2

To prevent users from posting links to phishing scams on our Discord server, I have decided to use the Google Safe Browsing API.

Google Transparency Report (which to my knowledge uses the Safe Browsing API) says that the site:

contains harmful content, including pages that:

  • Try to trick visitors into sharing personal info or downloading software

See transparencyreport.google.com

However, when using the safe browsing API through node-js, using the googleapis package, I get a following response for this website (stringified GaxiosPromise<Schema$GoogleSecuritySafebrowsingV4FindThreatMatchesResponse>):

{
    "config": {
        "url": "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=...",
        "method": "POST",
        "userAgentDirectives": [
            {
                "product": "google-api-nodejs-client",
                "version": "5.0.3",
                "comment": "gzip"
            }
        ],
        "data": {
            "client": {
                "clientId": "tccpp-safety",
                "clientVersion": "0.1.0"
            },
            "threatInfo": {
                "threatTypes": [
                    "MALWARE",
                    "SOCIAL_ENGINEERING",
                    "UNWANTED_SOFTWARE",
                    "POTENTIALLY_HARMFUL_APPLICATION",
                    "THREAT_TYPE_UNSPECIFIED"
                ],
                "platformTypes": [
                    "ANY_PLATFORM",
                    "PLATFORM_TYPE_UNSPECIFIED"
                ],
                "threatEntryTypes": [
                    "URL"
                ],
                "threatEntries": [
                    {
                        "url": "https://steamcommunytiu.com/new/?partner=65855640&token=Kj48sll3"
                    }
                ]
            }
        },
        "headers": {
            "x-goog-api-client": "gdcl/5.0.3 gl-node/12.21.0 auth/7.3.0",
            "Accept-Encoding": "gzip",
            "User-Agent": "google-api-nodejs-client/5.0.3 (gzip)",
            "Content-Type": "application/json",
            "Accept": "application/json"
        },
        "params": {
            "key": "..."
        },
        "retry": true,
        "body": "{\"client\":{\"clientId\":\"tccpp-safety\",\"clientVersion\":\"0.1.0\"},\"threatInfo\":{\"threatTypes\":[\"MALWARE\",\"SOCIAL_ENGINEERING\",\"UNWANTED_SOFTWARE\",\"POTENTIALLY_HARMFUL_APPLICATION\",\"THREAT_TYPE_UNSPECIFIED\"],\"platformTypes\":[\"ANY_PLATFORM\",\"PLATFORM_TYPE_UNSPECIFIED\"],\"threatEntryTypes\":[\"URL\"],\"threatEntries\":[{\"url\":\"https://steamcommunytiu.com/new/?partner=65855640&token=Kj48sll3\"}]}}",
        "responseType": "json"
    },
    "data": {},
    "headers": { ... },
    "status": 200,
    "statusText": "OK",
    "request": {
        "responseURL": "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=..."
    }
}

This was printed using the following code snippet:

const response = await safebrowsing.threatMatches.find({ requestBody: body });
console.log(JSON.stringify(response, undefined, 4));

You can see that the data section in the response object is completely empty and normally this is where the matches array should be.

Am I using the API wrong? The Safe Browsing Lookup API says that ULRs do not need to be canonicalized or encoded.

Jan Schultke
  • 17,446
  • 6
  • 47
  • 96
  • You can try https://github.com/muety/safe-browse-url-lookup Also, what does your requestBody look like? – SomeCoder Jul 28 '21 at 06:34
  • @SomeCoder if you look at the source code of it, it's a very thin wrapper around the same API and does things largely the same. You can find my request body in both the `config` subobject of the JSON response I posted and also in `config.body`. – Jan Schultke Jul 28 '21 at 15:09

0 Answers0