Gets the full hashes that match the requested hash prefix. This is used after a hash prefix is looked up in a threatList and there is a match. The client side threatList only holds partial hashes so the client must query this method to determine if there is a full hash match of a threat.

search(hashPrefix=None, threatTypes=None, x__xgafv=None)

Args:
hashPrefix: string, A hash prefix, consisting of the most significant 4-32 bytes of a SHA256 hash. For JSON requests, this field is base64-encoded. Note that if this parameter is provided by a URI, it must be encoded using the web safe base64 variant (RFC 4648).
threatTypes: string, Required. The ThreatLists to search in. Multiple ThreatLists may be specified. (repeated)
Allowed values
THREAT_TYPE_UNSPECIFIED - No entries should match this threat type. This threat type is unused.
MALWARE - Malware targeting any platform.
SOCIAL_ENGINEERING - Social engineering targeting any platform.
UNWANTED_SOFTWARE - Unwanted software targeting any platform.
SOCIAL_ENGINEERING_EXTENDED_COVERAGE - A list of extended coverage social engineering URIs targeting any platform.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format

Returns:
An object of the form:

{
"negativeExpireTime": "A String", # For requested entities that did not match the threat list, how long to cache the response until.
"threats": [ # The full hashes that matched the requested prefixes. The hash will be populated in the key.
{ # Contains threat information on a matching hash.
"expireTime": "A String", # The cache lifetime for the returned match. Clients must not cache this response past this timestamp to avoid false positives.
"hash": "A String", # A 32 byte SHA256 hash. This field is in binary format. For JSON requests, hashes are base64-encoded.
"threatTypes": [ # The ThreatList this threat belongs to. This must contain at least one entry.
"A String",
],
},
],
}

Web Risk API . hashes

Instance Methods

Method Details