PHP Google Safe Browsing API: Lookup safety of sites using the safe browsing API

Recommend this page to a friend!
  Info   Documentation   View files (23)   Download .zip   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
Not yet rated by the usersTotal: 127 All time: 9,085 This week: 228
Version License PHP version Categories
safebrowsingv4 1.0.0The PHP License5PHP 5, Web services, Security
Description Author

This package can lookup safety of sites using the safe browsing API.

It can send a HTTP request to the Web server of the Google safe browsing API to check a given site.

The package can also store the results using a contained class to cache the for a while and so avoid future lookups.

Innovation Award
PHP Programming Innovation award nominee
January 2018
Number 12
This package can lookup safety of sites using the safe browsing API.

It can send a HTTP request to the Web server of the Google safe browsing API to check a given site.

The package can also store the results using a contained class to cache the for a while and so avoid future lookups.

Manuel Lemos
Picture of Merijn van den Kroonenberg
Name: Merijn van den ... <contact>
Classes: 1 package by
Country: The Netherlands The Netherlands
Age: ???
All time rank: 4208101 in The Netherlands The Netherlands
Week rank: 771 21 in The Netherlands The Netherlands
Innovation award
Innovation award
Nominee: 1x

Details

Web2All safebrowsingv4

This is a google safebrowsing client (update API V4) written in PHP. For information see the google documentation https://developers.google.com/safe-browsing/v4/update-api.

In short the update API keeps track of a local database of hashcodes which is updated using the update API v4 protocol. Any urls will be checked against the local database. When possible matches are found, more hashes will be retrieved from the google service.

URLs which are checked are NEVER sent to google, only a hash will be submitted to google. This is the big advantage compared to the Lookup API v4. An additional advantage is less network traffic as initial checks are done against a local database of hash prefixes and the bulk of the checks does not require a roundtrip to the google service.

Disadvantage of the Update service compared to the Lookup service is that a local cache/data storage is required and the client must update it periodically. So the client must run as a daemon (or scheduled) to keep the local database up-to-date.

The web2all/safebrowsingv4 is no longer actively maintained.

What is in this package

This package contains the google safebrowsing Update API V4 protocol implementation. But it only includes a reference implementation for the local storage (for storing the hash prefix database).

This reference implementation is file-based and just an example, it is not suited for production use.

For an example of a mysql storage backend implementation of this safebrowsing client, see the web2all/safebrowsingv4-sqlstorage package.

Usage

Install using composer (eg. composer create-project web2all/safebrowsingv4).

Go to google and request a new API key, see https://developers.google.com/safe-browsing/v4/get-started.

For tests run: vendor/bin/phpunit tests

To test the safebrowsing client using the example file storage backend create a sample php script:

ini_set ( "memory_limit", "712M");
require_once('vendor/autoload.php');

$storage = new GoogleSafeBrowsing_Example_FileStorage('/writeable/dir/storage/');
$updater = new GoogleSafeBrowsing_Updater('YOUR-GOOGLE-KEY', $storage);

$current_lists=$updater->getLists();
$changed=false;

$ensure_lists='MALWARE/ANY_PLATFORM/URL,SOCIAL_ENGINEERING/ANY_PLATFORM/URL,UNWANTED_SOFTWARE/ANY_PLATFORM/URL,POTENTIALLY_HARMFUL_APPLICATION/ANDROID/URL,POTENTIALLY_HARMFUL_APPLICATION/IOS/URL';

foreach(explode(',',$ensure_lists) as $list){
  if(!isset($current_lists[$list])){
    $current_lists[$list]='';
    echo "add list $list\n";
    $changed=true;
  }
}
if($changed){
  $updater->setLists($current_lists);
}

$updater->run();

the above script will create a local hash prefix database in '/writeable/dir/storage/' and will keep it uptodate. You would want to run such a script in the background. The initial run will need to download all prefixes. It is also pretty memory hungry, an initial run, or when all lists are reset could require 600Mb.

Once above script runs, you can do lookups like this:

require_once('vendor/autoload.php');
$storage = new GoogleSafeBrowsing_Example_FileStorage('/writeable/dir/storage/');
$api=new GoogleSafeBrowsing_API('YOUR-GOOGLE-KEY');

$lookup=new GoogleSafeBrowsing_Lookup($api, $storage);

if(isset($argv[1])){
  $url=$argv[1];
}else{
  die('no url given');
}

echo "Looking up: $url\n";
$lists=$lookup->lookup($url);
if(!$lists){
  echo "NOT LISTED\n";
}else{
  echo implode(',',$lists)."\n";
}

Warning

Do not use the included FileStorage example storage backend in production! It is not efficeient, its just an implementation example. If you must, use web2all/safebrowsingv4-sqlstorage which can be used with mysql. Or implement you own storage backend by implementing the GoogleSafeBrowsing_Lookup_IStorage and GoogleSafeBrowsing_Updater_IStorage interfaces.

See also

License

Web2All safebrowsingv4 is open-sourced software licensed under the MIT license (https://opensource.org/licenses/MIT).

  Files  
File Role Description
src (1 directory)
tests (1 directory)
composer.json Data Auxiliary data
LICENSE.txt Doc. Documentation
README.md Doc. Documentation

  Files  /  src  
File Role Description
GoogleSafeBrowsing (3 files, 4 directories)

  Files  /  src  /  GoogleSafeBrowsing  
File Role Description
API (1 file, 1 directory)
Example (1 file)
Lookup (2 files)
Updater (1 file)
   API.php Class Class source
   Lookup.php Class Class source
   Updater.php Class Class source

  Files  /  src  /  GoogleSafeBrowsing  /  API  
File Role Description
Response (7 files)
   RawResponse.php Class Class source

  Files  /  src  /  GoogleSafeBrowsing  /  API  /  Response  
File Role Description
   Base.php Class Class source
   Data.php Class Class source
   Hash.php Class Class source
   HashCollection.php Class Class source
   ListData.php Class Class source
   ListHashes.php Class Class source
   ThreatEntrySet.php Class Class source

  Files  /  src  /  GoogleSafeBrowsing  /  Example  
File Role Description
   FileStorage.php Class Class source

  Files  /  src  /  GoogleSafeBrowsing  /  Lookup  
File Role Description
   IStorage.php Class Class source
   URL.php Class Class source

  Files  /  src  /  GoogleSafeBrowsing  /  Updater  
File Role Description
   IStorage.php Class Class source

  Files  /  tests  
File Role Description
GoogleSafeBrowsing (5 files)

  Files  /  tests  /  GoogleSafeBrowsing  
File Role Description
   AnyStorageLookupTestAbstract.php Class Class source
   AnyStorageUpdaterTestAbstract.php Class Class source
   FileStorageLookupTest.php Class Class source
   FileStorageUpdaterTest.php Class Class source
   URLTest.php Class Class source

 Version Control Unique User Downloads Download Rankings  
 100%
Total:127
This week:0
All time:9,085
This week:228

For more information send a message to info at phpclasses dot org.