Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an app.id blacklist to PBS and reject requests from it #969

Merged
merged 19 commits into from
Aug 14, 2019
Merged

Add an app.id blacklist to PBS and reject requests from it #969

merged 19 commits into from
Aug 14, 2019

Conversation

guscarreon
Copy link
Contributor

Still to do:

  • Get the list with app ids to include in the list
  • Configure environment variable in bitbucket

@guscarreon guscarreon requested review from hhhjort and mansinahar July 22, 2019 21:25
@guscarreon guscarreon changed the title first draft, blacklist in yaml file Add an app.id blacklist to PBS and reject requests from it Jul 23, 2019
@guscarreon guscarreon requested a review from hhhjort July 29, 2019 14:21
hhhjort
hhhjort previously approved these changes Jul 31, 2019
View reviewed changes
mansinahar
mansinahar reviewed Aug 7, 2019
View reviewed changes
endpoints/openrtb2/auction_test.go Outdated Show resolved Hide resolved
endpoints/openrtb2/auction_test.go Outdated Show resolved Hide resolved
mansinahar
mansinahar reviewed Aug 8, 2019
View reviewed changes
Copy link
Contributor

@mansinahar mansinahar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On this line: https://github.com/prebid/prebid-server/pull/969/files#diff-09e5d415f33d74fd6df20b2584f318d1R110, the if fatalError(errL) && writeError(errL, w) condition will be false in case of BlacklistedApp errors and so we will continue processing the request. I don't think that's the expected behavior, right?

config/config.go
@@ -634,6 +645,7 @@ func SetupViper(v *viper.Viper, filename string) {
v.SetDefault("default_request.type", "")
v.SetDefault("default_request.file.name", "")
v.SetDefault("default_request.alias_info", false)
v.SetDefault("blacklisted_apps", []string{""})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@guscarreon Do we need a slice with empty string as default? I mean why can't it be just an empty slice?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the flow keyword was added, the BlacklistedApps field in line 55 below expects an array of strings.

 21 type Configuration struct {
 22     ExternalURL string     `mapstructure:"external_url"`
 23 +-- 28 lines: Host        string     `mapstructure:"host"`---------------------------------------
 51
 52     VideoStoredRequestRequired bool `mapstructure:"video_stored_request_required"`
 53
 54     // PBS-418 array of blacklisted apps and its correpondent hash table to be instantly accessed.
 55     BlacklistedApps   []string `mapstructure:"blacklisted_apps,flow"`
 56     BlacklistedAppMap map[string]bool
 57 }
 58

Therefore, I figured it was better to add a slice with an empty string because other string fields of the Configuration struct add an empty string instead of a nil string as default. Take the Host field for example, in config/config.go its default is set to an empty string as well as StatusResponse and RecaptchaSecret to name a few:

 21 type Configuration struct {
 22     ExternalURL string     `mapstructure:"external_url"`
 23     Host        string     `mapstructure:"host"`
 24     Port        int        `mapstructure:"port"`
 25     Client      HTTPClient `mapstructure:"http_client"`
 26     AdminPort   int        `mapstructure:"admin_port"`
 27     EnableGzip  bool       `mapstructure:"enable_gzip"`
 28     // StatusResponse is the string which will be returned by the /status endpoint when things are OK.
 29     // If empty, it will return a 204 with no content.
 30     StatusResponse  string             `mapstructure:"status_response"`
 31     AuctionTimeouts AuctionTimeouts    `mapstructure:"auction_timeouts_ms"`
 32     CacheURL        Cache              `mapstructure:"cache"`
 33     RecaptchaSecret string             `mapstructure:"recaptcha_secret"`
 34     HostCookie      HostCookie         `mapstructure:"host_cookie"`
 35     Metrics         Metrics            `mapstructure:"metrics"`
 36 +--444 lines: DataCache       DataCache          `mapstructure:"datacache"`---------------------
480 func SetupViper(v *viper.Viper, filename string) {
481     if filename != "" {
482         v.SetConfigName(filename)
483         v.AddConfigPath(".")
484         v.AddConfigPath("/etc/config")
485     }
486     // Fixes #475: Some defaults will be set just so they are accessible via environment variables
487     // (basically so viper knows they exist)
488     v.SetDefault("external_url", "http://localhost:8000")
489     v.SetDefault("host", "")
490     v.SetDefault("port", 8000)
491     v.SetDefault("admin_port", 6060)
492     v.SetDefault("enable_gzip", false)
493     v.SetDefault("status_response", "")
494     v.SetDefault("auction_timeouts_ms.default", 0)
495     v.SetDefault("auction_timeouts_ms.max", 0)
496     v.SetDefault("cache.scheme", "")
497     v.SetDefault("cache.host", "")
498     v.SetDefault("cache.query", "")
499     v.SetDefault("cache.expected_millis", 10)
500     v.SetDefault("cache.default_ttl_seconds.banner", 0)
501     v.SetDefault("cache.default_ttl_seconds.video", 0)
502     v.SetDefault("cache.default_ttl_seconds.native", 0)
503     v.SetDefault("cache.default_ttl_seconds.audio", 0)
504     v.SetDefault("recaptcha_secret", "")
505     v.SetDefault("host_cookie.domain", "")
506     v.SetDefault("host_cookie.family", "")

endpoints/openrtb2/auction.go Outdated Show resolved Hide resolved
mansinahar
mansinahar reviewed Aug 8, 2019
View reviewed changes
endpoints/openrtb2/video_auction.go Outdated
@@ -242,14 +242,19 @@ func cleanupVideoBidRequest(videoReq *openrtb_ext.BidRequestVideo, podErrors []P

func handleError(labels pbsmetrics.Labels, w http.ResponseWriter, errL []error, ao analytics.AuctionObject) {
labels.RequestStatus = pbsmetrics.RequestStatusErr
w.WriteHeader(http.StatusInternalServerError)
if errortypes.DecodeError(errL[0]) == errortypes.BlacklistedAppCode {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again, we should check the entire errs slice rather than just the first element.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

corrected

endpoints/openrtb2/video_auction.go Outdated Show resolved Hide resolved
@guscarreon
Copy link
Contributor Author

On this line: https://github.com/prebid/prebid-server/pull/969/files#diff-09e5d415f33d74fd6df20b2584f318d1R110, the if fatalError(errL) && writeError(errL, w) condition will be false in case of BlacklistedApp errors and so we will continue processing the request. I don't think that's the expected behavior, right?

Good catch! Corrected.

mansinahar
mansinahar reviewed Aug 12, 2019
View reviewed changes
endpoints/openrtb2/video_auction.go Outdated
errors = fmt.Sprintf("%s %s", errors, er.Error())
}
}
if !foundBlacklisted {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You never set the foundBlacklisted anywhere in the above code, so this block will always get executed. I don't think that's what we want.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right. Corrected

mansinahar
mansinahar previously approved these changes Aug 12, 2019
View reviewed changes
@mansinahar mansinahar requested a review from hhhjort August 12, 2019 19:17
@mansinahar mansinahar assigned hhhjort and unassigned mansinahar Aug 14, 2019
@mansinahar mansinahar merged commit 59271c9 into prebid:master Aug 14, 2019
katsuo5 pushed a commit to flux-dev-team/prebid-server-1 that referenced this pull request Dec 1, 2020
@guscarreon @mansinahar
Add an app.id blacklist to PBS and reject requests from it (prebid#969)
abb558d
katsuo5 pushed a commit to flux-dev-team/prebid-server-1 that referenced this pull request Dec 2, 2020
@guscarreon @mansinahar
Add an app.id blacklist to PBS and reject requests from it (prebid#969)
94a5567
katsuo5 pushed a commit to flux-dev-team/prebid-server-1 that referenced this pull request Dec 4, 2020
@guscarreon @mansinahar
Add an app.id blacklist to PBS and reject requests from it (prebid#969)
896099d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hhhjort hhhjort hhhjort approved these changes

@mansinahar mansinahar mansinahar approved these changes

Assignees

@hhhjort hhhjort

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@guscarreon @mansinahar @hhhjort