npm - prebid.js - Versions diffs - 9.53.2 → 9.53.4 - Mend

prebid.js 9.53.2 → 9.53.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (229) hide show

package/dist/33acrossAnalyticsAdapter.js +1 -1
package/dist/33acrossBidAdapter.js +1 -1
package/dist/33acrossIdSystem.js +1 -1
package/dist/BTBidAdapter.js +1 -1
package/dist/adagioAnalyticsAdapter.js +1 -1
package/dist/adagioBidAdapter.js +1 -1
package/dist/adagioRtdProvider.js +1 -1
package/dist/adagioUtils.js +1 -1
package/dist/addefendBidAdapter.js +1 -1
package/dist/adgenerationBidAdapter.js +1 -1
package/dist/adlooxRtdProvider.js +1 -1
package/dist/adqueryBidAdapter.js +1 -1
package/dist/adrelevantisBidAdapter.js +1 -1
package/dist/adstirBidAdapter.js +1 -1
package/dist/adtrgtmeBidAdapter.js +1 -1
package/dist/adxcgAnalyticsAdapter.js +1 -1
package/dist/adxcgBidAdapter.js +1 -1
package/dist/adyoulikeBidAdapter.js +1 -1
package/dist/agmaAnalyticsAdapter.js +1 -1
package/dist/ajaBidAdapter.js +1 -1
package/dist/amxBidAdapter.js +1 -1
package/dist/amxIdSystem.js +1 -1
package/dist/aniviewBidAdapter.js +1 -1
package/dist/appierAnalyticsAdapter.js +1 -1
package/dist/appnexusBidAdapter.js +1 -1
package/dist/asoBidAdapter.js +1 -1
package/dist/axonixBidAdapter.js +1 -1
package/dist/beopBidAdapter.js +1 -1
package/dist/bidderTimeoutUtils.js +1 -0
package/dist/bidglassBidAdapter.js +1 -1
package/dist/big-richmediaBidAdapter.js +1 -1
package/dist/bitmediaBidAdapter.js +1 -1
package/dist/bridBidAdapter.js +1 -1
package/dist/bridgeuppBidAdapter.js +1 -1
package/dist/bridgewellBidAdapter.js +1 -1
package/dist/brightMountainMediaBidAdapter.js +1 -1
package/dist/carodaBidAdapter.js +1 -1
package/dist/chtnwBidAdapter.js +1 -1
package/dist/chunk-core.js +1 -1
package/dist/concertBidAdapter.js +1 -1
package/dist/connectadBidAdapter.js +1 -1
package/dist/consumableBidAdapter.js +1 -1
package/dist/contxtfulBidAdapter.js +1 -1
package/dist/conversantAnalyticsAdapter.js +1 -1
package/dist/conversantBidAdapter.js +1 -1
package/dist/craftBidAdapter.js +1 -1
package/dist/criteoBidAdapter.js +1 -1
package/dist/cwireBidAdapter.js +1 -1
package/dist/dailymotionBidAdapter.js +1 -1
package/dist/debugging-standalone.js +1 -1
package/dist/dependencies.json +10 -1
package/dist/dspxBidAdapter.js +1 -1
package/dist/dxkultureBidAdapter.js +1 -1
package/dist/eplanningBidAdapter.js +1 -1
package/dist/equativBidAdapter.js +1 -1
package/dist/eskimiBidAdapter.js +1 -1
package/dist/euidIdSystem.js +1 -1
package/dist/exadsBidAdapter.js +1 -1
package/dist/excoBidAdapter.js +1 -1
package/dist/feedadBidAdapter.js +1 -1
package/dist/finativeBidAdapter.js +1 -1
package/dist/freewheel-sspBidAdapter.js +1 -1
package/dist/fwsspBidAdapter.js +1 -1
package/dist/gmosspBidAdapter.js +1 -1
package/dist/greenbidsAnalyticsAdapter.js +1 -1
package/dist/greenbidsBidAdapter.js +1 -1
package/dist/greenbidsRtdProvider.js +1 -1
package/dist/gridBidAdapter.js +1 -1
package/dist/gumgumBidAdapter.js +1 -1
package/dist/h12mediaBidAdapter.js +1 -1
package/dist/hypelabBidAdapter.js +1 -1
package/dist/id5AnalyticsAdapter.js +1 -1
package/dist/id5IdSystem.js +1 -1
package/dist/imdsBidAdapter.js +1 -1
package/dist/improvedigitalBidAdapter.js +1 -1
package/dist/inmobiBidAdapter.js +1 -1
package/dist/insticatorBidAdapter.js +1 -1
package/dist/intentIqAnalyticsAdapter.js +1 -1
package/dist/ixBidAdapter.js +1 -1
package/dist/jixieBidAdapter.js +1 -1
package/dist/justpremiumBidAdapter.js +1 -1
package/dist/kargoBidAdapter.js +1 -1
package/dist/kimberliteBidAdapter.js +1 -1
package/dist/konduitAnalyticsAdapter.js +1 -1
package/dist/kueezBidAdapter.js +1 -1
package/dist/lassoBidAdapter.js +1 -1
package/dist/lifestreetBidAdapter.js +1 -1
package/dist/liveIntentId.js +1 -1
package/dist/logicadBidAdapter.js +1 -1
package/dist/loglyliftBidAdapter.js +1 -1
package/dist/luceadBidAdapter.js +1 -1
package/dist/mabidderBidAdapter.js +1 -1
package/dist/madsenseBidAdapter.js +1 -1
package/dist/magniteAnalyticsAdapter.js +1 -1
package/dist/malltvAnalyticsAdapter.js +1 -1
package/dist/marsmediaBidAdapter.js +1 -1
package/dist/mediafuseBidAdapter.js +1 -1
package/dist/medianetBidAdapter.js +1 -1
package/dist/medianetUtils.js +1 -1
package/dist/mediasquareBidAdapter.js +1 -1
package/dist/mgidBidAdapter.js +1 -1
package/dist/missenaBidAdapter.js +1 -1
package/dist/mobilefuseBidAdapter.js +1 -1
package/dist/nextMillenniumBidAdapter.js +1 -1
package/dist/nexx360Utils.js +1 -1
package/dist/nobidAnalyticsAdapter.js +1 -1
package/dist/nobidBidAdapter.js +1 -1
package/dist/nodalsAiRtdProvider.js +1 -1
package/dist/not-for-prod/prebid.js +178 -175
package/dist/objectGuard.js +1 -1
package/dist/oguryBidAdapter.js +1 -1
package/dist/onetagBidAdapter.js +1 -1
package/dist/ooloAnalyticsAdapter.js +1 -1
package/dist/openxBidAdapter.js +1 -1
package/dist/optableRtdProvider.js +1 -1
package/dist/optidigitalBidAdapter.js +1 -1
package/dist/orbidderBidAdapter.js +1 -1
package/dist/outbrainBidAdapter.js +1 -1
package/dist/pixfutureBidAdapter.js +1 -1
package/dist/publinkIdSystem.js +1 -1
package/dist/pubmaticAnalyticsAdapter.js +1 -1
package/dist/pubmaticBidAdapter.js +1 -1
package/dist/pubmaticIdSystem.js +1 -1
package/dist/pubmaticRtdProvider.js +1 -1
package/dist/pubmaticUtils.js +1 -0
package/dist/pubwiseAnalyticsAdapter.js +1 -1
package/dist/pubxaiAnalyticsAdapter.js +1 -1
package/dist/pxyzBidAdapter.js +1 -1
package/dist/quantcastBidAdapter.js +1 -1
package/dist/readpeakBidAdapter.js +1 -1
package/dist/relaidoBidAdapter.js +1 -1
package/dist/retailspotBidAdapter.js +1 -1
package/dist/rhythmoneBidAdapter.js +1 -1
package/dist/riseUtils.js +1 -1
package/dist/rtdModule.js +1 -1
package/dist/rubiconBidAdapter.js +1 -1
package/dist/seedingAllianceBidAdapter.js +1 -1
package/dist/seedtagBidAdapter.js +1 -1
package/dist/sevioBidAdapter.js +1 -0
package/dist/sharethroughAnalyticsAdapter.js +1 -1
package/dist/sharethroughBidAdapter.js +1 -1
package/dist/showheroes-bsBidAdapter.js +1 -1
package/dist/smaatoBidAdapter.js +1 -1
package/dist/smartadserverBidAdapter.js +1 -1
package/dist/smartxBidAdapter.js +1 -1
package/dist/smilewantedBidAdapter.js +1 -1
package/dist/snigelBidAdapter.js +1 -1
package/dist/sonobiBidAdapter.js +1 -1
package/dist/sovrnBidAdapter.js +1 -1
package/dist/sparteoBidAdapter.js +1 -1
package/dist/sspBCBidAdapter.js +1 -1
package/dist/stvBidAdapter.js +1 -1
package/dist/sublimeBidAdapter.js +1 -1
package/dist/taboolaBidAdapter.js +1 -1
package/dist/tappxBidAdapter.js +1 -1
package/dist/targetVideoBidAdapter.js +1 -1
package/dist/teadsBidAdapter.js +1 -1
package/dist/terceptAnalyticsAdapter.js +1 -1
package/dist/themoneytizerBidAdapter.js +1 -1
package/dist/timeoutRtdProvider.js +1 -1
package/dist/trionBidAdapter.js +1 -1
package/dist/tripleliftBidAdapter.js +1 -1
package/dist/ttdBidAdapter.js +1 -1
package/dist/ucfunnelAnalyticsAdapter.js +1 -1
package/dist/uid2IdSystem.js +1 -1
package/dist/underdogmediaBidAdapter.js +1 -1
package/dist/undertoneBidAdapter.js +1 -1
package/dist/unrulyBidAdapter.js +1 -1
package/dist/userId.js +1 -1
package/dist/vidazooUtils.js +1 -1
package/dist/videobyteBidAdapter.js +1 -1
package/dist/visxBidAdapter.js +1 -1
package/dist/vuukleBidAdapter.js +1 -1
package/dist/widespaceBidAdapter.js +1 -1
package/dist/winrBidAdapter.js +1 -1
package/dist/yahooAdsBidAdapter.js +1 -1
package/dist/yandexBidAdapter.js +1 -1
package/dist/yieldmoBidAdapter.js +1 -1
package/dist/yieldoneAnalyticsAdapter.js +1 -1
package/integrationExamples/gpt/pubmaticRtdProvider_Example.html +161 -0
package/libraries/bidderTimeoutUtils/bidderTimeoutUtils.js +119 -0
package/libraries/objectGuard/objectGuard.js +170 -48
package/libraries/objectGuard/ortbGuard.js +33 -43
package/libraries/pubmaticUtils/plugins/dynamicTimeout.js +209 -0
package/libraries/pubmaticUtils/plugins/floorProvider.js +168 -0
package/libraries/pubmaticUtils/plugins/pluginManager.js +106 -0
package/libraries/pubmaticUtils/plugins/unifiedPricingRule.js +375 -0
package/libraries/pubmaticUtils/pubmaticUtils.js +76 -0
package/modules/adagioAnalyticsAdapter.js +6 -1
package/modules/adagioBidAdapter.js +12 -5
package/modules/adagioRtdProvider.js +41 -35
package/modules/fwsspBidAdapter.js +134 -69
package/modules/fwsspBidAdapter.md +121 -26
package/modules/optableRtdProvider.js +33 -12
package/modules/pubmaticAnalyticsAdapter.js +315 -587
package/modules/pubmaticBidAdapter.js +71 -8
package/modules/pubmaticIdSystem.js +4 -4
package/modules/pubmaticRtdProvider.js +105 -613
package/modules/rtdModule/index.js +23 -6
package/modules/sevioBidAdapter.js +413 -0
package/modules/sevioBidAdapter.md +29 -0
package/modules/sparteoBidAdapter.js +122 -10
package/modules/timeoutRtdProvider.js +2 -105
package/modules/ttdBidAdapter.js +0 -5
package/modules/userId/eids.js +1 -1
package/modules/userId/index.js +32 -1
package/package.json +1 -1
package/src/auction.js +3 -0
package/test/spec/activities/objectGuard_spec.js +189 -32
package/test/spec/activities/ortbGuard_spec.js +10 -15
package/test/spec/libraries/bidderTimeoutUtils/bidderTimeoutUtils_spec.js +213 -0
package/test/spec/libraries/pubmaticUtils/plugins/dynamicTimeout_spec.js +746 -0
package/test/spec/libraries/pubmaticUtils/plugins/floorProvider_spec.js +184 -0
package/test/spec/libraries/pubmaticUtils/plugins/pluginManager_spec.js +489 -0
package/test/spec/libraries/pubmaticUtils/plugins/unifiedPricingRule_spec.js +359 -0
package/test/spec/libraries/pubmaticUtils/pubmaticUtils_spec.js +236 -0
package/test/spec/modules/adagioAnalyticsAdapter_spec.js +94 -24
package/test/spec/modules/adagioRtdProvider_spec.js +17 -17
package/test/spec/modules/fwsspBidAdapter_spec.js +513 -78
package/test/spec/modules/optableRtdProvider_spec.js +55 -5
package/test/spec/modules/pubmaticAnalyticsAdapter_spec.js +634 -916
package/test/spec/modules/pubmaticBidAdapter_spec.js +260 -1
package/test/spec/modules/pubmaticRtdProvider_spec.js +252 -1505
package/test/spec/modules/realTimeDataModule_spec.js +58 -8
package/test/spec/modules/sevioBidAdapter_spec.js +513 -0
package/test/spec/modules/sparteoBidAdapter_spec.js +528 -43
package/test/spec/modules/timeoutRtdProvider_spec.js +1 -201
package/test/spec/modules/ttdBidAdapter_spec.js +0 -33
package/test/spec/modules/userId_spec.js +115 -1

package/modules/timeoutRtdProvider.js CHANGED Viewed

@@ -2,6 +2,7 @@ import { submodule } from '../src/hook.js';
 import * as ajax from '../src/ajax.js';
 import { logInfo, deepAccess, logError } from '../src/utils.js';
 import { getGlobal } from '../src/prebidGlobal.js';
+import { bidderTimeoutFunctions } from '../libraries/bidderTimeoutUtils/bidderTimeoutUtils.js';
 /**
  * @typedef {import('../modules/rtdModule/index.js').RtdSubmodule} RtdSubmodule
@@ -11,113 +12,9 @@ const SUBMODULE_NAME = 'timeout';
 // this allows the stubbing of functions during testing
 export const timeoutRtdFunctions = {
-  getDeviceType,
-  getConnectionSpeed,
-  checkVideo,
-  calculateTimeoutModifier,
   handleTimeoutIncrement
 };
-const entries = Object.entries || function(obj) {
-  const ownProps = Object.keys(obj);
-  let i = ownProps.length;
-  let resArray = new Array(i);
-  while (i--) { resArray[i] = [ownProps[i], obj[ownProps[i]]]; }
-  return resArray;
-};
-function getDeviceType() {
-  const userAgent = window.navigator.userAgent.toLowerCase();
-  if ((/ipad|android 3.0|xoom|sch-i800|playbook|tablet|kindle/i.test(userAgent))) {
-    return 5; // tablet
-  }
-  if ((/iphone|ipod|android|blackberry|opera|mini|windows\sce|palm|smartphone|iemobile/i.test(userAgent))) {
-    return 4; // mobile
-  }
-  return 2; // personal computer
-}
-function checkVideo(adUnits) {
-  return adUnits.some((adUnit) => {
-    return adUnit.mediaTypes && adUnit.mediaTypes.video;
-  });
-}
-function getConnectionSpeed() {
-  const connection = window.navigator.connection || window.navigator.mozConnection || window.navigator.webkitConnection || {}
-  const connectionType = connection.type || connection.effectiveType;
-  switch (connectionType) {
-    case 'slow-2g':
-    case '2g':
-      return 'slow';
-    case '3g':
-      return 'medium';
-    case 'bluetooth':
-    case 'cellular':
-    case 'ethernet':
-    case 'wifi':
-    case 'wimax':
-    case '4g':
-      return 'fast';
-  }
-  return 'unknown';
-}
-/**
- * Calculate the time to be added to the timeout
- * @param {Array} adUnits
- * @param {Object} rules
- * @return {number}
- */
-function calculateTimeoutModifier(adUnits, rules) {
-  logInfo('Timeout rules', rules);
-  let timeoutModifier = 0;
-  let toAdd = 0;
-  if (rules.includesVideo) {
-    const hasVideo = timeoutRtdFunctions.checkVideo(adUnits);
-    toAdd = rules.includesVideo[hasVideo] || 0;
-    logInfo(`Adding ${toAdd} to timeout for includesVideo ${hasVideo}`)
-    timeoutModifier += toAdd;
-  }
-  if (rules.numAdUnits) {
-    const numAdUnits = adUnits.length;
-    if (rules.numAdUnits[numAdUnits]) {
-      timeoutModifier += rules.numAdUnits[numAdUnits];
-    } else {
-      for (const [rangeStr, timeoutVal] of entries(rules.numAdUnits)) {
-        const [lowerBound, upperBound] = rangeStr.split('-');
-        if (parseInt(lowerBound) <= numAdUnits && numAdUnits <= parseInt(upperBound)) {
-          logInfo(`Adding ${timeoutVal} to timeout for numAdUnits ${numAdUnits}`)
-          timeoutModifier += timeoutVal;
-          break;
-        }
-      }
-    }
-  }
-  if (rules.deviceType) {
-    const deviceType = timeoutRtdFunctions.getDeviceType();
-    toAdd = rules.deviceType[deviceType] || 0;
-    logInfo(`Adding ${toAdd} to timeout for deviceType ${deviceType}`)
-    timeoutModifier += toAdd;
-  }
-  if (rules.connectionSpeed) {
-    const connectionSpeed = timeoutRtdFunctions.getConnectionSpeed();
-    toAdd = rules.connectionSpeed[connectionSpeed] || 0;
-    logInfo(`Adding ${toAdd} to timeout for connectionSpeed ${connectionSpeed}`)
-    timeoutModifier += toAdd;
-  }
-  logInfo('timeout Modifier calculated', timeoutModifier);
-  return timeoutModifier;
-}
 /**
  *
  * @param {Object} reqBidsConfigObj
@@ -161,7 +58,7 @@ function getBidRequestData(reqBidsConfigObj, callback, config, userConsent) {
  */
 function handleTimeoutIncrement(reqBidsConfigObj, rules) {
   const adUnits = reqBidsConfigObj.adUnits || getGlobal().adUnits;
-  const timeoutModifier = timeoutRtdFunctions.calculateTimeoutModifier(adUnits, rules);
+  const timeoutModifier = bidderTimeoutFunctions.calculateTimeoutModifier(adUnits, rules);
   const bidderTimeout = reqBidsConfigObj.timeout || getGlobal().getConfig('bidderTimeout');
   reqBidsConfigObj.timeout = bidderTimeout + timeoutModifier;
 }

package/modules/ttdBidAdapter.js CHANGED Viewed

@@ -110,11 +110,6 @@ function getUser(bidderRequest, firstPartyData) {
   var eids = utils.deepAccess(bidderRequest, 'bids.0.userIdAsEids')
   if (eids && eids.length) {
     utils.deepSetValue(user, 'ext.eids', eids);
-    const tdid = eids.find(eid => eid.source == 'adserver.org')?.uids?.[0]?.id;
-    if (tdid) {
-      user.buyeruid = tdid
-    }
   }
   utils.mergeDeep(user, firstPartyData.user)

package/modules/userId/eids.js CHANGED Viewed

@@ -72,7 +72,7 @@ export function createEidsArray(bidRequestUserId, eidConfigs = EID_CONFIG) {
       eids = deepClone(values);
     } else if (typeof eidConf === 'function') {
       try {
-        eids = eidConf(values);
+        eids = deepClone(eidConf(values));
         if (!Array.isArray(eids)) {
           eids = [eids];
         }

package/modules/userId/index.js CHANGED Viewed

@@ -141,7 +141,7 @@ import {
   isPlainObject,
   logError,
   logInfo,
-  logWarn
+  logWarn, mergeDeep
 } from '../../src/utils.js';
 import {getPPID as coreGetPPID} from '../../src/adserver.js';
 import {defer, PbPromise, delay} from '../../src/utils/promise.js';
@@ -154,6 +154,7 @@ import {ACTIVITY_ENRICH_EIDS} from '../../src/activities/activities.js';
 import {activityParams} from '../../src/activities/activityParams.js';
 import {USERSYNC_DEFAULT_CONFIG} from '../../src/userSync.js';
 import {startAuction} from '../../src/prebid.js';
+import {beforeInitAuction} from '../../src/auction.js';
 const MODULE_NAME = 'User ID';
 const COOKIE = STORAGE_TYPE_COOKIES;
@@ -737,6 +738,35 @@ function aliasEidsHook(next, bidderRequests) {
   next(bidderRequests);
 }
+export function adUnitEidsHook(next, auction) {
+  // for backwards-compat, add `userIdAsEids` to ad units' bid objects
+  // before auction events are fired
+  // these are computed similarly to bid requests' `ortb2`, but unlike them,
+  // they are not subject to the same activity checks (since they are not intended for bid adapters)
+  const eidsByBidder = {};
+  const globalEids = auction.getFPD()?.global?.user?.ext?.eids ?? [];
+  function getEids(bidderCode) {
+    if (bidderCode == null) return globalEids;
+    if (!eidsByBidder.hasOwnProperty(bidderCode)) {
+      eidsByBidder[bidderCode] = mergeDeep(
+        {eids: []},
+        {eids: globalEids},
+        {eids: auction.getFPD()?.bidder?.[bidderCode]?.user?.ext?.eids ?? []}
+      ).eids;
+    }
+    return eidsByBidder[bidderCode];
+  }
+  auction.getAdUnits()
+    .flatMap(au => au.bids)
+    .forEach(bid => {
+      const eids = getEids(bid.bidder);
+      if (eids.length > 0) {
+        bid.userIdAsEids = eids;
+      }
+    });
+  next(auction);
+}
 /**
  * Is startAuctionHook added
  * @returns {boolean}
@@ -1262,6 +1292,7 @@ export function init(config, {mkDelay = delay} = {}) {
     }
   });
   adapterManager.makeBidRequests.after(aliasEidsHook);
+  beforeInitAuction.before(adUnitEidsHook);
   // exposing getUserIds function in global-name-space so that userIds stored in Prebid can be used by external codes.
   (getGlobal()).getUserIds = getUserIds;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "prebid.js",
-  "version": "9.53.2",
+  "version": "9.53.4",
   "description": "Header Bidding Management Library",
   "main": "src/prebid.public.js",
   "exports": {

package/src/auction.js CHANGED Viewed

@@ -124,6 +124,8 @@ export function resetAuctionState() {
   [outstandingRequests, sourceInfo].forEach((ob) => Object.keys(ob).forEach((k) => { delete ob[k] }));
 }
+export const beforeInitAuction = hook('sync', (auction) => {})
 /**
  * Creates new auction instance
  *
@@ -293,6 +295,7 @@ export function newAuction({adUnits, adUnitCodes, callback, cbTimeout, labels, a
     let call = {
       bidRequests,
       run: () => {
+        beforeInitAuction(this);
         startAuctionTimer();
         _auctionStatus = AUCTION_IN_PROGRESS;

package/test/spec/activities/objectGuard_spec.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import {objectGuard, writeProtectRule} from '../../../libraries/objectGuard/objectGuard.js';
+import {redactRule} from '../../../src/activities/redactor.js';
 describe('objectGuard', () => {
   describe('read rule', () => {
@@ -12,8 +13,20 @@ describe('objectGuard', () => {
         get(val) { return `repl${val}` },
       }
     })
+    it('should reject conflicting rules', () => {
+      const crule = {...rule, paths: ['outer']};
+      expect(() => objectGuard([rule, crule])).to.throw();
+      expect(() => objectGuard([crule, rule])).to.throw();
+    });
+    it('should preserve object identity', () => {
+      const guard = objectGuard([rule])({outer: {inner: {foo: 'bar'}}});
+      expect(guard.outer).to.equal(guard.outer);
+      expect(guard.outer.inner).to.equal(guard.outer.inner);
+    })
     it('can prevent top level read access', () => {
-      const {obj} = objectGuard([rule])({'foo': 1, 'other': 2});
+      const obj = objectGuard([rule])({'foo': 1, 'other': 2});
       expect(obj).to.eql({
         foo: 'repl1',
         other: 2
@@ -21,20 +34,27 @@ describe('objectGuard', () => {
     });
     it('does not choke if a guarded property is missing', () => {
-      const {obj} = objectGuard([rule])({});
+      const obj = objectGuard([rule])({});
       expect(obj.foo).to.not.exist;
     });
+    it('allows concurrent reads', () => {
+      const obj = {'foo': 'bar'};
+      const guarded = objectGuard([rule])(obj);
+      obj.foo = 'baz';
+      expect(guarded.foo).to.eql('replbaz');
+    })
     it('does not prevent access if applies returns false', () => {
       applies = false;
-      const {obj} = objectGuard([rule])({foo: 1});
+      const obj = objectGuard([rule])({foo: 1});
       expect(obj).to.eql({
         foo: 1
       });
     })
     it('can prevent nested property access', () => {
-      const {obj} = objectGuard([rule])({
+      const obj = objectGuard([rule])({
         other: 0,
         outer: {
           foo: 1,
@@ -60,6 +80,11 @@ describe('objectGuard', () => {
       })
     });
+    it('prevents nested property access when a parent property is protected', () => {
+      const guard = objectGuard([rule])({foo: {inner: 'value'}});
+      expect(guard.inner?.value).to.not.exist;
+    })
     it('does not call applies more than once', () => {
       JSON.stringify(objectGuard([rule])({
         foo: 0,
@@ -68,7 +93,7 @@ describe('objectGuard', () => {
             foo: 1
           }
         }
-      }).obj);
+      }));
       expect(rule.applies.callCount).to.equal(1);
     })
   });
@@ -84,35 +109,72 @@ describe('objectGuard', () => {
       });
     });
-    it('should undo top-level writes', () => {
+    it('should reject conflicting rules', () => {
+      const crule = {...rule, paths: ['outer']};
+      expect(() => objectGuard([rule, crule])).to.throw();
+      expect(() => objectGuard([crule, rule])).to.throw();
+    });
+    it('should preserve object identity', () => {
+      const guard = objectGuard([rule])({outer: {inner: {foo: 'bar'}}});
+      expect(guard.outer).to.equal(guard.outer);
+      expect(guard.outer.inner).to.equal(guard.outer.inner);
+    })
+    it('does not mess up array reads', () => {
+      const guard = objectGuard([rule])({foo: [{bar: 'baz'}]});
+      expect(guard.foo).to.eql([{bar: 'baz'}]);
+    })
+    it('prevents array modification', () => {
+      const obj = {foo: ['value']};
+      const guard = objectGuard([rule])(obj);
+      guard.foo.pop();
+      guard.foo.push('test');
+      expect(obj.foo).to.eql(['value']);
+    })
+    it('allows array modification when not applicable', () => {
+      applies = false;
+      const obj = {foo: ['value']};
+      const guard = objectGuard([rule])(obj);
+      guard.foo.pop();
+      guard.foo.push('test');
+      expect(obj.foo).to.eql(['test']);
+    })
+    it('should prevent top-level writes', () => {
       const obj = {bar: {nested: 'val'}, other: 'val'};
       const guard = objectGuard([rule])(obj);
-      guard.obj.foo = 'denied';
-      guard.obj.bar.nested = 'denied';
-      guard.obj.bar.other = 'denied';
-      guard.obj.other = 'allowed';
-      guard.verify();
-      expect(obj).to.eql({bar: {nested: 'val'}, other: 'allowed'});
+      guard.foo = 'denied';
+      guard.bar.nested = 'denied';
+      guard.bar.other = 'denied';
+      guard.other = 'allowed';
+      expect(guard).to.eql({bar: {nested: 'val'}, other: 'allowed'});
     });
-    it('should undo top-level deletes', () => {
+    it('should not prevent no-op writes', () => {
+      const guard = objectGuard([rule])({foo: {some: 'value'}});
+      guard.foo = {some: 'value'};
+      sinon.assert.notCalled(rule.applies);
+    })
+    it('should prevent top-level deletes', () => {
       const obj = {foo: {nested: 'val'}, bar: 'val'};
       const guard = objectGuard([rule])(obj);
-      delete guard.obj.foo.nested;
-      delete guard.obj.bar;
-      guard.verify();
-      expect(obj).to.eql({foo: {nested: 'val'}, bar: 'val'});
+      delete guard.foo.nested;
+      delete guard.bar;
+      expect(guard).to.eql({foo: {nested: 'val'}, bar: 'val'});
     })
-    it('should undo nested writes', () => {
+    it('should prevent nested writes', () => {
       const obj = {outer: {inner: {bar: {nested: 'val'}, other: 'val'}}};
       const guard = objectGuard([rule])(obj);
-      guard.obj.outer.inner.bar.other = 'denied';
-      guard.obj.outer.inner.bar.nested = 'denied';
-      guard.obj.outer.inner.foo = 'denied';
-      guard.obj.outer.inner.other = 'allowed';
-      guard.verify();
-      expect(obj).to.eql({
+      guard.outer.inner.bar.other = 'denied';
+      guard.outer.inner.bar.nested = 'denied';
+      guard.outer.inner.foo = 'denied';
+      guard.outer.inner.other = 'allowed';
+      expect(guard).to.eql({
         outer: {
           inner: {
             bar: {
@@ -124,21 +186,116 @@ describe('objectGuard', () => {
       })
     });
-    it('should undo nested deletes', () => {
+    it('should prevent writes if upper levels are protected', () => {
+      const obj = {foo: {inner: {}}};
+      const guard = objectGuard([rule])(obj);
+      guard.foo.inner.prop = 'value';
+      expect(obj).to.eql({foo: {inner: {}}});
+    })
+    it('should prevent deletes if a higher level property is protected', () => {
+      const obj = {foo: {inner: {prop: 'value'}}};
+      const guard = objectGuard([rule])(obj);
+      delete guard.foo.inner.prop;
+      expect(obj).to.eql({foo: {inner: {prop: 'value'}}});
+    })
+    it('should clean up top-level writes that would result in inner properties changing', () => {
+      const guard = objectGuard([rule])({outer: {inner: {bar: 'baz'}}});
+      guard.outer = {inner: {bar: 'baz', foo: 'baz', prop: 'allowed'}};
+      expect(guard).to.eql({outer: {inner: {bar: 'baz', prop: 'allowed'}}});
+    })
+    it('should not prevent writes that are not protected', () => {
+      const obj = {};
+      const guard = objectGuard([rule])(obj);
+      guard.outer = {
+        test: 'value'
+      }
+      expect(obj.outer.test).to.eql('value');
+    })
+    it('should not choke on type mismatch: overwrite object with scalar', () => {
+      const obj = {outer: {inner: {}}};
+      const guard = objectGuard([rule])(obj);
+      guard.outer = null;
+      expect(obj).to.eql({outer: {inner: {}}});
+    });
+    it('should not choke on type mismatch: overwrite scalar with object', () => {
+      const obj = {outer: null};
+      const guard = objectGuard([rule])(obj);
+      guard.outer = {inner: {bar: 'denied', other: 'allowed'}};
+      expect(obj).to.eql({outer: {inner: {other: 'allowed'}}});
+    })
+    it('should prevent nested deletes', () => {
       const obj = {outer: {inner: {foo: {nested: 'val'}, bar: 'val'}}};
       const guard = objectGuard([rule])(obj);
-      delete guard.obj.outer.inner.foo.nested;
-      delete guard.obj.outer.inner.bar;
-      guard.verify();
-      expect(obj).to.eql({outer: {inner: {foo: {nested: 'val'}, bar: 'val'}}})
+      delete guard.outer.inner.foo.nested;
+      delete guard.outer.inner.bar;
+      expect(guard).to.eql({outer: {inner: {foo: {nested: 'val'}, bar: 'val'}}})
     });
+    it('should prevent higher level deletes that would result in inner properties changing', () => {
+      const guard = objectGuard([rule])({outer: {inner: {bar: 'baz'}}});
+      delete guard.outer.inner;
+      expect(guard).to.eql({outer: {inner: {bar: 'baz'}}});
+    })
     it('should work on null properties', () => {
       const obj = {foo: null};
       const guard = objectGuard([rule])(obj);
-      guard.obj.foo = 'denied';
-      guard.verify();
-      expect(obj).to.eql({foo: null});
+      guard.foo = 'denied';
+      expect(guard).to.eql({foo: null});
     });
   });
+  describe('multiple rules on the same path', () => {
+    it('should each be checked for redacts', () => {
+      const obj = objectGuard([
+        redactRule({
+          paths: ['foo'],
+          applies: () => true,
+          get(val) {
+            return '1' + val;
+          }
+        }),
+        redactRule({
+          paths: ['foo'],
+          applies: () => true,
+          get(val) {
+            return '2' + val;
+          }
+        })
+      ])({foo: 'bar'});
+      expect(obj.foo).to.eql('21bar');
+    });
+    describe('when a property has both redact and write protect rules', () => {
+      let rules;
+      beforeEach(() => {
+        rules = [
+          redactRule({
+            paths: ['foo'],
+            applies: () => true,
+          }),
+          writeProtectRule({
+            paths: ['foo'],
+            applies: () => true,
+          })
+        ];
+      })
+      Object.entries({
+        'simple value': 'val',
+        'object value': {inner: 'val'}
+      }).forEach(([t, val]) => {
+        it(`can apply them both (on ${t})`, () => {
+          const obj = objectGuard(rules)({foo: val});
+          expect(obj.foo).to.not.exist;
+          obj.foo = {other: 'val'};
+          expect(obj.foo).to.not.exist;
+        })
+      })
+    })
+  })
 });

package/test/spec/activities/ortbGuard_spec.js CHANGED Viewed

@@ -45,7 +45,7 @@ describe('ortb2Guard', () => {
   function testPropertiesAreProtected(properties, allowed) {
     properties.forEach(prop => {
-      it(`should ${allowed ? 'keep' : 'undo'} additions to ${prop}`, () => {
+      it(`should ${allowed ? 'keep' : 'prevent'} additions to ${prop}`, () => {
         const orig = [{n: 'orig'}];
         const ortb2 = {};
         deepSetValue(ortb2, prop, deepClone(orig));
@@ -53,8 +53,7 @@ describe('ortb2Guard', () => {
         const mod = {};
         const insert = [{n: 'new'}];
         deepSetValue(mod, prop, insert);
-        mergeDeep(guard.obj, mod);
-        guard.verify();
+        mergeDeep(guard, mod);
         const actual = deepAccess(ortb2, prop);
         if (allowed) {
           expect(actual).to.eql(orig.concat(insert))
@@ -63,13 +62,12 @@ describe('ortb2Guard', () => {
         }
       });
-      it(`should ${allowed ? 'keep' : 'undo'} modifications to ${prop}`, () => {
+      it(`should ${allowed ? 'keep' : 'prevent'} modifications to ${prop}`, () => {
         const orig = [{n: 'orig'}];
         const ortb2 = {};
         deepSetValue(ortb2, prop, orig);
         const guard = ortb2Guard(ortb2, activityParams(MOD_TYPE, MOD_NAME));
-        deepSetValue(guard.obj, `${prop}.0.n`, 'new');
-        guard.verify();
+        deepSetValue(guard, `${prop}.0.n`, 'new');
         const actual = deepAccess(ortb2, prop);
         if (allowed) {
           expect(actual).to.eql([{n: 'new'}]);
@@ -102,19 +100,18 @@ describe('ortb2FragmentsGuard', () => {
     guardFragments = ortb2FragmentsGuardFactory(testGuard);
   });
-  it('should undo changes to global FPD', () => {
+  it('should prevent changes to global FPD', () => {
     const fragments = {
       global: {
         foo: {inner: 'val'}
       }
     }
     const guard = guardFragments(fragments);
-    guard.obj.global.foo = 'other';
-    guard.verify();
+    guard.global.foo = 'other';
     expect(fragments.global.foo).to.eql({inner: 'val'});
   });
-  it('should undo changes to bidder FPD', () => {
+  it('should prevent changes to bidder FPD', () => {
     const fragments = {
       bidder: {
         A: {
@@ -123,18 +120,16 @@ describe('ortb2FragmentsGuard', () => {
       }
     };
     const guard = guardFragments(fragments);
-    guard.obj.bidder.A.foo = 'denied';
-    guard.verify();
+    guard.bidder.A.foo = 'denied';
     expect(fragments.bidder.A).to.eql({foo: 'val'});
   });
-  it('should undo changes to bidder FPD that was not initially there', () => {
+  it('should prevent changes to bidder FPD that was not initially there', () => {
     const fragments = {
       bidder: {}
     };
     const guard = guardFragments(fragments);
-    guard.obj.bidder.A = {foo: 'denied', other: 'allowed'};
-    guard.verify();
+    guard.bidder.A = {foo: 'denied', other: 'allowed'};
     expect(fragments.bidder.A).to.eql({other: 'allowed'});
   });
 })