为了防止用户在我们的 Discord 服务器上发布网络钓鱼诈骗链接,我决定使用 Google 安全浏览 API。
谷歌透明度报告(据我所知使用安全浏览 API)说该网站:
包含有害内容,包括以下网页:
- 尝试诱骗访问者分享个人信息或下载软件
但是,当通过 node-js 使用安全浏览 API 时,使用该googleapis包,我得到该网站的以下响应(字符串化GaxiosPromise<Schema$GoogleSecuritySafebrowsingV4FindThreatMatchesResponse>):
{
"config": {
"url": "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=...",
"method": "POST",
"userAgentDirectives": [
{
"product": "google-api-nodejs-client",
"version": "5.0.3",
"comment": "gzip"
}
],
"data": {
"client": {
"clientId": "tccpp-safety",
"clientVersion": "0.1.0"
},
"threatInfo": {
"threatTypes": [
"MALWARE",
"SOCIAL_ENGINEERING",
"UNWANTED_SOFTWARE",
"POTENTIALLY_HARMFUL_APPLICATION",
"THREAT_TYPE_UNSPECIFIED"
],
"platformTypes": [
"ANY_PLATFORM",
"PLATFORM_TYPE_UNSPECIFIED"
],
"threatEntryTypes": [
"URL"
],
"threatEntries": [
{
"url": "https://steamcommunytiu.com/new/?partner=65855640&token=Kj48sll3"
}
]
}
},
"headers": {
"x-goog-api-client": "gdcl/5.0.3 gl-node/12.21.0 auth/7.3.0",
"Accept-Encoding": "gzip",
"User-Agent": "google-api-nodejs-client/5.0.3 (gzip)",
"Content-Type": "application/json",
"Accept": "application/json"
},
"params": {
"key": "..."
},
"retry": true,
"body": "{\"client\":{\"clientId\":\"tccpp-safety\",\"clientVersion\":\"0.1.0\"},\"threatInfo\":{\"threatTypes\":[\"MALWARE\",\"SOCIAL_ENGINEERING\",\"UNWANTED_SOFTWARE\",\"POTENTIALLY_HARMFUL_APPLICATION\",\"THREAT_TYPE_UNSPECIFIED\"],\"platformTypes\":[\"ANY_PLATFORM\",\"PLATFORM_TYPE_UNSPECIFIED\"],\"threatEntryTypes\":[\"URL\"],\"threatEntries\":[{\"url\":\"https://steamcommunytiu.com/new/?partner=65855640&token=Kj48sll3\"}]}}",
"responseType": "json"
},
"data": {},
"headers": { ... },
"status": 200,
"statusText": "OK",
"request": {
"responseURL": "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=..."
}
}
这是使用以下代码片段打印的:
const response = await safebrowsing.threatMatches.find({ requestBody: body });
console.log(JSON.stringify(response, undefined, 4));
您可以看到data响应对象中的部分完全是空的,通常这是matches数组应该在的位置。
我是否使用了错误的 API?安全浏览查找 API 表示 ULR不需要规范化或编码。