_data = 2; + } + + repeated DebugData debug_data = 7; + } + + message MachOHeaders { + // The mach_header or mach_header_64 struct. + required bytes mach_header = 1; + + message LoadCommand { + // |command_id| is the first uint32 of |command| as well, but is + // extracted for easier processing. + required uint32 command_id = 1; + // The entire data stream of the load command. + required bytes command = 2; + } + + // All the load commands of the Mach-O file. + repeated LoadCommand load_commands = 2; + } + + message ImageHeaders { + // Windows Portable Executable image headers. + optional PEImageHeaders pe_headers = 1; + + // OS X Mach-O image headers. + repeated MachOHeaders mach_o_headers = 2; + }; + + // Fields 12-17 are reserved for server-side use and are never sent by the + // client. + + optional ImageHeaders image_headers = 18; + + // Fields 19-21 are reserved for server-side use and are never sent by the + // client. + + // A binary or archive contained in an archive (e.g., a .exe in a .zip + // archive, or a .zip inside a .zip). + message ArchivedBinary { + optional string file_basename = 1; + optional DownloadType download_type = 2; + optional Digests digests = 3; + optional int64 length = 4; + optional SignatureInfo signature = 5; + optional ImageHeaders image_headers = 6; + } + + repeated ArchivedBinary archived_binary = 22; + + // Population that the reporting user is part of. + optional ChromeUserPopulation population = 24; + + // True if the .zip or DMG, etc, was 100% successfully unpacked. + optional bool archive_valid = 26; + + // True if this ClientDownloadRequest is from a whitelisted domain. + optional bool skipped_url_whitelist = 28; + + // True if this ClientDownloadRequest contains a whitelisted certificate. + optional bool skipped_certificate_whitelist = 31; + + // PPAPI_SAVE_REQUEST type messages may have more than one suggested filetype. + // Each element in this collection indicates an alternate extension including + // the leading extension separator. + repeated string alternate_extensions = 35; + + // URLs transitions from landing referrer to download in reverse chronological + // order, i.e. download url comes first in this list, and landing referrer + // comes last. + repeated ReferrerChainEntry referrer_chain = 36; + + // Deprecated. + optional bool DEPRECATED_download_attribution_finch_enabled = 39 + [deprecated = true]; + + // The Mac disk image code signature. + // The underlying structure of code signature is defined at + // https://opensource.apple.com/source/xnu/xnu-2782.1.97/bsd/sys/codesign.h + optional bytes udif_code_signature = 40; +} + +// Please update SafeBrowsingNavigationObserverManager::SanitizeReferrerChain() +// if you're adding more fields to this message. +message ReferrerChainEntry { + enum URLType { + // URL of safe browsing events that are at the end of the referrer chain. + // e.g. URL of a download, URL of a low reputation login page, etc. + EVENT_URL = 1; // e.g. + + // Landing page is the page user directly interacts with to trigger the + // above event, e.g. the page where user clicks a download button. + LANDING_PAGE = 2; + + // Landing referrer is the one user directly interacts with right before + // navigating to the landing page. + LANDING_REFERRER = 3; + + // Client redirect refers to committed navigation between landing page and + // the targeted event, or between landing referrer page and landing page. + // Client redirect is not triggered by user gesture. + CLIENT_REDIRECT = 4; + + DEPRECATED_SERVER_REDIRECT = 5; // Deprecated + } + + message ServerRedirect { + // [required] server redirect url + optional string url = 1; + + // Additional fields for future expansion. + } + + // [required] The url of this Entry. + optional string url = 1; + + // Only set if it is different from |url|. + optional string main_frame_url = 9; + + // Type of URLs, such as event url, landing page, etc. + optional URLType type = 2 [default = CLIENT_REDIRECT]; + + // IP addresses corresponding to this host. + repeated string ip_addresses = 3; + + // Referrer url of this entry. + optional string referrer_url = 4; + + // Main frame URL of referrer. + // Only set if it is different from |referrer_url|. + optional string referrer_main_frame_url = 5; + + // If this URL loads in a different tab/frame from previous one. + optional bool is_retargeting = 6; + + optional double navigation_time_msec = 7; + + // Set only if server redirects happened in navigation. + // The first entry in |server_redirect_chain| should be the original request + // url, and the last entry should be the same as |url|. + repeated ServerRedirect server_redirect_chain = 8; +} // End of ReferrerChainEntry + +message ClientDownloadResponse { + enum Verdict { + // Download is considered safe. + SAFE = 0; + // Download is considered dangerous. Chrome should show a warning to the + // user. + DANGEROUS = 1; + // Download is uncommon. Chrome should display a less severe warning. + UNCOMMON = 2; + // The download is potentially unwanted. + POTENTIALLY_UNWANTED = 3; + // The download is from a dangerous host. + DANGEROUS_HOST = 4; + // The backend doesn't have confidence in its verdict of this file. + // Chrome should show the default warning if configured for this file type. + UNKNOWN = 5; + } + optional Verdict verdict = 1 [default = SAFE]; + + message MoreInfo { + // A human-readable string describing the nature of the warning. + // Only if verdict != SAFE. Localized based on request.locale. + optional string description = 1; + + // A URL to get more information about this warning, if available. + optional string url = 2; + } + optional MoreInfo more_info = 2; + + // An arbitrary token that should be sent along for further server requests. + optional bytes token = 3; + + // Whether the server requests that this binary be uploaded. + optional bool upload = 5; +} + +// The following protocol buffer holds the feedback report gathered +// from the user regarding the download. +message ClientDownloadReport { + // The information of user who provided the feedback. + // This is going to be useful for handling appeals. + message UserInformation { optional string email = 1; } + + enum Reason { + SHARE = 0; + FALSE_POSITIVE = 1; + APPEAL = 2; + } + + // The type of feedback for this report. + optional Reason reason = 1; + + // The original download ping + optional ClientDownloadRequest download_request = 2; + + // Stores the information of the user who provided the feedback. + optional UserInformation user_information = 3; + + // Unstructed comments provided by the user. + optional bytes comment = 4; + + // The original download response sent from the verdict server. + optional ClientDownloadResponse download_response = 5; +} + +// This is used to send back upload status to the client after upload completion +message ClientUploadResponse { + enum UploadStatus { + // The upload was successful and a complete response can be expected + SUCCESS = 0; + + // The upload was unsuccessful and the response is incomplete. + UPLOAD_FAILURE = 1; + } + + // Holds the upload status + optional UploadStatus status = 1; + + // Holds the permalink where the results of scanning the binary are available + optional string permalink = 2; +} + +message ClientIncidentReport { + message IncidentData { + message TrackedPreferenceIncident { + enum ValueState { + UNKNOWN = 0; + CLEARED = 1; + WEAK_LEGACY_OBSOLETE = 2; + CHANGED = 3; + UNTRUSTED_UNKNOWN_VALUE = 4; + BYPASS_CLEARED = 5; + BYPASS_CHANGED = 6; + } + + optional string path = 1; + optional string atomic_value = 2; + repeated string split_key = 3; + optional ValueState value_state = 4; + } + + message BinaryIntegrityIncident { + optional string file_basename = 1; + optional ClientDownloadRequest.SignatureInfo signature = 2; + optional ClientDownloadRequest.ImageHeaders image_headers = 3; + optional int32 sec_error = 4; + + message ContainedFile { + optional string relative_path = 1; + optional ClientDownloadRequest.SignatureInfo signature = 2; + optional ClientDownloadRequest.ImageHeaders image_headers = 3; + } + repeated ContainedFile contained_file = 5; + } + + message ResourceRequestIncident { + enum Type { + UNKNOWN = 0; + TYPE_PATTERN = 3; + } + optional bytes digest = 1; + optional string origin = 2; + optional Type type = 3 [default = UNKNOWN]; + } + + optional int64 incident_time_msec = 1; + optional TrackedPreferenceIncident tracked_preference = 2; + optional BinaryIntegrityIncident binary_integrity = 3; + // Note: skip tag 4,5,6 because they were previously used. + reserved 4 to 6; + optional ResourceRequestIncident resource_request = 7; + // Note: skip tag 8 because it was previously used. + reserved 8; + } + + repeated IncidentData incident = 1; + + message DownloadDetails { + optional bytes token = 1; + optional ClientDownloadRequest download = 2; + optional int64 download_time_msec = 3; + optional int64 open_time_msec = 4; + } + + optional DownloadDetails download = 2; + + message EnvironmentData { + message OS { + optional string os_name = 1; + optional string os_version = 2; + + message RegistryValue { + optional string name = 1; + optional uint32 type = 2; + optional bytes data = 3; + } + + message RegistryKey { + optional string name = 1; + repeated RegistryValue value = 2; + repeated RegistryKey key = 3; + } + + repeated RegistryKey registry_key = 3; + + optional bool is_enrolled_to_domain = 4; + } + optional OS os = 1; + message Machine { + optional string cpu_architecture = 1; + optional string cpu_vendor = 2; + optional uint32 cpuid = 3; + } + optional Machine machine = 2; + message Process { + optional string version = 1; + repeated string OBSOLETE_dlls = 2; + message Patch { + optional string function = 1; + optional string target_dll = 2; + } + repeated Patch patches = 3; + message NetworkProvider {} + repeated NetworkProvider network_providers = 4; + enum Channel { + CHANNEL_UNKNOWN = 0; + CHANNEL_CANARY = 1; + CHANNEL_DEV = 2; + CHANNEL_BETA = 3; + CHANNEL_STABLE = 4; + } + optional Channel chrome_update_channel = 5; + optional int64 uptime_msec = 6; + optional bool metrics_consent = 7; + // Obsolete: extended consent is now required for incident reporting. + optional bool OBSOLETE_extended_consent = 8; + message Dll { + enum Feature { + UNKNOWN = 0; + LSP = 1; + } + optional string path = 1; + optional uint64 base_address = 2; + optional uint32 length = 3; + repeated Feature feature = 4; + optional ClientDownloadRequest.ImageHeaders image_headers = 5; + } + repeated Dll dll = 9; + repeated string blacklisted_dll = 10; + message ModuleState { + enum ModifiedState { + UNKNOWN = 0; + MODULE_STATE_UNKNOWN = 1; + MODULE_STATE_UNMODIFIED = 2; + MODULE_STATE_MODIFIED = 3; + } + optional string name = 1; + optional ModifiedState modified_state = 2; + repeated string OBSOLETE_modified_export = 3; + + message Modification { + optional uint32 file_offset = 1; + optional int32 byte_count = 2; + optional bytes modified_bytes = 3; + optional string export_name = 4; + } + repeated Modification modification = 4; + } + repeated ModuleState module_state = 11; + // Obsolete: field trials no longer enable incident reporting. + optional bool OBSOLETE_field_trial_participant = 12; + } + optional Process process = 3; + } + + message ExtensionData { + message ExtensionInfo { + enum ExtensionState { + STATE_UNKNOWN = 0; + STATE_ENABLED = 1; + STATE_DISABLED = 2; + STATE_BLACKLISTED = 3; + STATE_BLOCKED = 4; + STATE_TERMINATED = 5; + } + + optional string id = 1; + optional string version = 2; + optional string name = 3; + optional string description = 4; + optional ExtensionState state = 5 [default = STATE_UNKNOWN]; + optional int32 type = 6; + optional string update_url = 7; + optional bool has_signature_validation = 8; + optional bool signature_is_valid = 9; + optional bool installed_by_custodian = 10; + optional bool installed_by_default = 11; + optional bool installed_by_oem = 12; + optional bool from_bookmark = 13; + optional bool from_webstore = 14; + optional bool converted_from_user_script = 15; + optional bool may_be_untrusted = 16; + optional int64 install_time_msec = 17; + optional int32 manifest_location_type = 18; + optional string manifest = 19; + } + + optional ExtensionInfo last_installed_extension = 1; + } + + optional EnvironmentData environment = 3; + + // Population that the reporting user is part of. + optional ChromeUserPopulation population = 7; + + optional ExtensionData extension_data = 8; + + message NonBinaryDownloadDetails { + optional string file_type = 1; + optional bytes url_spec_sha256 = 2; + optional string host = 3; + optional int64 length = 4; + } + + optional NonBinaryDownloadDetails non_binary_download = 9; +} + +message ClientIncidentResponse { + optional bytes token = 1; + optional bool download_requested = 2; + + message EnvironmentRequest { optional int32 dll_index = 1; } + + repeated EnvironmentRequest environment_requests = 3; +} + +message DownloadMetadata { + optional uint32 download_id = 1; + + optional ClientIncidentReport.DownloadDetails download = 2; +} + +// A Detailed Safebrowsing Report from clients. Chrome safebrowsing reports are +// only sent by Chrome users who have opted into extended Safe Browsing. +// This proto is replacing ClientMalwareReportRequest. +// Next tag: 19 +message ClientSafeBrowsingReportRequest { + // Note: A lot of the "optional" fields would make sense to be + // "required" instead. However, having them as optional allows the + // clients to send "stripped down" versions of the message in the + // future, if we want to. + + enum ReportType { + UNKNOWN = 0; + URL_PHISHING = 1; + URL_MALWARE = 2; + URL_UNWANTED = 3; + URL_CLIENT_SIDE_PHISHING = 4; + URL_CLIENT_SIDE_MALWARE = 5; + DANGEROUS_DOWNLOAD_RECOVERY = 6; + DANGEROUS_DOWNLOAD_WARNING = 7; + DANGEROUS_DOWNLOAD_BY_API = 10; + URL_PASSWORD_PROTECTION_PHISHING = 12; + DANGEROUS_DOWNLOAD_OPENED = 13; + AD_SAMPLE = 14; + } + + message HTTPHeader { + required bytes name = 1; + optional bytes value = 2; + } + + message HTTPRequest { + message FirstLine { + optional bytes verb = 1; + optional bytes uri = 2; + optional bytes version = 3; + } + + optional FirstLine firstline = 1; + repeated HTTPHeader headers = 2; + optional bytes body = 3; + + // bodydigest and bodylength can be useful if the report does not + // contain the body itself. + optional bytes bodydigest = 4; // 32-byte hex md5 digest of body. + optional int32 bodylength = 5; // length of body. + } + + message HTTPResponse { + message FirstLine { + optional int32 code = 1; + optional bytes message = 2; + optional bytes version = 3; + } + + optional FirstLine firstline = 1; + repeated HTTPHeader headers = 2; + optional bytes body = 3; + optional bytes bodydigest = 4; // 32-byte hex md5 digest of body. + optional int32 bodylength = 5; // length of body. + optional bytes remote_ip = 6; // IP of the server. + } + + message Resource { + required int32 id = 1; + optional string url = 2; + optional HTTPRequest request = 3; + optional HTTPResponse response = 4; + optional int32 parent_id = 5; + repeated int32 child_ids = 6; + optional string tag_name = 7; + } + + optional ReportType type = 10; + + // Only set if ReportType is DANGEROUS_DOWNLOAD_RECOVERY, + // DANGEROUS_DOWNLOAD_WARNING or DANGEROUS_DOWNLOAD_BY_API. + optional ClientDownloadResponse.Verdict download_verdict = 11; + + // URL of the page in the address bar. + optional string url = 1; + optional string page_url = 2; + optional string referrer_url = 3; + + repeated Resource resources = 4; + + // Contains the hierarchy of elements on the page (ie: the DOM). Some + // elements can be Resources and will refer to the resources list (above). + repeated HTMLElement dom = 16; + + // Whether the report is complete. + optional bool complete = 5; + + // The ASN and country of the client IP. These fields are filled up by + // csd_frontend + repeated string client_asn = 6; + optional string client_country = 7; + + // Whether user chose to proceed. + optional bool did_proceed = 8; + + // Whether user visited this origin before. + optional bool repeat_visit = 9; + + // The same token in ClientDownloadResponse or LoginReputationClientResponse. + // This field is only set if its report type is DANGEROUS_DOWNLOAD_RECOVERY, + // DANGEROUS_DOWNLOAD_WARNING, DANGEROUS_DOWNLOAD_BY_API, + // URL_PASSWORD_PROTECTION_PHISHING, or DANGEROUS_DOWNLOAD_OPENED. + optional bytes token = 15; + + enum SafeBrowsingUrlApiType { + SAFE_BROWSING_URL_API_TYPE_UNSPECIFIED = 0; + // Native implementation of Safe Browsing API v3 protocol. + PVER3_NATIVE = 1; + // Native implementation of Safe Browsing API v4 protocol. + PVER4_NATIVE = 2; + // Android SafetyNet API. + // https://developer.android.com/training/safetynet/safebrowsing.html + ANDROID_SAFETYNET = 3; + // Flywheel (data compression service). + FLYWHEEL = 4; + } + + // The information propagated from the client about various environment + // variables including SDK version, Google Play Services version and so on. + message SafeBrowsingClientProperties { + optional string client_version = 1; + optional int64 google_play_services_version = 2; + optional bool is_instant_apps = 3; + optional SafeBrowsingUrlApiType url_api_type = 4; + } + optional SafeBrowsingClientProperties client_properties = 17; + + // Only set if report type is DANGEROUS_DOWNLOAD_EXECUTION. + // True means user opened the folder where this download is in via browser. + // False means user directly executed this download via download shelf or + // other download UIs. + optional bool show_download_in_folder = 18; +} + +// An HTML Element on the page (eg: iframe, div, script, etc). +message HTMLElement { + // Id of this element. + optional int32 id = 1; + + // The tag type of this element (eg: iframe, div, script, etc). + optional string tag = 2; + + // IDs of elements that are children of this element. + repeated int32 child_ids = 3; + + // If this element represents a Resource then this is the id of the + // Resource, which contains additional data about the Resource. Otherwise + // unset. + optional int32 resource_id = 5; + + // An Attribute of the element (eg: id, border, foo etc) and its value. + message Attribute { + optional string name = 1; + optional string value = 2; + } + repeated Attribute attribute = 6; +} + +// Canonical representation of raster image data. +message ImageData { + // Image bitmap, after downscaling to <= 512x512. + optional bytes data = 1; + + // Encoding scheme for the bitmap. + optional string mime_type = 2; + + message Dimensions { + optional int32 width = 1; + optional int32 height = 2; + } + + // Dimensions of the image stored in |data|. + optional Dimensions dimensions = 3; + optional Dimensions original_dimensions = 4; // iff downscaled +} + +// Reporting protobuf for an image served as part of a browser notification. +// There is no response (an empty body) to this request. +message NotificationImageReportRequest { + optional string notification_origin = 1; // Src-origin of the notification. + optional ImageData image = 2; // The bitmap of the image. + + // Note that the image URL is deliberately omitted as it would be untrusted, + // since the notification image fetch may be intercepted by a Service Worker + // (even if the image URL is cross-origin). Otherwise a website could mislead + // Safe Browsing into associating phishing image bitmaps with safe image URLs. +} |