Sunday 25 July 2021

Why is Google's Safe Browsing API not marking my URL as a threat?

To prevent users from posting links to phishing scams on our Discord server, I have decided to use the Google Safe Browsing API.

Google Transparency Report (which to my knowledge uses the Safe Browsing API) says that the site:

contains harmful content, including pages that:

  • Try to trick visitors into sharing personal info or downloading software

See transparencyreport.google.com

However, when using the safe browsing API through node-js, using the googleapis package, I get a following response for this website (stringified GaxiosPromise<Schema$GoogleSecuritySafebrowsingV4FindThreatMatchesResponse>):

{
    "config": {
        "url": "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=...",
        "method": "POST",
        "userAgentDirectives": [
            {
                "product": "google-api-nodejs-client",
                "version": "5.0.3",
                "comment": "gzip"
            }
        ],
        "data": {
            "client": {
                "clientId": "tccpp-safety",
                "clientVersion": "0.1.0"
            },
            "threatInfo": {
                "threatTypes": [
                    "MALWARE",
                    "SOCIAL_ENGINEERING",
                    "UNWANTED_SOFTWARE",
                    "POTENTIALLY_HARMFUL_APPLICATION",
                    "THREAT_TYPE_UNSPECIFIED"
                ],
                "platformTypes": [
                    "ANY_PLATFORM",
                    "PLATFORM_TYPE_UNSPECIFIED"
                ],
                "threatEntryTypes": [
                    "URL"
                ],
                "threatEntries": [
                    {
                        "url": "https://steamcommunytiu.com/new/?partner=65855640&token=Kj48sll3"
                    }
                ]
            }
        },
        "headers": {
            "x-goog-api-client": "gdcl/5.0.3 gl-node/12.21.0 auth/7.3.0",
            "Accept-Encoding": "gzip",
            "User-Agent": "google-api-nodejs-client/5.0.3 (gzip)",
            "Content-Type": "application/json",
            "Accept": "application/json"
        },
        "params": {
            "key": "..."
        },
        "retry": true,
        "body": "{\"client\":{\"clientId\":\"tccpp-safety\",\"clientVersion\":\"0.1.0\"},\"threatInfo\":{\"threatTypes\":[\"MALWARE\",\"SOCIAL_ENGINEERING\",\"UNWANTED_SOFTWARE\",\"POTENTIALLY_HARMFUL_APPLICATION\",\"THREAT_TYPE_UNSPECIFIED\"],\"platformTypes\":[\"ANY_PLATFORM\",\"PLATFORM_TYPE_UNSPECIFIED\"],\"threatEntryTypes\":[\"URL\"],\"threatEntries\":[{\"url\":\"https://steamcommunytiu.com/new/?partner=65855640&token=Kj48sll3\"}]}}",
        "responseType": "json"
    },
    "data": {},
    "headers": { ... },
    "status": 200,
    "statusText": "OK",
    "request": {
        "responseURL": "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=..."
    }
}

This was printed using the following code snippet:

const response = await safebrowsing.threatMatches.find({ requestBody: body });
console.log(JSON.stringify(response, undefined, 4));

You can see that the data section in the response object is completely empty and normally this is where the matches array should be.

Am I using the API wrong? The Safe Browsing Lookup API says that ULRs do not need to be canonicalized or encoded.



from Why is Google's Safe Browsing API not marking my URL as a threat?

No comments:

Post a Comment