Google Safe Browsing Plugin

A Rails 3 plugin for Google Safe Browsing API v2. It supports Google malware and phishing list.

Installation

Add the plugin to your Gemfile

gem 'google_safe_browsing_plugin', '~> 0.1'

After bundle install, run the following to generate the db migration, model classes and other code

    bundle install
bundle exec rails g google:install

Run the migrations generated from the previous step, and then seed the databse

bundle exec rake db:migrate
    bundle exec rake google:safe_browsing:db_seed

Edit the configration file with your Google API key

    # Edit config/google_safe_browsing.yml, and replace the real API key in line 2.

Build the hash prefix data locally

The plugin stores the hash prefixes in the relational database. The following rake task needs to be run under a cron schedule to keep the local data in sync with the Google server lists. It may require several runs initially before you have a relatively complete hash prefix set before you can do any meaningful full hash lookup. The first run may take a while because it needs to download quite a bit of data and store them in the local database. The initial run of the rake task could generate quarter a million shavar records in the database.

bundle exec rake google:safe_browsing:load_remote

Url lookup

After you run the 'load_remote' rake task several times, your local cache of the hash prefixes will be ready. Now you can start to do url lookup. Start the Rails console, and then try the following

url = 'financestudyhelp.com'
    r = Google::SafeBrowsingHelper.lookup_url url

Since the Google Safe Browsing data get updated frequently, the previous query may not necessarily generate hit on Malware, other urls you can try are 'gumblar.cn' and 'ianfette.org'.

Upon a match on full-length hash lookup, the lookup_url call will return a hash object that contains the match. E.g.

{"financestudyhelp.com"=>["goog-malware-shavar"]}

The key of the hash is the url that's been queried. The array is the match themselves. If the url is both a malware and a phishing link, the value will be

    ["goog-malware-shavar","googpub-phish-shavar"]

If the url is neither a malware nor phishing link, the lookup result will be an empty array [].

Uninstall

If you want to uninstall the gem and remove the generated files

    rails d google:install

Features and limitations

Reference

Copyright © 2013 stonelonely and contributors, released under the MIT license.