Index
WebRiskServiceV1Beta1
(interface)CompressionType
(enum)ComputeThreatListDiffRequest
(message)ComputeThreatListDiffRequest.Constraints
(message)ComputeThreatListDiffResponse
(message)ComputeThreatListDiffResponse.Checksum
(message)ComputeThreatListDiffResponse.ResponseType
(enum)RawHashes
(message)RawIndices
(message)RiceDeltaEncoding
(message)SearchHashesRequest
(message)SearchHashesResponse
(message)SearchHashesResponse.ThreatHash
(message)SearchUrisRequest
(message)SearchUrisResponse
(message)SearchUrisResponse.ThreatUri
(message)ThreatEntryAdditions
(message)ThreatEntryRemovals
(message)ThreatType
(enum)
WebRiskServiceV1Beta1
Web Risk v1beta1 API defines an interface to detect malicious URLs on your website and in client applications.
ComputeThreatListDiff |
---|
Gets the most recent threat list diffs. These diffs should be applied to a local database of hashes to keep it up-to-date. If the local database is empty or excessively out-of-date, a complete snapshot of the database will be returned.
|
SearchHashes |
---|
Gets the full hashes that match the requested hash prefix. This is used after a hash prefix is looked up in a threatList and there is a match. The client side threatList only holds partial hashes so the client must query this method to determine if there is a full hash match of a threat.
|
SearchUris |
---|
This method is used to check whether a URI is on a given threatList. Multiple threatLists may be searched in a single query. The response will list all requested threatLists the URI was found to match. If the URI is not found on any of the requested ThreatList an empty response will be returned.
|
CompressionType
The ways in which threat entry sets can be compressed.
Enums | |
---|---|
COMPRESSION_TYPE_UNSPECIFIED |
Unknown. |
RAW |
Raw, uncompressed data. |
RICE |
Rice-Golomb encoded data. |
ComputeThreatListDiffRequest
Describes an API diff request.
Fields | |
---|---|
threat_type |
Required. The threat list to update. Only a single ThreatType should be specified. |
version_token |
The current version token of the client for the requested list (the client version that was received from the last successful diff). If the client does not have a version token (this is the first time calling ComputeThreatListDiff), this may be left empty and a full database snapshot will be returned. |
constraints |
Required. The constraints associated with this request. |
Constraints
The constraints for this diff.
Fields | |
---|---|
max_diff_entries |
The maximum size in number of entries. The diff will not contain more entries than this value. This should be a power of 2 between 2**10 and 2**20. If zero, no diff size limit is set. |
max_database_entries |
Sets the maximum number of entries that the client is willing to have in the local database. This should be a power of 2 between 2**10 and 2**20. If zero, no database size limit is set. |
supported_compressions[] |
The compression types supported by the client. |
ComputeThreatListDiffResponse
Fields | |
---|---|
response_type |
The type of response. This may indicate that an action must be taken by the client when the response is received. |
additions |
A set of entries to add to a local threat type's list. |
removals |
A set of entries to remove from a local threat type's list. This field may be empty. |
new_version_token |
The new opaque client version token. This should be retained by the client and passed into the next call of ComputeThreatListDiff as 'version_token'. |
checksum |
The expected SHA256 hash of the client state; that is, of the sorted list of all hashes present in the database after applying the provided diff. If the client state doesn't match the expected state, the client must discard this diff and retry later. |
recommended_next_diff |
The soonest the client should wait before issuing any diff request. Querying sooner is unlikely to produce a meaningful diff. Waiting longer is acceptable considering the use case. If this field is not set clients may update as soon as they want. |
Checksum
The expected state of a client's local database.
Fields | |
---|---|
sha256 |
The SHA256 hash of the client state; that is, of the sorted list of all hashes present in the database. |
ResponseType
The type of response sent to the client.
Enums | |
---|---|
RESPONSE_TYPE_UNSPECIFIED |
Unknown. |
DIFF |
Partial updates are applied to the client's existing local database. |
RESET |
Full updates resets the client's entire local database. This means that either the client had no state, was seriously out-of-date, or the client is believed to be corrupt. |
RawHashes
The uncompressed threat entries in hash format. Hashes can be anywhere from 4 to 32 bytes in size. A large majority are 4 bytes, but some hashes are lengthened if they collide with the hash of a popular URI.
Used for sending ThreatEntryAdditons to clients that do not support compression, or when sending non-4-byte hashes to clients that do support compression.
Fields | |
---|---|
prefix_size |
The number of bytes for each prefix encoded below. This field can be anywhere from 4 (shortest prefix) to 32 (full SHA256 hash). In practice this is almost always 4, except in exceptional circumstances. |
raw_hashes |
The hashes, in binary format, concatenated into one long string. Hashes are sorted in lexicographic order. For JSON API users, hashes are base64-encoded. |
RawIndices
A set of raw indices to remove from a local list.
Fields | |
---|---|
indices[] |
The indices to remove from a lexicographically-sorted local list. |
RiceDeltaEncoding
The Rice-Golomb encoded data. Used for sending compressed 4-byte hashes or compressed removal indices.
Fields | |
---|---|
first_value |
The offset of the first entry in the encoded data, or, if only a single integer was encoded, that single integer's value. If the field is empty or missing, assume zero. |
rice_parameter |
The Golomb-Rice parameter, which is a number between 2 and 28. This field is missing (that is, zero) if |
entry_count |
The number of entries that are delta encoded in the encoded data. If only a single integer was encoded, this will be zero and the single value will be stored in |
encoded_data |
The encoded deltas that are encoded using the Golomb-Rice coder. |
SearchHashesRequest
Request to return full hashes matched by the provided hash prefixes.
Fields | |
---|---|
hash_prefix |
A hash prefix, consisting of the most significant 4-32 bytes of a SHA256 hash. For JSON requests, this field is base64-encoded. |
threat_types[] |
Required. The ThreatLists to search in. Multiple ThreatLists may be specified. |
SearchHashesResponse
Fields | |
---|---|
threats[] |
The full hashes that matched the requested prefixes. The hash will be populated in the key. |
negative_expire_time |
For requested entities that did not match the threat list, how long to cache the response until. |
ThreatHash
Contains threat information on a matching hash.
Fields | |
---|---|
threat_types[] |
The ThreatList this threat belongs to. This must contain at least one entry. |
hash |
A 32 byte SHA256 hash. This field is in binary format. For JSON requests, hashes are base64-encoded. |
expire_time |
The cache lifetime for the returned match. Clients must not cache this response past this timestamp to avoid false positives. |
SearchUrisRequest
Request to check URI entries against threatLists.
Fields | |
---|---|
uri |
Required. The URI to be checked for matches. |
threat_types[] |
Required. The ThreatLists to search in. Multiple ThreatLists may be specified. |
SearchUrisResponse
Fields | |
---|---|
threat |
The threat list matches. This may be empty if the URI is on no list. |
ThreatUri
Contains threat information on a matching uri.
Fields | |
---|---|
threat_types[] |
The ThreatList this threat belongs to. |
expire_time |
The cache lifetime for the returned match. Clients must not cache this response past this timestamp to avoid false positives. |
ThreatEntryAdditions
Contains the set of entries to add to a local database. May contain a combination of compressed and raw data in a single response.
Fields | |
---|---|
raw_hashes[] |
The raw SHA256-formatted entries. Repeated to allow returning sets of hashes with different prefix sizes. |
rice_hashes |
The encoded 4-byte prefixes of SHA256-formatted entries, using a Golomb-Rice encoding. The hashes are converted to uint32, sorted in ascending order, then delta encoded and stored as encoded_data. |
ThreatEntryRemovals
Contains the set of entries to remove from a local database.
Fields | |
---|---|
raw_indices |
The raw removal indices for a local list. |
rice_indices |
The encoded local, lexicographically-sorted list indices, using a Golomb-Rice encoding. Used for sending compressed removal indices. The removal indices (uint32) are sorted in ascending order, then delta encoded and stored as encoded_data. |
ThreatType
The type of threat. This maps directly to the threat list a threat may belong to.
Enums | |
---|---|
THREAT_TYPE_UNSPECIFIED |
Default type that indicates this enum hasn't been specified. This is not a valid ThreatType, one of the other types must be specified instead. |
MALWARE |
Malware targeting any platform. |
SOCIAL_ENGINEERING |
Social engineering targeting any platform. |
UNWANTED_SOFTWARE |
Unwanted software targeting any platform. |