Index
SafeBrowsing
(interface)FullHash
(message)FullHash.FullHashDetail
(message)SearchHashesRequest
(message)SearchHashesResponse
(message)ThreatAttribute
(enum)ThreatType
(enum)
SafeBrowsing
The Safe Browsing APIs enable clients to check web resources (most commonly URLs) against Google's constantly updated lists of unsafe web resources.
SearchHashes |
---|
Search for full hashes matching the specified prefixes. This is a custom method as defined by https://google.aip.dev/136 (the custom method refers to this method having a custom name within Google's general API development nomenclature; it does not refer to using a custom HTTP method). |
FullHash
The full hash identified with one or more matches.
Fields | |
---|---|
full_hash |
The matching full hash. This is the SHA256 hash. The length will be exactly 32 bytes. |
full_hash_details[] |
Unordered list. A repeated field identifying the details relevant to this full hash. |
FullHashDetail
Details about a matching full hash.
An important note about forward compatibility: new threat types and threat attributes may be added by the server at any time; those additions are considered minor version changes. It is Google's policy not to expose minor version numbers in APIs (see https://cloud.google.com/apis/design/versioning for the versioning policy), so clients MUST be prepared to receive FullHashDetail
messages containing ThreatType
enum values or ThreatAttribute
enum values that are considered invalid by the client. Therefore, it is the client's responsibility to check for the validity of all ThreatType
and ThreatAttribute
enum values; if any value is considered invalid, the client MUST disregard the entire FullHashDetail
message.
Fields | |
---|---|
threat_type |
The type of threat. This field will never be empty. |
attributes[] |
Unordered list. Additional attributes about those full hashes. This may be empty. |
SearchHashesRequest
A request that the client issues to search for specific hash prefixes.
This is designed to only searches threat lists, and does not search non-threat lists such as the Global Cache.
What's new in V5: Clients don't need to specify a ClientInfo
or the states of the hash lists in their local database. This is for improved privacy. Furthermore, clients don't need to send which threat types they are interested in.
Fields | |
---|---|
hash_prefixes[] |
Required. The hash prefixes to be looked up. Clients MUST NOT send more than 1000 hash prefixes. However, following the URL processing procedure, clients SHOULD NOT need to send more than 30 hash prefixes. Currently each hash prefix is required to be exactly 4 bytes long. This MAY be relaxed in the future. |
SearchHashesResponse
The response returned after searching threat hashes.
If nothing is found, the server will return an OK status (HTTP status code 200) with the full_hashes
field empty, rather than returning a NOT_FOUND status (HTTP status code 404).
What's new in V5: There is a separation between FullHash
and FullHashDetail
. In the case when a hash represents a site having multiple threats (e.g. both MALWARE and SOCIAL_ENGINEERING), the full hash does not need to be sent twice as in V4. Furthermore, the cache duration has been simplified into a single cache_duration
field.
Fields | |
---|---|
full_hashes[] |
Unordered list. The unordered list of full hashes found. |
cache_duration |
The client-side cache duration. The client MUST add this duration to the current time to determine the expiration time. The expiration time then applies to every hash prefix queried by the client in the request, regardless of how many full hashes are returned in the response. Even if the server returns no full hashes for a particular hash prefix, this fact MUST also be cached by the client. If and only if the field Important: the client MUST NOT assume that the server will return the same cache duration for all responses. The server MAY choose different cache durations for different responses depending on the situation. |
ThreatAttribute
Attributes of threats. These attributes may confer additional meaning to a particular threat but will not affect the threat type. For example, an attribute may specify a lower confidence while a different attribute may specify higher confidence. More attributes may be added in the future.
Enums | |
---|---|
THREAT_ATTRIBUTE_UNSPECIFIED |
Unknown attribute. If this is returned by the server, the client shall disregard the enclosing FullHashDetail altogether. |
CANARY |
Indicates that the threat_type should not be used for enforcement. |
FRAME_ONLY |
Indicates that the threat_type should only be used for enforcement on frames. |
ThreatType
Types of threats.
Enums | |
---|---|
THREAT_TYPE_UNSPECIFIED |
Unknown threat type. If this is returned by the server, the client shall disregard the enclosing FullHashDetail altogether. |
MALWARE |
Malware threat type. Malware is any software or mobile application specifically designed to harm a computer, a mobile device, the software it's running, or its users. Malware exhibits malicious behavior that can include installing software without user consent and installing harmful software such as viruses. More information can be found here. |
SOCIAL_ENGINEERING |
Social engineering threat type. Social engineering pages falsely purport to act on behalf of a third party with the intention of confusing viewers into performing an action with which the viewer would only trust a true agent of that third party. Phishing is a type of social engineering that tricks the viewer into performing the specific action of providing information, such as login credentials. More information can be found here. |
UNWANTED_SOFTWARE |
Unwanted software threat type. Unwanted software is any software that does not adhere to Google's Software Principles but isn't malware. |
POTENTIALLY_HARMFUL_APPLICATION |
Potentially harmful application threat type as used by Google Play Protect for the Play Store. |