1// Copyright 2019 Google LLC.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15
16syntax = "proto3";
17
18package google.cloud.webrisk.v1beta1;
19
20import "google/api/annotations.proto";
21import "google/api/client.proto";
22import "google/api/field_behavior.proto";
23import "google/protobuf/timestamp.proto";
24
25option csharp_namespace = "Google.Cloud.WebRisk.V1Beta1";
26option go_package = "cloud.google.com/go/webrisk/apiv1beta1/webriskpb;webriskpb";
27option java_multiple_files = true;
28option java_outer_classname = "WebRiskProto";
29option java_package = "com.google.webrisk.v1beta1";
30option objc_class_prefix = "GCWR";
31option php_namespace = "Google\\Cloud\\WebRisk\\V1beta1";
32option ruby_package = "Google::Cloud::WebRisk::V1beta1";
33
34// Web Risk v1beta1 API defines an interface to detect malicious URLs on your
35// website and in client applications.
36service WebRiskServiceV1Beta1 {
37  option (google.api.default_host) = "webrisk.googleapis.com";
38  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
39
40  // Gets the most recent threat list diffs.
41  rpc ComputeThreatListDiff(ComputeThreatListDiffRequest) returns (ComputeThreatListDiffResponse) {
42    option (google.api.http) = {
43      get: "/v1beta1/threatLists:computeDiff"
44    };
45    option (google.api.method_signature) = "threat_type,version_token,constraints";
46  }
47
48  // This method is used to check whether a URI is on a given threatList.
49  rpc SearchUris(SearchUrisRequest) returns (SearchUrisResponse) {
50    option (google.api.http) = {
51      get: "/v1beta1/uris:search"
52    };
53    option (google.api.method_signature) = "uri,threat_types";
54  }
55
56  // Gets the full hashes that match the requested hash prefix.
57  // This is used after a hash prefix is looked up in a threatList
58  // and there is a match. The client side threatList only holds partial hashes
59  // so the client must query this method to determine if there is a full
60  // hash match of a threat.
61  rpc SearchHashes(SearchHashesRequest) returns (SearchHashesResponse) {
62    option (google.api.http) = {
63      get: "/v1beta1/hashes:search"
64    };
65    option (google.api.method_signature) = "hash_prefix,threat_types";
66  }
67}
68
69// Describes an API diff request.
70message ComputeThreatListDiffRequest {
71  // The constraints for this diff.
72  message Constraints {
73    // The maximum size in number of entries. The diff will not contain more
74    // entries than this value.  This should be a power of 2 between 2**10 and
75    // 2**20.  If zero, no diff size limit is set.
76    int32 max_diff_entries = 1;
77
78    // Sets the maximum number of entries that the client is willing to have
79    // in the local database. This should be a power of 2 between 2**10 and
80    // 2**20. If zero, no database size limit is set.
81    int32 max_database_entries = 2;
82
83    // The compression types supported by the client.
84    repeated CompressionType supported_compressions = 3;
85  }
86
87  // The ThreatList to update.
88  ThreatType threat_type = 1 [(google.api.field_behavior) = REQUIRED];
89
90  // The current version token of the client for the requested list (the
91  // client version that was received from the last successful diff).
92  bytes version_token = 2;
93
94  // Required. The constraints associated with this request.
95  Constraints constraints = 3 [(google.api.field_behavior) = REQUIRED];
96}
97
98message ComputeThreatListDiffResponse {
99  // The expected state of a client's local database.
100  message Checksum {
101    // The SHA256 hash of the client state; that is, of the sorted list of all
102    // hashes present in the database.
103    bytes sha256 = 1;
104  }
105
106  // The type of response sent to the client.
107  enum ResponseType {
108    // Unknown.
109    RESPONSE_TYPE_UNSPECIFIED = 0;
110
111    // Partial updates are applied to the client's existing local database.
112    DIFF = 1;
113
114    // Full updates resets the client's entire local database. This means
115    // that either the client had no state, was seriously out-of-date,
116    // or the client is believed to be corrupt.
117    RESET = 2;
118  }
119
120  // The type of response. This may indicate that an action must be taken by the
121  // client when the response is received.
122  ResponseType response_type = 4;
123
124  // A set of entries to add to a local threat type's list.
125  ThreatEntryAdditions additions = 5;
126
127  // A set of entries to remove from a local threat type's list.
128  // This field may be empty.
129  ThreatEntryRemovals removals = 6;
130
131  // The new opaque client version token.
132  bytes new_version_token = 7;
133
134  // The expected SHA256 hash of the client state; that is, of the sorted list
135  // of all hashes present in the database after applying the provided diff.
136  // If the client state doesn't match the expected state, the client must
137  // disregard this diff and retry later.
138  Checksum checksum = 8;
139
140  // The soonest the client should wait before issuing any diff
141  // request. Querying sooner is unlikely to produce a meaningful diff.
142  // Waiting longer is acceptable considering the use case.
143  // If this field is not set clients may update as soon as they want.
144  google.protobuf.Timestamp recommended_next_diff = 2;
145}
146
147// Request to check URI entries against threatLists.
148message SearchUrisRequest {
149  // Required. The URI to be checked for matches.
150  string uri = 1 [(google.api.field_behavior) = REQUIRED];
151
152  // Required. The ThreatLists to search in.
153  repeated ThreatType threat_types = 2 [(google.api.field_behavior) = REQUIRED];
154}
155
156message SearchUrisResponse {
157  // Contains threat information on a matching uri.
158  message ThreatUri {
159    // The ThreatList this threat belongs to.
160    repeated ThreatType threat_types = 1;
161
162    // The cache lifetime for the returned match. Clients must not cache this
163    // response past this timestamp to avoid false positives.
164    google.protobuf.Timestamp expire_time = 2;
165  }
166
167  // The threat list matches. This may be empty if the URI is on no list.
168  ThreatUri threat = 1;
169}
170
171// Request to return full hashes matched by the provided hash prefixes.
172message SearchHashesRequest {
173  // A hash prefix, consisting of the most significant 4-32 bytes of a SHA256
174  // hash. For JSON requests, this field is base64-encoded.
175  bytes hash_prefix = 1;
176
177  // Required. The ThreatLists to search in.
178  repeated ThreatType threat_types = 2 [(google.api.field_behavior) = REQUIRED];
179}
180
181message SearchHashesResponse {
182  // Contains threat information on a matching hash.
183  message ThreatHash {
184    // The ThreatList this threat belongs to.
185    // This must contain at least one entry.
186    repeated ThreatType threat_types = 1;
187
188    // A 32 byte SHA256 hash. This field is in binary format. For JSON
189    // requests, hashes are base64-encoded.
190    bytes hash = 2;
191
192    // The cache lifetime for the returned match. Clients must not cache this
193    // response past this timestamp to avoid false positives.
194    google.protobuf.Timestamp expire_time = 3;
195  }
196
197  // The full hashes that matched the requested prefixes.
198  // The hash will be populated in the key.
199  repeated ThreatHash threats = 1;
200
201  // For requested entities that did not match the threat list, how long to
202  // cache the response until.
203  google.protobuf.Timestamp negative_expire_time = 2;
204}
205
206// Contains the set of entries to add to a local database.
207// May contain a combination of compressed and raw data in a single response.
208message ThreatEntryAdditions {
209  // The raw SHA256-formatted entries.
210  // Repeated to allow returning sets of hashes with different prefix sizes.
211  repeated RawHashes raw_hashes = 1;
212
213  // The encoded 4-byte prefixes of SHA256-formatted entries, using a
214  // Golomb-Rice encoding. The hashes are converted to uint32, sorted in
215  // ascending order, then delta encoded and stored as encoded_data.
216  RiceDeltaEncoding rice_hashes = 2;
217}
218
219// Contains the set of entries to remove from a local database.
220message ThreatEntryRemovals {
221  // The raw removal indices for a local list.
222  RawIndices raw_indices = 1;
223
224  // The encoded local, lexicographically-sorted list indices, using a
225  // Golomb-Rice encoding. Used for sending compressed removal indices. The
226  // removal indices (uint32) are sorted in ascending order, then delta encoded
227  // and stored as encoded_data.
228  RiceDeltaEncoding rice_indices = 2;
229}
230
231// The type of threat. This maps dirrectly to the threat list a threat may
232// belong to.
233enum ThreatType {
234  // Unknown.
235  THREAT_TYPE_UNSPECIFIED = 0;
236
237  // Malware targeting any platform.
238  MALWARE = 1;
239
240  // Social engineering targeting any platform.
241  SOCIAL_ENGINEERING = 2;
242
243  // Unwanted software targeting any platform.
244  UNWANTED_SOFTWARE = 3;
245}
246
247// The ways in which threat entry sets can be compressed.
248enum CompressionType {
249  // Unknown.
250  COMPRESSION_TYPE_UNSPECIFIED = 0;
251
252  // Raw, uncompressed data.
253  RAW = 1;
254
255  // Rice-Golomb encoded data.
256  RICE = 2;
257}
258
259// A set of raw indices to remove from a local list.
260message RawIndices {
261  // The indices to remove from a lexicographically-sorted local list.
262  repeated int32 indices = 1;
263}
264
265// The uncompressed threat entries in hash format.
266// Hashes can be anywhere from 4 to 32 bytes in size. A large majority are 4
267// bytes, but some hashes are lengthened if they collide with the hash of a
268// popular URI.
269//
270// Used for sending ThreatEntryAdditons to clients that do not support
271// compression, or when sending non-4-byte hashes to clients that do support
272// compression.
273message RawHashes {
274  // The number of bytes for each prefix encoded below.  This field can be
275  // anywhere from 4 (shortest prefix) to 32 (full SHA256 hash).
276  int32 prefix_size = 1;
277
278  // The hashes, in binary format, concatenated into one long string. Hashes are
279  // sorted in lexicographic order. For JSON API users, hashes are
280  // base64-encoded.
281  bytes raw_hashes = 2;
282}
283
284// The Rice-Golomb encoded data. Used for sending compressed 4-byte hashes or
285// compressed removal indices.
286message RiceDeltaEncoding {
287  // The offset of the first entry in the encoded data, or, if only a single
288  // integer was encoded, that single integer's value. If the field is empty or
289  // missing, assume zero.
290  int64 first_value = 1;
291
292  // The Golomb-Rice parameter, which is a number between 2 and 28. This field
293  // is missing (that is, zero) if `num_entries` is zero.
294  int32 rice_parameter = 2;
295
296  // The number of entries that are delta encoded in the encoded data. If only a
297  // single integer was encoded, this will be zero and the single value will be
298  // stored in `first_value`.
299  int32 entry_count = 3;
300
301  // The encoded deltas that are encoded using the Golomb-Rice coder.
302  bytes encoded_data = 4;
303}
304