search

google / safebrowsing

Safe Browsing API Go Client
Apache License 2.0
470 stars 129 forks source link

Why is the API marking Chinese cdns as unsafe while online/browser lookup aren't ? #103

Closed alexliu0809 closed 4 years ago

alexliu0809 commented 4 years ago

Hi guys,

Thanks for this amazing tool.

As previously mentioned in this issue, many folks are seeing discrepancies between the client and safe browsing-enabled browsers.

I specifically observed that a huge of amount of cdns/apis of Chinese services are marked as unsafe by the api client. Examples include "hlsa-akm.douyucdn.cn", "gslb.miaopai.com/", and "switch.pcfg.cache.wpscdn.cn". These sites are marked as unsafe by the API. However, the transparency report says it is SAFE.

A sample query result from the API.

{
  "matches": [
    {
      "threatType": "UNWANTED_SOFTWARE",
      "platformType": "ANDROID",
      "threat": {
        "url": "gslb.miaopai.com/"
      },
      "cacheDuration": "300s",
      "threatEntryType": "URL"
    },
    {
      "threatType": "UNWANTED_SOFTWARE",
      "platformType": "ANDROID",
      "threat": {
        "url": "switch.pcfg.cache.wpscdn.cn"
      },
      "cacheDuration": "300s",
      "threatEntryType": "URL"
    }
  ]
}

Any ideas on what's up? I am also curious why these sites are considered "UNWANTED_SOFTWARE" in "ANDROID" only. Thanks

alexliu0809 commented 4 years ago

For future reference, there's a bug in Safe Browsing's diagnose tool, and they are working on fixing it