URL not being returned as a threat when it should.
143 views
Skip to first unread message
anh...@amazon.com
Jun 1, 2018, 5:09:43 PM6/1/18
to Google Safe Browsing API
The malware link from https://testsafebrowsing.appspot.com/ is not being returned as a threat for the android platform. Sending a v4/fullHashes:find for that url with the platform type as android does not return the full hash for that link. Is this a non-issue or is there an issue with the android threatlists.
Alex Wozniak
Jun 1, 2018, 5:12:10 PM6/1/18
to google-safe-...@googlegroups.com
Hi,
Can you provide further information to help us assist you in debugging? Example HTTP fullHashes request and response would be good to start.
Thanks,
Alex
On Fri, Jun 1, 2018 at 2:09 PM anhuyn via Google Safe Browsing API <google-safe-...@googlegroups.com> wrote:
The malware link from https://testsafebrowsing.appspot.com/ is not being returned as a threat for the android platform. Sending a v4/fullHashes:find for that url with the platform type as android does not return the full hash for that link. Is this a non-issue or is there an issue with the android threatlists.
--
You received this message because you are subscribed to the Google Groups "Google Safe Browsing API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-safe-browsi...@googlegroups.com.
To post to this group, send email to google-safe-...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-safe-browsing-api.
For more options, visit https://groups.google.com/d/optout.
anh...@amazon.com
Jun 1, 2018, 5:36:28 PM6/1/18
to Google Safe Browsing API
Thanks for the quick response. Here is the request and response for two short hashes, "WwuJdQ==" which is for the malware link, and "771MOg==" which is for the phishing link from http://testsafebrowsing.appspot.com/. They both should be returned as threats however only the phishing link is.
Request:
{
"client": {
"clientId": "",
"clientVersion": ""
},
"clientStates": [""],
"threatInfo": {
"threatTypes": ["MALWARE", "SOCIAL_ENGINEERING"],
"platformTypes": ["ANDROID"],
"threatEntryTypes": ["URL"],
"threatEntries": [
{"hash": "WwuJdQ=="},
{"hash": "771MOg=="}
]
}
}
Response:
{
"matches": [
{
"threatType": "SOCIAL_ENGINEERING",
"platformType": "ANDROID",
"threat": {
"hash": "771MOrRPMn6xPKlCrXx/CrR+wmCk0LgFFoSgGy7zUiA="
},
"threatEntryMetadata": {},
"cacheDuration": "300s",
"threatEntryType": "URL"
}
],
"negativeCacheDuration": "300s"
Request:
{
"client": {
"clientId": "",
"clientVersion": ""
},
"clientStates": [""],
"threatInfo": {
"threatTypes": ["MALWARE", "SOCIAL_ENGINEERING"],
"platformTypes": ["ANDROID"],
"threatEntryTypes": ["URL"],
"threatEntries": [
{"hash": "WwuJdQ=="},
{"hash": "771MOg=="}
]
}
}
Response:
{
"matches": [
{
"threatType": "SOCIAL_ENGINEERING",
"platformType": "ANDROID",
"threat": {
"hash": "771MOrRPMn6xPKlCrXx/CrR+wmCk0LgFFoSgGy7zUiA="
},
"threatEntryMetadata": {},
"cacheDuration": "300s",
"threatEntryType": "URL"
}
],
"negativeCacheDuration": "300s"
}
On Friday, June 1, 2018 at 2:12:10 PM UTC-7, Alex Wozniak wrote:
Hi,Can you provide further information to help us assist you in debugging? Example HTTP fullHashes request and response would be good to start.Thanks,Alex
On Fri, Jun 1, 2018 at 2:09 PM anhuyn via Google Safe Browsing API <google-safe-...@googlegroups.com> wrote:
The malware link from https://testsafebrowsing.appspot.com/ is not being returned as a threat for the android platform. Sending a v4/fullHashes:find for that url with the platform type as android does not return the full hash for that link. Is this a non-issue or is there an issue with the android threatlists.--
You received this message because you are subscribed to the Google Groups "Google Safe Browsing API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-safe-browsing-api+unsub...@googlegroups.com.
Alex Wozniak
Jun 1, 2018, 5:59:08 PM6/1/18
to google-safe-...@googlegroups.com
Hi,
Thanks for the follow up. That malware test URL is actually not currently present on the ANDROID/MALWARE list for legacy reasons. We'd recommend instead using the POTENTIALLY_HARMFUL_APPLICATION ThreatType on Android, which has this test URL listed. This aligns with the Google Play Services implementation of the Safe Browsing API: https://developers.google.com/android/reference/com/google/android/gms/safetynet/SafeBrowsingThreat.html#TYPE_POTENTIALLY_HARMFUL_APPLICATION
We'll clarify this in our documentation!
Thanks,
Alex
To unsubscribe from this group and stop receiving emails from it, send an email to google-safe-browsi...@googlegroups.com.
To post to this group, send email to google-safe-...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-safe-browsing-api.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Google Safe Browsing API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-safe-browsi...@googlegroups.com.
Message has been deleted
Freddy Elizardo
Nov 18, 2018, 10:17:44 PM11/18/18
to Google Safe Browsing API
Thanks
Freddy Elizardo
Nov 18, 2018, 11:11:51 PM11/18/18
to Google Safe Browsing API
Text me when you Are Free
Reply all
Reply to author
Forward
0 new messages