Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Yandex: add id system #11196

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Conversation

chernodub
Copy link
Contributor

@chernodub chernodub commented Mar 12, 2024

Type of change

  • Bugfix

  • Feature

  • New bidder adapter

  • Code style update (formatting, local variables)

  • Refactoring (no functional changes, no api changes)

  • Build related changes

  • CI related changes

  • Does this change affect user-facing APIs or examples documented on http://prebid.org?

  • New ID system

PR to the docs repo: prebid/prebid.github.io#5268

Description of change

Added yandex id system that gets the id provided by Yandex Metrica tag that is optionally installed by the publishers. In case the id is not set by the tag, it will be set from the yandexIdSystem sumbodule.

return id;
}

_setUid(userId) {

Check failure

Code scanning / CodeQL

Insecure randomness High

This uses a cryptographically insecure random number generated at
Math.random()
in a security context.
@chernodub
Copy link
Contributor Author

Hi @ChrisHuie! Our team would really appreciate it if you (or anybody from the Prebid Team) could look into this PR. If anything needs to be updated/explained — I'm here. Thanks!

@ChrisHuie
Copy link
Collaborator

ChrisHuie commented Apr 15, 2024

@chernodub looks like there is a CodeQL issue around insecure randomness and linting issues with single quotes. Also, there are no unit tests to accompany this pr. Don't see any docs either here for this new ID -> https://github.com/prebid/prebid.github.io . Can you please update?

@chernodub
Copy link
Contributor Author

Hi @ChrisHuie! Thanks for the opportunity to improve the code. I've added the changes you recommended 🙏

  1. Added the tests.
  2. Submitted the docs PR: Yandex ID System page prebid.github.io#5268
  3. Fixed the insecure randomness issue by using the Web Crypto API. I had to fall back to Math.random in environments that do not support the crypto module. As far as I see, several other modules also use the Math.random in a similar context, so probably this won't cause any issues. But I'd be happy to add the updates if you have any thoughts on this.
  4. Fixed the codestyle.

Please let me know if anything else needs to be added/improved. Thanks!

Copy link
Collaborator

@bretg bretg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the docs PR prebid/prebid.github.io#5268 suggests there's a bidders parameter ... not seeing this in the code?

},
eids: {
[YANDEX_ID_KEY]: {
source: BIDDER_CODE,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

eids are generally a domain, e.g. yandex.com

Copy link
Contributor Author

@chernodub chernodub May 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @bretg, thanks!

  1. I changed the eid key to domain name. Is it a convention? I wonder what's the reason. We at Yandex have different region-specific domains (e.g. .com, .kz, etc) so I'm not sure if it's a good idea hardcoding the TLD here.
  2. Considering bidders. As far as I understood, this is not a userland parameter, but an option provided by Prebid SDK to control which bidders will receive the eid — here is the link to the docs. Are you sure we need to handle that manually in the module code? I tested this end-to-end I see it working fine without any adjustments on module's side. I also see the related references of config.bidders in the core code. I'd be happy if you could point out what I'm missing here, thanks!

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the eids source key is what DSPs look for when they code for a given ID. It's possible that you only care about your own bidder so the value of the eids source isn't as important, but yes, the convention is that it's a domain.

we're good on the bidders part. thanks.

@chernodub
Copy link
Contributor Author

Hi @ChrisHuie! All the updates are done. I'd really appreciate it if you could look into this once more. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants