github.com/prebid/prebid-server/v2@v2.18.0/privacy/gdpr/consentwriter_test.go (about) 1 package gdpr 2 3 import ( 4 "encoding/json" 5 "testing" 6 7 "github.com/prebid/openrtb/v20/openrtb2" 8 "github.com/stretchr/testify/assert" 9 ) 10 11 func TestConsentWriter(t *testing.T) { 12 testCases := []struct { 13 description string 14 consent string 15 request *openrtb2.BidRequest 16 expected *openrtb2.BidRequest 17 expectedError bool 18 }{ 19 { 20 description: "Empty", 21 consent: "", 22 request: &openrtb2.BidRequest{}, 23 expected: &openrtb2.BidRequest{}, 24 }, 25 { 26 description: "Enabled With Nil Request User Object", 27 consent: "anyConsent", 28 request: &openrtb2.BidRequest{}, 29 expected: &openrtb2.BidRequest{User: &openrtb2.User{ 30 Ext: json.RawMessage(`{"consent":"anyConsent"}`)}}, 31 }, 32 { 33 description: "Enabled With Nil Request User Ext Object", 34 consent: "anyConsent", 35 request: &openrtb2.BidRequest{User: &openrtb2.User{}}, 36 expected: &openrtb2.BidRequest{User: &openrtb2.User{ 37 Ext: json.RawMessage(`{"consent":"anyConsent"}`)}}, 38 }, 39 { 40 description: "Enabled With Existing Request User Ext Object - Doesn't Overwrite", 41 consent: "anyConsent", 42 request: &openrtb2.BidRequest{User: &openrtb2.User{ 43 Ext: json.RawMessage(`{"existing":"any"}`)}}, 44 expected: &openrtb2.BidRequest{User: &openrtb2.User{ 45 Ext: json.RawMessage(`{"consent":"anyConsent","existing":"any"}`)}}, 46 }, 47 { 48 description: "Enabled With Existing Request User Ext Object - Overwrites", 49 consent: "anyConsent", 50 request: &openrtb2.BidRequest{User: &openrtb2.User{ 51 Ext: json.RawMessage(`{"existing":"any","consent":"toBeOverwritten"}`)}}, 52 expected: &openrtb2.BidRequest{User: &openrtb2.User{ 53 Ext: json.RawMessage(`{"consent":"anyConsent","existing":"any"}`)}}, 54 }, 55 { 56 description: "Enabled With Existing Malformed Request User Ext Object", 57 consent: "anyConsent", 58 request: &openrtb2.BidRequest{User: &openrtb2.User{ 59 Ext: json.RawMessage(`malformed`)}}, 60 expectedError: true, 61 }, 62 { 63 description: "Injection Attack With Nil Request User Object", 64 consent: "BONV8oqONXwgmADACHENAO7pqzAAppY\"},\"oops\":\"malicious\",\"p\":{\"p\":\"", 65 request: &openrtb2.BidRequest{}, 66 expected: &openrtb2.BidRequest{User: &openrtb2.User{ 67 Ext: json.RawMessage(`{"consent":"BONV8oqONXwgmADACHENAO7pqzAAppY\"},\"oops\":\"malicious\",\"p\":{\"p\":\""}`), 68 }}, 69 }, 70 { 71 description: "Injection Attack With Nil Request User Ext Object", 72 consent: "BONV8oqONXwgmADACHENAO7pqzAAppY\"},\"oops\":\"malicious\",\"p\":{\"p\":\"", 73 request: &openrtb2.BidRequest{User: &openrtb2.User{}}, 74 expected: &openrtb2.BidRequest{User: &openrtb2.User{ 75 Ext: json.RawMessage(`{"consent":"BONV8oqONXwgmADACHENAO7pqzAAppY\"},\"oops\":\"malicious\",\"p\":{\"p\":\""}`), 76 }}, 77 }, 78 { 79 description: "Injection Attack With Existing Request User Ext Object", 80 consent: "BONV8oqONXwgmADACHENAO7pqzAAppY\"},\"oops\":\"malicious\",\"p\":{\"p\":\"", 81 request: &openrtb2.BidRequest{User: &openrtb2.User{ 82 Ext: json.RawMessage(`{"existing":"any"}`), 83 }}, 84 expected: &openrtb2.BidRequest{User: &openrtb2.User{ 85 Ext: json.RawMessage(`{"consent":"BONV8oqONXwgmADACHENAO7pqzAAppY\"},\"oops\":\"malicious\",\"p\":{\"p\":\"","existing":"any"}`), 86 }}, 87 }, 88 } 89 90 for _, test := range testCases { 91 writer := ConsentWriter{test.consent, nil} 92 err := writer.Write(test.request) 93 94 if test.expectedError { 95 assert.Error(t, err, test.description) 96 } else { 97 assert.NoError(t, err, test.description) 98 assert.Equal(t, test.expected, test.request, test.description) 99 } 100 } 101 }