package safe_browsing

Get desktop application:
View/edit binary Protocol Buffers messages

The following protocol buffer holds the feedback report gathered from the user regarding the download.

• optional ClientDownloadReport.Reason reason = 1

  The type of feedback for this report.

• optional ClientDownloadRequest download_request = 2

  The original download ping

• optional ClientDownloadReport.UserInformation user_information = 3

  Stores the information of the user who provided the feedback.

• optional bytes comment = 4

  Unstructed comments provided by the user.

• optional ClientDownloadResponse download_response = 5

  The original download response sent from the verdict server.

Used in: ClientDownloadReport

• SHARE = 0

• FALSE_POSITIVE = 1

• APPEAL = 2

The information of user who provided the feedback. This is going to be useful for handling appeals.

Used in: ClientDownloadReport

• optional string email = 1

Used in: ClientDownloadReport, ClientIncidentReport.DownloadDetails

• required string url = 1

  The final URL of the download (after all redirects).

• required ClientDownloadRequest.Digests digests = 2

• required int64 length = 3

  This is the length in bytes of the download payload.

• repeated ClientDownloadRequest.Resource resources = 4

  This repeated field will store all the redirects as well as the final URLs for the top-level tab URL (i.e., the URL that triggered the download) as well as for the download URL itself.

• optional ClientDownloadRequest.SignatureInfo signature = 5

  This field will only be set if the binary is signed.

• optional bool user_initiated = 6

  True if the download was user initiated.

• optional string file_basename = 9

  Name of the file where the download would be stored if the download completes. E.g., "bla.exe".

• optional ClientDownloadRequest.DownloadType download_type = 10

• optional string locale = 11

  Locale of the device, eg en, en_US.

• optional ClientDownloadRequest.ImageHeaders image_headers = 18

• repeated ClientDownloadRequest.ArchivedBinary archived_binary = 22

A binary contained in an archive (e.g., a .zip archive).

Used in: ClientDownloadRequest

• optional string file_basename = 1

• optional DownloadType download_type = 2

• optional Digests digests = 3

• optional int64 length = 4

• optional SignatureInfo signature = 5

• optional ImageHeaders image_headers = 6

A trust chain of certificates. Each chain begins with the signing certificate of the binary, and ends with a self-signed certificate, typically from a trusted root CA. This structure is analogous to CERT_CHAIN_CONTEXT on Windows.

Used in: SignatureInfo

• repeated CertificateChain.Element element = 1

A single link in the chain.

Used in: CertificateChain

• optional bytes certificate = 1

  DER-encoded X.509 representation of the certificate.

  Fields 2 - 7 are only used on the server.

This message contains various binary digests of the download payload.

Used in: ClientDownloadRequest, ArchivedBinary, ClientIncidentReport.IncidentData.BlacklistLoadIncident

• optional bytes sha256 = 1

• optional bytes sha1 = 2

• optional bytes md5 = 3

Starting with Chrome M19 we're also sending back pings for Chrome extensions that get downloaded by users.

Used in: ClientDownloadRequest, ArchivedBinary

• WIN_EXECUTABLE = 0

  Currently all .exe, .cab and .msi files.

• CHROME_EXTENSION = 1

  .crx files.

• ANDROID_APK = 2

  .apk files.

• ZIPPED_EXECUTABLE = 3

  .zip files containing one of the other executable types.

• MAC_EXECUTABLE = 4

  .dmg, .pkg, etc.

Used in: ClientDownloadRequest, ArchivedBinary, ClientIncidentReport.EnvironmentData.Process.Dll, ClientIncidentReport.IncidentData.BlacklistLoadIncident

• optional PEImageHeaders pe_headers = 1

  Windows Portable Executable image headers.

Used in: ImageHeaders

• optional bytes dos_header = 1

  IMAGE_DOS_HEADER.

• optional bytes file_header = 2

  IMAGE_FILE_HEADER.

• optional bytes optional_headers32 = 3

  IMAGE_OPTIONAL_HEADER32. Present only for 32-bit PE images.

• optional bytes optional_headers64 = 4

  IMAGE_OPTIONAL_HEADER64. Present only for 64-bit PE images.

• repeated bytes section_header = 5

  IMAGE_SECTION_HEADER.

• optional bytes export_section_data = 6

  Contents of the .edata section.

• repeated PEImageHeaders.DebugData debug_data = 7

Used in: PEImageHeaders

• optional bytes directory_entry = 1

  IMAGE_DEBUG_DIRECTORY.

• optional bytes raw_data = 2

Used in: ClientDownloadRequest

• required string url = 1

• required ResourceType type = 2

• optional bytes remote_ip = 3

• optional string referrer = 4

  This will only be set if the referrer is available and if the resource type is either TAB_URL or DOWNLOAD_URL.

Type of the resources stored below.

Used in: Resource

• DOWNLOAD_URL = 0

  The final URL of the download payload. The resource URL should correspond to the URL field above.

• DOWNLOAD_REDIRECT = 1

  A redirect URL that was fetched before hitting the final DOWNLOAD_URL.

• TAB_URL = 2

  The final top-level URL of the tab that triggered the download.

• TAB_REDIRECT = 3

  A redirect URL thas was fetched before hitting the final TAB_URL.

Used in: ClientDownloadRequest, ArchivedBinary, ClientIncidentReport.IncidentData.BinaryIntegrityIncident, ClientIncidentReport.IncidentData.BlacklistLoadIncident

• repeated CertificateChain certificate_chain = 1

  All of the certificate chains for the binary's signing certificate. If no chains are present, the binary is not signed. Multiple chains may be present if any certificate has multiple signers.

• optional bool trusted = 2

  True if the signature was trusted on the client.

Used in: ClientDownloadReport

• required ClientDownloadResponse.Verdict verdict = 1

• optional ClientDownloadResponse.MoreInfo more_info = 2

• optional bytes token = 3

  An arbitrary token that should be sent along for further server requests.

Used in: ClientDownloadResponse

• optional string description = 1

  A human-readable string describing the nature of the warning. Only if verdict != SAFE. Localized based on request.locale.

• optional string url = 2

  A URL to get more information about this warning, if available.

Used in: ClientDownloadResponse

• SAFE = 0

  Download is considered safe.

• DANGEROUS = 1

  Download is considered dangerous. Chrome should show a warning to the user.

• UNCOMMON = 2

  Download is unknown. Chrome should display a less severe warning.

• POTENTIALLY_UNWANTED = 3

  The download is potentially unwanted.

• DANGEROUS_HOST = 4

  The download is from a dangerous host.

• repeated ClientIncidentReport.IncidentData incident = 1

• optional ClientIncidentReport.DownloadDetails download = 2

• optional ClientIncidentReport.EnvironmentData environment = 3

Used in: ClientIncidentReport, DownloadMetadata

• optional bytes token = 1

• optional ClientDownloadRequest download = 2

• optional int64 download_time_msec = 3

• optional int64 open_time_msec = 4

Used in: ClientIncidentReport

• optional EnvironmentData.OS os = 1

• optional EnvironmentData.Machine machine = 2

• optional EnvironmentData.Process process = 3

Used in: EnvironmentData

• optional string cpu_architecture = 1

• optional string cpu_vendor = 2

• optional uint32 cpuid = 3

Used in: EnvironmentData

• optional string os_name = 1

• optional string os_version = 2

Used in: EnvironmentData

• optional string version = 1

• repeated string OBSOLETE_dlls = 2

• repeated Process.Patch patches = 3

• repeated Process.NetworkProvider network_providers = 4

• optional Process.Channel chrome_update_channel = 5

• optional int64 uptime_msec = 6

• optional bool metrics_consent = 7

• optional bool extended_consent = 8

• repeated Process.Dll dll = 9

• repeated string blacklisted_dll = 10

• repeated Process.ModuleState module_state = 11

Used in: Process

• CHANNEL_UNKNOWN = 0

• CHANNEL_CANARY = 1

• CHANNEL_DEV = 2

• CHANNEL_BETA = 3

• CHANNEL_STABLE = 4

Used in: Process

• optional string path = 1

• optional uint64 base_address = 2

• optional uint32 length = 3

• repeated Dll.Feature feature = 4

• optional ClientDownloadRequest.ImageHeaders image_headers = 5

Used in: Dll

• UNKNOWN = 0

• LSP = 1

Used in: Process

• optional string name = 1

• optional ModuleState.ModifiedState modified_state = 2

• repeated string modified_export = 3

Used in: ModuleState

• UNKNOWN = 0

• MODULE_STATE_UNKNOWN = 1

• MODULE_STATE_UNMODIFIED = 2

• MODULE_STATE_MODIFIED = 3

Used in: Process

(message has no fields)

Used in: Process

• optional string function = 1

• optional string target_dll = 2

Used in: ClientIncidentReport

• optional int64 incident_time_msec = 1

• optional IncidentData.TrackedPreferenceIncident tracked_preference = 2

• optional IncidentData.BinaryIntegrityIncident binary_integrity = 3

• optional IncidentData.BlacklistLoadIncident blacklist_load = 4

• optional IncidentData.VariationsSeedSignatureIncident variations_seed_signature = 6

  Note: skip tag 5 because it was previously used.

• optional IncidentData.ScriptRequestIncident script_request = 7

Used in: IncidentData

• optional string file_basename = 1

• optional ClientDownloadRequest.SignatureInfo signature = 2

Used in: IncidentData

• optional string path = 1

• optional ClientDownloadRequest.Digests digest = 2

• optional string version = 3

• optional bool blacklist_initialized = 4

• optional ClientDownloadRequest.SignatureInfo signature = 5

• optional ClientDownloadRequest.ImageHeaders image_headers = 6

Used in: IncidentData

• optional string script_digest = 1

• optional string inclusion_origin = 2

Used in: IncidentData

• optional string path = 1

• optional string atomic_value = 2

• repeated string split_key = 3

• optional TrackedPreferenceIncident.ValueState value_state = 4

Used in: TrackedPreferenceIncident

• UNKNOWN = 0

• CLEARED = 1

• WEAK_LEGACY_OBSOLETE = 2

• CHANGED = 3

• UNTRUSTED_UNKNOWN_VALUE = 4

Used in: IncidentData

• optional string variations_seed_signature = 1

• optional bytes token = 1

• optional bool download_requested = 2

• repeated ClientIncidentResponse.EnvironmentRequest environment_requests = 3

Used in: ClientIncidentResponse

• optional int32 dll_index = 1

• required string url = 1

  URL that the client visited. The CGI parameters are stripped by the client.

• optional string referrer_url = 4

  The referrer URL. This field might not be set, for example, in the case where the referrer uses HTTPS.

• repeated ClientMalwareRequest.UrlInfo bad_ip_url_info = 7

  List of resource urls that match the malware IP list.

Used in: ClientMalwareRequest

• required string ip = 1

• required string url = 2

• optional string method = 3

• optional string referrer = 4

• optional int32 resource_type = 5

  Resource type, the int value is a direct cast from the Type enum of ResourceType class defined in //src/webkit/commom/resource_type.h

• required bool blacklist = 1

• optional string bad_ip = 2

  The confirmed blacklisted bad IP and its url, which will be shown in malware warning, if the blacklist verdict is true. This IP string could be either in IPv4 or IPv6 format, which is the same as the ones client sent to server.

• optional string bad_url = 3

• optional string url = 1

  URL that the client visited. The CGI parameters are stripped by the client.

• optional bytes OBSOLETE_hash_prefix = 10

  A 5-byte SHA-256 hash prefix of the URL. Before hashing the URL is canonicalized, converted to a suffix-prefix expression and broadened (www prefix is removed and everything past the last '/' is stripped). Marked OBSOLETE because the URL is sent for all users, making the hash prefix unnecessary.

• required float client_score = 2

  Score that was computed on the client. Value is between 0.0 and 1.0. The larger the value the more likely the url is phishing.

• optional bool is_phishing = 4

  Is true if the features for this URL were classified as phishing. Currently, this will always be true for all client-phishing requests that are sent to the server.

• repeated ClientPhishingRequest.Feature feature_map = 5

  List of features that were extracted. Those are the features that were sent to the scorer and which resulted in client_score being computed.

• optional int32 model_version = 6

  The version number of the model that was used to compute the client-score. Copied from ClientSideModel.version().

• repeated ClientPhishingRequest.Feature non_model_feature_map = 8

  List of features that are extracted in the client but are not used in the machine learning model.

• optional string OBSOLETE_referrer_url = 9

  The referrer URL. This field might not be set, for example, in the case where the referrer uses HTTPs. OBSOLETE: Use feature 'Referrer=<referrer>' instead.

• repeated uint32 shingle_hashes = 12

  List of shingle hashes we extracted.

Used in: ClientPhishingRequest

• required string name = 1

  Feature name. E.g., 'PageHasForms'.

• required double value = 2

  Feature value is always in the range [0.0, 1.0]. Boolean features have value 1.0.

• required bool phishy = 1

• repeated string OBSOLETE_whitelist_expression = 2

  A list of SafeBrowsing host-suffix / path-prefix expressions that are whitelisted. The client must match the current top-level URL against these whitelisted expressions and only apply a positive phishing verdict above if the URL does not match any expression on this whitelist. The client must not cache these whitelisted expressions. This whitelist will be empty for the vast majority of the responses but might contain up to 100 entries in emergency situations. Marked OBSOLETE because the URL is sent for all users, so the server can do whitelist matching.

This is used to send back upload status to the client after upload completion

• optional ClientUploadResponse.UploadStatus status = 1

  Holds the upload status

• optional string permalink = 2

  Holds the permalink where the results of scanning the binary are available

Used in: ClientUploadResponse

• SUCCESS = 0

  The upload was successful and a complete response can be expected

• UPLOAD_FAILURE = 1

  The upload was unsuccessful and the response is incomplete.

• optional uint32 download_id = 1

• optional ClientIncidentReport.DownloadDetails download = 2