PHP safe-browsing return empty string

Question

this PHP file is for knowing if a site is a safe or not thanks to safe-browsing.

$curl = curl_init();
$certificate="C:\cacert.pem";
curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://safebrowsing.googleapis.com/v4/threatMatches:find?key= [API_KEY]',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_CAINFO => $certificate,
    CURLOPT_CAPATH => $certificate,
    CURLOPT_TIMEOUT => 30,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'POST',
    CURLOPT_POSTFIELDS => "  {
            'client': {
            'clientId':      'nameclient',
            'clientVersion': '1.0.0'
        },
        'threatInfo': {
            'threatTypes':      ['MALWARE', 'SOCIAL_ENGINEERING'],
            'platformTypes':    ['WINDOWS'],
            'threatEntryTypes': ['URL'],
            'threatEntries': [
                {'url': 'http://www.yoytube.com/'}
            ]
        }
    }",
    CURLOPT_HTTPHEADER => array(
        'content-type: application/json'
    ),
));

$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);

if ($err) {
    echo "cURL Error #:" . $err;
} else {
    echo $response;
}

The output should be similar to this response body

{
    "matches": [
        {
            "threatType":      "MALWARE",
            "platformType":    "WINDOWS",
            "threatEntryType": "URL",
            "threat": {
                "url": "http://www.example.org/"
            },
            "threatEntryMetadata": {
                "entries": [{
                    "key": "malware_threat_type",
                    "value": "landing"
                }]
            },
            "cacheDuration": "300.000s"
        }
    }]
}

but currently my output is {}

At start i have tried to pass this url

https://sb-ssl.google.com/safebrowsing/api/lookup?client=' . CLIENT . '&apikey=' . API_KEY . '&appver=' . APP_VER . '&pver=' . PROTOCOL_VER . '&url=' . $urlToCheck

at curl_init(), but in this case the status returned was 0

The posted code can't be working since you have a syntax error on the second line. You're missing the `;` in the end of the line which would cause a syntax error. — M. Eriksson, Jul 17 '19 at 07:51
small error in copying the code in this question. But every line has its own ";" — user11763998, Jul 17 '19 at 07:58
In your `CURLOPT_POSTFIELDS`, you should create an array with the correct format and use [json_encode()](https://www.php.net/manual/en/function.json-encode.php) to create it into JSON instead of manually creating the JSON string. — M. Eriksson, Jul 17 '19 at 08:09
I think this: https://stackoverflow.com/questions/5224790/curl-post-format-for-curlopt-postfields could give you some ideas. Look more specificall at @Czechnology's answer. — bestprogrammerintheworld, Jul 17 '19 at 08:43
This could also be a related SSL-issue. I know that CURL and SSL is not the best combination in PHP. — bestprogrammerintheworld, Jul 17 '19 at 08:44
I solved the problem. All the sites I tested were not about malware or social engineering, so the output was {}. Now I've added more categories and now the output comes out correctly. ['MALWARE', 'SOCIAL_ENGINEERING', 'POTENTIALLY_HARMFUL_APPLICATION', 'UNWANTED_SOFTWARE', 'THREAT_TYPE_UNSPECIFIED'] this is my output now: {'matches': [{'threatType': 'UNWANTED_SOFTWARE', 'platformType': 'ANY_PLATFORM', 'threat': {'url': 'http://www.yoytube.com/'}, 'cacheDuration': '300s', 'threatEntryType': 'URL'}]} — user11763998, Jul 19 '19 at 11:40

PHP safe-browsing return empty string

0 Answers0