Why the Google Web Risk Submission API doesn't return a long-running operationID

Question

I'm trying to use the Google Web Risk Submission API in my Java project. As mentioned here - https://cloud.google.com/web-risk/docs/submission-api#java it seems the response suppose to contain a long-running operationID for future checking on the submission status.

I tried looking at the package itself (currently using google-cloud-webrisk:2.8.0 - I also tried on 2.10.0 and some other oldest versions) and couldn't find any mentions of the operationID.

Am I missing something? How should I follow my Submission request if the API isn't retrieving any ID to follow?

I used the same code from the Google Submission API doc

    try (WebRiskServiceClient webRiskServiceClient = WebRiskServiceClient.create()) {

      Submission submission = Submission.newBuilder()
          .setUri(uri)
          .build();

      CreateSubmissionRequest submissionRequest =
          CreateSubmissionRequest.newBuilder()
              .setParent(String.format("projects/%s", projectId))
              .setSubmission(submission)
              .build();

      Submission submissionResponse = webRiskServiceClient.createSubmissionCallable()
              .futureCall(submissionRequest).get(3, TimeUnit.MINUTES);

      System.out.println("Submission response: " + submissionResponse);
    }

I tried submitting a suspicious URI to the Google Web Risk service using the Java Web Risk Submission API and expected to get a result containing operationID.

Answer 1

I had the same issue (using Python but their sample code for Python is basically the same), and the only solution I found was to send the request using the Python requests library. Basically I took the curl example and turned it into a POST request in Python.

Answer 2

The CreateSubmission rpc does not return a long-running operation, it has the signature

rpc CreateSubmission(CreateSubmissionRequest) returns (Submission) 

However I would suggest instead using the SubmitUri rpc for this purpose, which does return an Operation

rpc SubmitUri(SubmitUriRequest) returns (google.longrunning.Operation)

Please see these docs for an example of calling SubmitUri using the Java client library.

import com.google.cloud.webrisk.v1.WebRiskServiceClient;
import com.google.longrunning.Operation;
import com.google.webrisk.v1.Submission;
import com.google.webrisk.v1.SubmitUriRequest;
import com.google.webrisk.v1.ThreatDiscovery;
import com.google.webrisk.v1.ThreatDiscovery.Platform;
import com.google.webrisk.v1.ThreatInfo;
import com.google.webrisk.v1.ThreatInfo.AbuseType;
import com.google.webrisk.v1.ThreatInfo.Confidence;
import com.google.webrisk.v1.ThreatInfo.Confidence.ConfidenceLevel;
import com.google.webrisk.v1.ThreatInfo.ThreatJustification;
import com.google.webrisk.v1.ThreatInfo.ThreatJustification.JustificationLabel;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;

public class SubmitUri {

  public static void main(String[] args)
      throws IOException, ExecutionException, InterruptedException, TimeoutException {
    // TODO(developer): Replace these variables before running the sample.
    // The name of the project that is making the submission.
    String projectId = "GOOGLE_CLOUD_PROJECT";
    // The URI that is being reported for malicious content to be analyzed.
    String uri = "http://testsafebrowsing.appspot.com/s/malware.html";

    submitUri(projectId, uri);
  }

  // Submits a URI suspected of containing malicious content to be reviewed. Returns a
  // google.longrunning.Operation which, once the review is complete, is updated with its result.
  // You can use the [Pub/Sub API] (https://cloud.google.com/pubsub) to receive notifications for
  // the returned Operation.
  // If the result verifies the existence of malicious content, the site will be added to the
  // Google's Social Engineering lists in order to protect users that could get exposed to this
  // threat in the future. Only allow-listed projects can use this method during Early Access.
  public static void submitUri(String projectId, String uri)
      throws IOException, ExecutionException, InterruptedException, TimeoutException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests.
    try (WebRiskServiceClient webRiskServiceClient = WebRiskServiceClient.create()) {

      // Set the URI to be submitted.
      Submission submission = Submission.newBuilder()
          .setUri(uri)
          .build();

      // Set the context about the submission including the type of abuse found on the URI and
      // supporting details.
      ThreatInfo threatInfo = ThreatInfo.newBuilder()
          // The abuse type found on the URI.
          .setAbuseType(AbuseType.SOCIAL_ENGINEERING)
          // Confidence that a URI is unsafe.
          .setThreatConfidence(Confidence.newBuilder()
              .setLevel(ConfidenceLevel.MEDIUM)
              .build())
          // Context about why the URI is unsafe.
          .setThreatJustification(ThreatJustification.newBuilder()
              // Labels that explain how the URI was classified.
              .addLabels(JustificationLabel.AUTOMATED_REPORT)
              // Free-form context on why this URI is unsafe.
              .addComments("Testing Submission")
              .build())
          .build();

      // Set the details about how the threat was discovered.
      ThreatDiscovery threatDiscovery = ThreatDiscovery.newBuilder()
          // Platform on which the threat was discovered.
          .setPlatform(Platform.MACOS)
          // CLDR region code of the countries/regions the URI poses a threat ordered
          // from most impact to least impact. Example: "US" for United States.
          .addRegionCodes("US")
          .build();

      SubmitUriRequest submitUriRequest = SubmitUriRequest.newBuilder()
          .setParent(String.format("projects/%s", projectId))
          .setSubmission(submission)
          .setThreatInfo(threatInfo)
          .setThreatDiscovery(threatDiscovery)
          .build();

      Operation submissionResponse = webRiskServiceClient.submitUriCallable()
          .futureCall(submitUriRequest)
          .get(30, TimeUnit.SECONDS);

      System.out.println("Submission response: " + submissionResponse);
    }
  }
}