遵循说明 here ,以下代码在示例站点上似乎返回了良好的结果,但在实际的网络钓鱼站点 (https://www.clicktrackingsall.com/a.php
) 上它返回空值:
const axios = require('axios');
const apikey = '<apikey>';
const req = (uri) => `https://webrisk.googleapis.com/v1/uris:search?key=${apikey}&threatTypes=MALWARE&threatTypes=SOCIAL_ENGINEERING&threatTypes=UNWANTED_SOFTWARE&uri=${encodeURIComponent(uri)}`
const checkUrl = async (url) => {
return axios.get(req(url));
}
// returns threatTypes: [ 'SOCIAL_ENGINEERING' ]
checkUrl('http://testsafebrowsing.appspot.com/s/phishing.html').then(({data}) => console.log(data));
// returns threatTypes: [ 'MALWARE' ]
checkUrl('http://testsafebrowsing.appspot.com/s/malware.html').then(({data}) => console.log(data));
// returns empty result
checkUrl('https://www.clicktrackingsall.com/a.php').then(({data}) => console.log(data));
使用 chrome 导航到页面时,它会阻止它。 使用 google transparency report还会返回网络钓鱼。
在使用 Safe Browsing 时也会发生接口(interface)
const axios = require('axios');
const url = 'https://safebrowsing.googleapis.com/v4/threatMatches:find?key=<yourapikey>';
const jsonReq = {
"client": {
"clientId": "<client-id>",
"clientVersion": "<client-version>"
},
"threatInfo": {
"threatTypes": [ "MALWARE", "SOCIAL_ENGINEERING", "UNWANTED_SOFTWARE", "POTENTIALLY_HARMFUL_APPLICATION"],
"platformTypes": ["ANY_PLATFORM"],
"threatEntryTypes": ["URL","EXECUTABLE"],
"threatEntries": [
{"url":"http://testsafebrowsing.appspot.com/s/phishing.html"},
{"url":"http://testsafebrowsing.appspot.com/s/malware.html"},
{"url":"https://www.clicktrackingsall.com/a.php"},
{"url":"http://getnetflix.club/"}
]
}
};
axios.post(url, jsonReq).then(result => {
console.log(JSON.stringify(result.data, null, 2));
})
/* prints:
{
"matches": [
{
"threatType": "SOCIAL_ENGINEERING",
"platformType": "ANY_PLATFORM",
"threat": {
"url": "http://testsafebrowsing.appspot.com/s/phishing.html"
},
"cacheDuration": "300s",
"threatEntryType": "URL"
},
{
"threatType": "MALWARE",
"platformType": "ANY_PLATFORM",
"threat": {
"url": "http://testsafebrowsing.appspot.com/s/malware.html"
},
"cacheDuration": "300s",
"threatEntryType": "URL"
}
]
}*/
我做错了什么吗?
最佳答案
我得到了相同的结果, 它返回空:{} in CURL
除了他们自己的例子,因为我试图改变 url 或 threatTypes 它什么都不返回。
curl -X GET \
-H "Authorization: Bearer "$(gcloud auth application-default print-access-token) \
""https://webrisk.googleapis.com/v1/uris:search?threatTypes=MALWARE&uri=http%3A%2F%2Ftestsafebrowsing.appspot.com%2Fs%2Fmalware.html""
关于phishing - Google web-risk API 和 SafeBrowsing api 返回钓鱼网站安全,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61867168/