CODEWITHSUNDEEP
javaandroidhttpurlconnectionsafe-browsing-api
yogi_5466
yogi_5466

Reputation: 59

google Safebrowsing api v4 always returns empty response

I am using safe browsing api v4 in my android code.I am using Asynctask and request safebrowsing api using httpurlconnection.The response is always empty.

I have tested my connection using test url http://malware.testing.google.test/testing/malware/ also, then too it returns empty.

class Malicious extends AsyncTask<String, Void, Wrapper> {
    private OnTaskCompleted listener;

    public Malicious(OnTaskCompleted listener){
        this.listener=listener;
    }

    @Override
    protected void onPreExecute() {
        super.onPreExecute();

    }

    protected Wrapper doInBackground(String... args) {
        String postURL = "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=APIKEY";

        String requestBody = "{" +
                "    \"client\": {" +
                "      \"clientId\":      \"twittersentidetector\"," +
                "      \"clientVersion\": \"1.0\"" +
                "    }," +
                "    \"threatInfo\": {" +
                "      \"threatTypes\":      [\"MALWARE\", \"SOCIAL_ENGINEERING\"]," +
                "      \"platformTypes\":    [\"ANY_PLATFORM\"]," +
                "      \"threatEntryTypes\": [\"URL\"]," +
                "      \"threatEntries\": [" +
                "        {\"url\": \"" + args[0] + "\"}," +
                "      ]" +
                "    }" +
                "  }";



        URL url;
        StringBuffer response = new StringBuffer();
        try {
            url = new URL(postURL);
        } catch (MalformedURLException e) {
            throw new IllegalArgumentException("invalid url");
        }

        HttpURLConnection conn = null;
        try {
            conn = (HttpURLConnection) url.openConnection();
            conn.setDoOutput(false);
            conn.setDoInput(true);
            conn.setUseCaches(false);
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/json");
            conn.setRequestProperty("User-Agent", USER_AGENT);
            conn.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
            try( DataOutputStream wr = new DataOutputStream( conn.getOutputStream())) {
                byte[] b = requestBody.getBytes();
                wr.write(b);
                wr.flush();
                wr.close();
            }

            // handle the response
            int status = conn.getResponseCode();
            if (status != 200) {
                throw new IOException("Post failed with error code " + status);
            } else {
                BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
                String inputLine;
                while ((inputLine = in.readLine()) != null) {
                    response.append(inputLine);
                }
                in.close();
            }
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            if (conn != null) {
                conn.disconnect();
            }

            //Here is your json in string format
            String responseJSON = response.toString();
            Wrapper w = new Wrapper();
            w.responce = responseJSON;
            w.url = args[0];

            return w;
        }





    }

    @Override
    protected void onPostExecute(Wrapper xml) {

        if(xml.responce.length()==0){
            showtoast("safe");
        }
        else{
            showtoast("not safe");
            listener.onTaskCompleted(xml.url);
        }

    }

}

For test url also it shows safe.The api panel shows requests are made,I don't know what I'm doing wrong, I'm using the V4 API the most recent version but no matter what URL use, always show it's safe.

Upvotes: 2

Views: 1510

Answers (2)

Eranga Wijethunga
Eranga Wijethunga

Reputation: 215

It returns empty if URL is not in threat list but you can test your code using these URLs.

https://testsafebrowsing.appspot.com/s/phishing.html https://testsafebrowsing.appspot.com/s/malware.html https://testsafebrowsing.appspot.com/s/malware_in_iframe.html https://testsafebrowsing.appspot.com/s/unwanted.html https://testsafebrowsing.appspot.com/s/content.exe https://testsafebrowsing.appspot.com/apiv4/IOS/MALWARE/URL/

There are more on this site (From https://testsafebrowsing.appspot.com/ )

Upvotes: 4

Ryan R
Ryan R

Reputation: 61

I set up this basic curl script which was only returning empty brackets {} Searching around the consensus seemed to be this was because the sites I was looking up were not malicious. Only the example you provided(http://malware.testing.google.test/testing/malware/) got me results. I'm still not convinced this is working properly, but here's the script. Hope it helps. (Replace API_KEY with your api key)

<\?php

$parameters = array( 'client' => array('clientId'=>'Evolved Marketing', 'clientVersion'=>'1.5.2'), 'threatInfo' => array('threatTypes'=>array('MALWARE', 'SOCIAL_ENGINEERING'), 'platformTypes'=>array('ANY_PLATFORM'), 'threatEntryTypes'=>array('URL'), 'threatEntries'=>array(array('url'=>'http://malware.testing.google.test/testing/malware/') )), );

$json = json_encode($parameters);

$ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_URL, 'https://safebrowsing.googleapis.com/v4/threatMatches:find?key=API_KEY');

curl_setopt($ch, CURLOPT_POST, TRUE);

curl_setopt($ch, CURLOPT_POSTFIELDS, $json);

curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-type: application/json'));

$response = curl_exec($ch);

print_r($response);

Upvotes: 2

Related Questions