SYNOPSIS

  use Net::Google::SafeBrowsing2;
  use Net::Google::SafeBrowsing2::Sqlite;

  my $storage = Net::Google::SafeBrowsing2::Sqlite->new(file => 'google-v2.db');
  my $gsb = Net::Google::SafeBrowsing2->new(
        key     => "my key",
        storage => $storage,
  );

  $gsb->update();
  my $match = $gsb->lookup(url => 'http://www.gumblar.cn/');

  if ($match eq MALWARE) {
        print "http://www.gumblar.cn/ is flagged as a dangerous site\n";
  }

  $storage->close();

DESCRIPTION

Net::Google::SafeBrowsing2 implements the Google Safe Browsing v2 \s-1API\s0.

The library passes most of the unit tests listed in the \s-1API\s0 documentation. See the documentation (<http://code.google.com/apis/safebrowsing/developers_guide_v2.html>) for more details about the failed tests.

The Google Safe Browsing database must be stored and managed locally. Net::Google::SafeBrowsing2::Sqlite uses Sqlite as the storage back-end, Net::Google::SafeBrowsing2::MySQL uses MySQL. Other storage mechanisms (databases, memory, etc.) can be added and used transparently with this module.

You may want to look at \*(L"Google Safe Browsing v2: Implementation Notes\*(R" (<http://www.zscaler.com/research/Google%20Safe%20Browsing%20v2%20API.pdf>), a collection of notes and real-world numbers about the \s-1API\s0. This is intended for people who want to learn more about the \s-1API\s0, whether as a user or to make their own implementation.

The source code is available on github at https://github.com/juliensobrier/Net-Google-SafeBrowsing2 <https://github.com/juliensobrier/Net-Google-SafeBrowsing2>.

If you do not need to inspect more than 10,000 URLs a day, you can use Net::Google::SafeBrowsing2::Lookup with the Google Safe Browsing v2 Lookup \s-1API\s0 which does not require to store and maintain a local database.

\s-1IMPORTANT:\s0 If you start with an empty database, you will need to perform several updates to retrieve all the Google Safe Browsing information. This may require up to 24 hours. This is a limitation of the Google \s-1API\s0, not of this module. See \*(L"Google Safe Browsing v2: Implementation Notes\*(R" at <http://www.zscaler.com/research/Google%20Safe%20Browsing%20v2%20API.pdf>.

CONSTANTS

Several constants are exported by this module:

\s-1DATABASE_RESET\s0

Google requested to reset (empty) the local database.

\s-1MAC_ERROR\s0

The replies from Google could not be validated with the \s-1MAC\s0 keys.

\s-1MAC_KEY_ERROR\s0

The request for the \s-1MAC\s0 keys failed.

\s-1INTERNAL_ERROR\s0

An internal error occurred.

\s-1SERVER_ERROR\s0

The server sent an error back to the client.

\s-1NO_UPDATE\s0

No update was performed, probably because it is too early to make a new request to Google Safe Browsing.

\s-1NO_DATA\s0

No data was sent back by Google to the client, probably because the database is up to date.

\s-1SUCCESSFUL\s0

The operation was successful.

\s-1MALWARE\s0

Name of the Malware list in Google Safe Browsing (shortcut to 'goog-malware-shavar')

\s-1PHISHING\s0

Name of the Phishing list in Google Safe Browsing (shortcut to 'googpub-phish-shavar')

CONSTRUCTOR

\fInew()\fP

Create a Net::Google::SafeBrowsing2 object

my $gsb = Net::Google::SafeBrowsing2->new( key => "my key", storage => Net::Google::SafeBrowsing2::Sqlite->new(file => 'google-v2.db'), debug => 0, mac => 0, list => MALWARE, );

Arguments

key

Required. Your Google Safe browsing \s-1API\s0 key

storage

Required. Object which handle the storage for the Google Safe Browsing database. See Net::Google::SafeBrowsing2::Storage for more details.

list

Optional. The Google Safe Browsing list to handle. By default, handles both \s-1MALWARE\s0 and \s-1PHISHING\s0.

mac

Optional. Set to 1 to enable Message Authentication Code (\s-1MAC\s0). 0 (disabled) by default.

debug

Optional. Set to 1 to enable debugging. 0 (disabled) by default. The debug output maybe quite large and can slow down significantly the update and lookup functions.

errors

Optional. Set to 1 to show errors to \s-1STDOUT\s0. 0 (disabled by default).

version

Optional. Google Safe Browsing version. 2.2 by default

PUBLIC FUNCTIONS

\fIupdate()\fP

Perform a database update.

$gsb->update();

Return the status of the update (see the list of constants above): \s-1INTERNAL_ERROR\s0, \s-1SERVER_ERROR\s0, \s-1NO_UPDATE\s0, \s-1NO_DATA\s0 or \s-1SUCCESSFUL\s0

This function can handle two lists at the same time. If one of the list should not be updated, it will automatically skip it and update the other one. It is faster to update two lists at once rather than doing them one by one.

\s-1NOTE:\s0 If you start with an empty database, you will need to perform several updates to retrieve all the Google Safe Browsing information. This may require up to 24 hours. This is a limitation of the Google \s-1API\s0, not of this module. See \*(L"Google Safe Browsing v2: Implementation Notes\*(R" at <http://www.zscaler.com/research/Google%20Safe%20Browsing%20v2%20API.pdf>.

Arguments

list

Optional. Update a specific list. Use the list(s) from new() by default.

mac

Optional. Set to 1 to enable Message Authentication Code (\s-1MAC\s0). Use the value from new() by default.

force

Optional. Force the update (1). Disabled by default (0). Be careful if you set this option to 1 as too frequent updates might result in the blacklisting of your \s-1API\s0 key.

\fIimport_chunks()\fP

Import add and sub chunks from a file.

my $result = $gsb->import_chunks(list => MALWARE, file => 'malware.dat');

Return the status of the import: \s-1INTERNAL_ERROR\s0 or \s-1SUCCESSFUL\s0.

This function should be used to initialize an empty back-end storage.

Arguments

list

Required. Google list to use.

file

Required. File that contains the list of chunks. This file can be created with the \*(C`export\*(C' function inherited from \*(C`Net::Google::SafeBrowsing2::DBI\*(C'.

\fIlookup()\fP

Lookup a \s-1URL\s0 against the Google Safe Browsing database.

my $match = $gsb->lookup(url => 'http://www.gumblar.cn');

Returns the name of the list if there is any match, returns an empty string otherwise.

Arguments

list

Optional. Lookup against a specific list. Use the list(s) from new() by default.

url

Required. \s-1URL\s0 to lookup.

\fIget_lists()\fP

Returns the name of all the Google Safe Browsing lists

my $@lists = $gsb->get_lists();

\s-1NOTE:\s0 this function is useless in practice because Google includes some lists which cannot be used by the Google Safe Browsing \s-1API\s0, like lists used by the Google toolbar.

\fIlast_error()\fP

Get/Set the last error message.

print "Last error: ", $gsb->last_error(), "\n"; $gsb->last_error(''); # Reset last error

\s-1NOTE:\s0 the last error message might not come from the last call. Returns an empty string if no errors.

PRIVATE FUNCTIONS

These functions are not intended to be used externally.

\fIlookup_suffix()\fP

Lookup a host prefix.

\fIlookup_suffix()\fP

Lookup a host prefix in the local database only.

\fIlocal_lookup()\fP

Lookup a \s-1URL\s0 against the local Google Safe Browsing database \s-1URL\s0. This should be used for debugging purpose only. See the lookup for normal use.

my $match = $gsb->local_lookup(url => 'http://www.gumblar.cn');

Returns the name of the list if there is any match, returns an empty string otherwise.

Arguments

list

Optional. Lookup against a specific list. Use the list(s) from new() by default.

url

Required. \s-1URL\s0 to lookup.

\fIrequest_key()\fP

Request the Message Authentication Code (\s-1MAC\s0) keys

\fIrequest_mac_keys()\fP

Request the Message Authentication Code (\s-1MAC\s0) keys from Google.

\fIvalidate_data_mac()\fP

Validate data against the \s-1MAC\s0 keys.

\fIupdate_error()\fP

Handle server errors during a database update.

\fIlookup_whitelist()\fP

Lookup a host prefix and suffix in the whitelist (s chunks)

\fIua()\fP

Create LWP::UserAgent to make \s-1HTTP\s0 requests to Google.

\fIparse_s()\fP

Parse data from a rediration (add asnd sub chunk information).

\fIparse_s()\fP

Parse s chunks information for a database update.

\fIparse_a()\fP

Parse a chunks information for a database update.

\fIhex_to_ascii()\fP

Transform hexadecimal strings to printable \s-1ASCII\s0 strings. Used mainly for debugging.

print $gsb->hex_to_ascii('hex value');

\fIascii_to_hex()\fP

Transform \s-1ASCII\s0 strings to hexadecimal strings.

\fIdebug()\fP

Print debug output.

\fIerror()\fP

Print error message.

\fIcanonical_domain_suffixes()\fP

Find all suffixes for a domain.

\fIcanonical_domain()\fP

Find all canonical domains a domain.

\fIcanonical_path()\fP

Find all canonical paths for a \s-1URL\s0.

\fIcanonical()\fP

Find all canonical URLs for a \s-1URL\s0.

\fIcanonical_uri()\fP

Create a canonical \s-1URI\s0.

\s-1NOTE:\s0 \s-1URI\s0 cannot handle all the test cases provided by Google. This method is a hack to pass most of the test. A few tests are still failing. The proper way to handle \s-1URL\s0 canonicalization according to Google would be to create a new module to handle URLs. However, I believe most real-life cases are handled correctly by this function.

\fIcanonical()\fP

Return all possible full hashes for a \s-1URL\s0.

\fIprefix()\fP

Return a hash prefix. The size of the prefix is set to 4 bytes.

\fIrequest_full_hash()\fP

Request full full hashes for specific prefixes from Google.

\fIparse_full_hashes()\fP

Process the request for full hashes from Google.

\fIget_a_range()\fP

Get the list of a chunks ranges for a list update.

\fIget_s_range()\fP

Get the list of s chunks ranges for a list update.

\fIcreate_range()\fP

Create a list of ranges (1-3, 5, 7-11) from a list of numbers.

\fIexpand_range()\fP

Explode list of ranges (1-3, 5, 7-11) into a list of numbers (1,2,3,5,7,8,9,10,11).

CHANGELOG

1.07

Add \*(C`import_chunks()\*(C' feature to import add chunks and sub chunks from a file.

1.05

No code change. Move \*(C`local_lookup\*(C' to \s-1PRIVATE\s0 \s-1FUNCTIONS\s0 to avoid confusions.

1.04

Introduce Net::Google::SafeBrowsing2::Lookup. Remind people that Google Safe Browsing v1 has been deprecated by Google.

1.03

The source code is available on github at https://github.com/juliensobrier/Net-Google-SafeBrowsing2 <https://github.com/juliensobrier/Net-Google-SafeBrowsing2>.

1.02

Fix uninitialized $self->{errors} variable

1.01

Use String::HexConvert for faster hex_to_ascii.

1.0

Separate the error output from the debug output.

0.9

Fix bug with local whitelisting (sub chunks). Fix the parsing of full hashes.

0.8

Reduce the number of full hash requests.

0.7

Add local_lookup to perform a lookup against the local database only. This function should be used for debugging purpose only. Small code optimizations.

0.6

Handle local database reset.

0.5

Update documentation.

0.4

Speed update the database update. The first update went down from 20 minutes to 20 minutes.

0.3

Fix typos in the documentation. Remove dependency on Switch (thanks to Curtis Jewel). Fix value of \s-1FULL_HASH_TIME\s0.

0.2

Add support for Message Authentication Code (\s-1MAC\s0)

RELATED TO Net::Google::SafeBrowsing2…

See Net::Google::SafeBrowsing2::Storage, Net::Google::SafeBrowsing2::Sqlite and Net::Google::SafeBrowsing2::MySQL for information on storing and managing the Google Safe Browsing database.

Google Safe Browsing v2 \s-1API:\s0 <http://code.google.com/apis/safebrowsing/developers_guide_v2.html>

Net::Google::SafeBrowsing (Google Safe Browsing v1) is deprecated by Google since 12/01/2011.

AUTHOR

Julien Sobrier, <[email protected]> or <[email protected]>

COPYRIGHT AND LICENSE

Copyright (C) 2012 by Julien Sobrier

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.