prebid · VeronikaSolovei9 · Jan 16, 2024 · Dec 12, 2023 · Dec 14, 2023 · Dec 14, 2023
diff --git a/endpoints/openrtb2/amp_auction.go b/endpoints/openrtb2/amp_auction.go
@@ -235,6 +235,7 @@ func (deps *endpointDeps) AmpAuction(w http.ResponseWriter, r *http.Request, _ h
 	activityControl = privacy.NewActivityControl(&account.Privacy)
 
 	hookExecutor.SetActivityControl(activityControl)
+	hookExecutor.SetAccount(account)
 
 	secGPC := r.Header.Get("Sec-GPC")
 

diff --git a/endpoints/openrtb2/auction.go b/endpoints/openrtb2/auction.go
@@ -206,6 +206,7 @@ func (deps *endpointDeps) Auction(w http.ResponseWriter, r *http.Request, _ http
 	activityControl = privacy.NewActivityControl(&account.Privacy)
 
 	hookExecutor.SetActivityControl(activityControl)
+	hookExecutor.SetAccount(account)
 
 	ctx := context.Background()
 

diff --git a/hooks/hookexecution/execution.go b/hooks/hookexecution/execution.go
@@ -3,6 +3,7 @@ package hookexecution
 import (
 	"context"
 	"fmt"
+	"github.com/prebid/prebid-server/v2/config"
 	"github.com/prebid/prebid-server/v2/ortb"
 	"strings"
 	"sync"
@@ -68,7 +69,7 @@ func executeGroup[H any, P any](
 
 	for _, hook := range group.Hooks {
 		mCtx := executionCtx.getModuleContext(hook.Module)
-		newPayload := handleModuleActivities(hook.Code, executionCtx.activityControl, payload)
+		newPayload := handleModuleActivities(hook.Code, executionCtx.activityControl, payload, executionCtx.account.Privacy)
 		wg.Add(1)
 		go func(hw hooks.HookWrapper[H], moduleCtx hookstage.ModuleInvocationContext) {
 			defer wg.Done()
@@ -315,28 +316,36 @@ func handleHookMutations[P any](
 	return payload
 }
 
-func handleModuleActivities[P any](hookCode string, activityControl privacy.ActivityControl, payload P) P {
+func handleModuleActivities[P any](hookCode string, activityControl privacy.ActivityControl, payload P, ap config.AccountPrivacy) P {
 	payloadData, ok := any(&payload).(hookstage.RequestUpdater)
 	if !ok {
 		return payload
 	}
 
 	scopeGeneral := privacy.Component{Type: privacy.ComponentTypeGeneral, Name: hookCode}
 	transmitUserFPDActivityAllowed := activityControl.Allow(privacy.ActivityTransmitUserFPD, scopeGeneral, privacy.ActivityRequest{})
+	transmitPreciseGeoActivityAllowed := activityControl.Allow(privacy.ActivityTransmitPreciseGeo, scopeGeneral, privacy.ActivityRequest{})
 
-	if !transmitUserFPDActivityAllowed {
-		// changes need to be applied to new payload and leave original payload unchanged
-		bidderReq := payloadData.GetBidderRequestPayload()
+	if transmitUserFPDActivityAllowed && transmitPreciseGeoActivityAllowed {
+		return payload
+	}
 
-		bidderReqCopy := ortb.CloneBidderReq(bidderReq.BidRequest)
+	// changes need to be applied to new payload and leave original payload unchanged
+	bidderReq := payloadData.GetBidderRequestPayload()
 
-		privacy.ScrubUserFPD(bidderReqCopy)
+	bidderReqCopy := ortb.CloneBidderReq(bidderReq.BidRequest)
 
-		var newPayload = payload
-		var np = any(&newPayload).(hookstage.RequestUpdater)
-		np.SetBidderRequestPayload(bidderReqCopy)
-		return newPayload
+	if !transmitUserFPDActivityAllowed {
+		privacy.ScrubUserFPD(bidderReqCopy)
+	}
+	if !transmitPreciseGeoActivityAllowed {
+		ipConf := privacy.IPConf{IPV6: ap.IPv6Config, IPV4: ap.IPv4Config}
+		privacy.ScrubGeoAndDeviceIP(bidderReqCopy, ipConf)
 	}
 
-	return payload
+	var newPayload = payload
+	var np = any(&newPayload).(hookstage.RequestUpdater)
+	np.SetBidderRequestPayload(bidderReqCopy)
+	return newPayload
+
 }
diff --git a/hooks/hookexecution/execution_test.go b/hooks/hookexecution/execution_test.go
@@ -10,6 +10,12 @@ import (
 	"testing"
 )
 
+const (
+	testIpv6           = "1111:2222:3333:4444:5555:6666:7777:8888"
+	testIPv6Scubbed    = "1111:2222::"
+	testIPv6ScrubBytes = 32
+)
+
 func TestHandleModuleActivitiesBidderRequestPayload(t *testing.T) {
 
 	testCases := []struct {
@@ -49,13 +55,44 @@ func TestHandleModuleActivitiesBidderRequestPayload(t *testing.T) {
 				}},
 			},
 		},
+		{
+			description: "payload should change when transmitPreciseGeo is blocked by activity",
+			hookCode:    "foo",
+			inPayloadData: hookstage.BidderRequestPayload{
+				Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
+					Device: &openrtb2.Device{IPv6: testIpv6},
+				}},
+			},
+			privacyConfig: getTransmitPreciseGeoActivityConfig("foo", false),
+			expectedPayloadData: hookstage.BidderRequestPayload{
+				Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
+					Device: &openrtb2.Device{IPv6: testIPv6Scubbed},
+				},
+				}},
+		},
+		{
+			description: "payload should not change when transmitPreciseGeo is not blocked by activity",
+			hookCode:    "foo",
+			inPayloadData: hookstage.BidderRequestPayload{
+				Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
+					Device: &openrtb2.Device{IPv6: testIpv6},
+				}},
+			},
+			privacyConfig: getTransmitPreciseGeoActivityConfig("foo", true),
+			expectedPayloadData: hookstage.BidderRequestPayload{
+				Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
+					Device: &openrtb2.Device{IPv6: testIpv6},
+				}},
+			},
+		},
 	}
 	for _, test := range testCases {
 		t.Run(test.description, func(t *testing.T) {
 			//check input payload didn't change
 			origInPayloadData := test.inPayloadData
 			activityControl := privacy.NewActivityControl(test.privacyConfig)
-			newPayload := handleModuleActivities(test.hookCode, activityControl, test.inPayloadData)
+			accountPrivacy := config.AccountPrivacy{IPv6Config: config.IPv6{testIPv6ScrubBytes}}
+			newPayload := handleModuleActivities(test.hookCode, activityControl, test.inPayloadData, accountPrivacy)
 			assert.Equal(t, test.expectedPayloadData.Request.BidRequest, newPayload.Request.BidRequest)
 			assert.Equal(t, origInPayloadData, test.inPayloadData)
 		})
@@ -101,13 +138,45 @@ func TestHandleModuleActivitiesProcessedAuctionRequestPayload(t *testing.T) {
 				}},
 			},
 		},
+
+		{
+			description: "payload should change when transmitPreciseGeo is blocked by activity",
+			hookCode:    "foo",
+			inPayloadData: hookstage.ProcessedAuctionRequestPayload{
+				Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
+					Device: &openrtb2.Device{IPv6: testIpv6},
+				}},
+			},
+			privacyConfig: getTransmitPreciseGeoActivityConfig("foo", false),
+			expectedPayloadData: hookstage.ProcessedAuctionRequestPayload{
+				Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
+					Device: &openrtb2.Device{IPv6: testIPv6Scubbed},
+				}},
+			},
+		},
+		{
+			description: "payload should not change when transmitPreciseGeo is not blocked by activity",
+			hookCode:    "foo",
+			inPayloadData: hookstage.ProcessedAuctionRequestPayload{
+				Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
+					Device: &openrtb2.Device{IPv6: testIpv6},
+				}},
+			},
+			privacyConfig: getTransmitPreciseGeoActivityConfig("foo", true),
+			expectedPayloadData: hookstage.ProcessedAuctionRequestPayload{
+				Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
+					Device: &openrtb2.Device{IPv6: testIpv6},
+				}},
+			},
+		},
 	}
 	for _, test := range testCases {
 		t.Run(test.description, func(t *testing.T) {
 			//check input payload didn't change
 			origInPayloadData := test.inPayloadData
 			activityControl := privacy.NewActivityControl(test.privacyConfig)
-			newPayload := handleModuleActivities(test.hookCode, activityControl, test.inPayloadData)
+			accountPrivacy := config.AccountPrivacy{IPv6Config: config.IPv6{testIPv6ScrubBytes}}
+			newPayload := handleModuleActivities(test.hookCode, activityControl, test.inPayloadData, accountPrivacy)
 			assert.Equal(t, test.expectedPayloadData.Request.BidRequest, newPayload.Request.BidRequest)
 			assert.Equal(t, origInPayloadData, test.inPayloadData)
 		})
@@ -137,13 +206,27 @@ func TestHandleModuleActivitiesNoBidderRequestPayload(t *testing.T) {
 			privacyConfig:       getTransmitUFPDActivityConfig("foo", true),
 			expectedPayloadData: hookstage.RawAuctionRequestPayload{},
 		},
+		{
+			description:         "payload should change when transmitPreciseGeo is blocked by activity",
+			hookCode:            "foo",
+			inPayloadData:       hookstage.RawAuctionRequestPayload{},
+			privacyConfig:       getTransmitPreciseGeoActivityConfig("foo", false),
+			expectedPayloadData: hookstage.RawAuctionRequestPayload{},
+		},
+		{
+			description:         "payload should not change when transmitPreciseGeo is not blocked by activity",
+			hookCode:            "foo",
+			inPayloadData:       hookstage.RawAuctionRequestPayload{},
+			privacyConfig:       getTransmitPreciseGeoActivityConfig("foo", true),
+			expectedPayloadData: hookstage.RawAuctionRequestPayload{},
+		},
 	}
 	for _, test := range testCases {
 		t.Run(test.description, func(t *testing.T) {
 			//check input payload didn't change
 			origInPayloadData := test.inPayloadData
 			activityControl := privacy.NewActivityControl(test.privacyConfig)
-			newPayload := handleModuleActivities(test.hookCode, activityControl, test.inPayloadData)
+			newPayload := handleModuleActivities(test.hookCode, activityControl, test.inPayloadData, config.AccountPrivacy{})
 			assert.Equal(t, test.expectedPayloadData, newPayload)
 			assert.Equal(t, origInPayloadData, test.inPayloadData)
 		})

diff --git a/hooks/hookexecution/executor.go b/hooks/hookexecution/executor.go
@@ -68,6 +68,7 @@ func NewHookExecutor(builder hooks.ExecutionPlanBuilder, endpoint string, me met
 		stageOutcomes:  []StageOutcome{},
 		moduleContexts: &moduleContexts{ctxs: make(map[string]hookstage.ModuleContext)},
 		metricEngine:   me,
+		account:        &config.Account{Privacy: config.AccountPrivacy{}},
 	}
 }
 

diff --git a/hooks/hookexecution/executor_test.go b/hooks/hookexecution/executor_test.go
@@ -677,7 +677,7 @@ func TestExecuteRawAuctionStage(t *testing.T) {
 		t.Run(test.description, func(t *testing.T) {
 			exec := NewHookExecutor(test.givenPlanBuilder, EndpointAuction, &metricsConfig.NilMetricsEngine{})
 
-			privacyConfig := getTransmitUFPDActivityConfig("foo", false)
+			privacyConfig := getModuleActivities("foo", false, false)
 			ac := privacy.NewActivityControl(privacyConfig)
 			exec.SetActivityControl(ac)
 			exec.SetAccount(test.givenAccount)
@@ -902,7 +902,7 @@ func TestExecuteProcessedAuctionStage(t *testing.T) {
 		t.Run(test.description, func(ti *testing.T) {
 			exec := NewHookExecutor(test.givenPlanBuilder, EndpointAuction, &metricsConfig.NilMetricsEngine{})
 
-			privacyConfig := getTransmitUFPDActivityConfig("foo", false)
+			privacyConfig := getModuleActivities("foo", false, false)
 			ac := privacy.NewActivityControl(privacyConfig)
 			exec.SetActivityControl(ac)
 			exec.SetAccount(test.givenAccount)
@@ -1179,7 +1179,7 @@ func TestExecuteBidderRequestStage(t *testing.T) {
 	for _, test := range testCases {
 		t.Run(test.description, func(t *testing.T) {
 			exec := NewHookExecutor(test.givenPlanBuilder, EndpointAuction, &metricsConfig.NilMetricsEngine{})
-			privacyConfig := getTransmitUFPDActivityConfig("foo", false)
+			privacyConfig := getModuleActivities("foo", false, false)
 			ac := privacy.NewActivityControl(privacyConfig)
 			exec.SetActivityControl(ac)
 			exec.SetAccount(test.givenAccount)
@@ -1200,6 +1200,15 @@ func TestExecuteBidderRequestStage(t *testing.T) {
 	}
 }
 
+func getModuleActivities(componentName string, allowTransmitUserFPD, allowTransmitPreciseGeo bool) *config.AccountPrivacy {
+	return &config.AccountPrivacy{
+		AllowActivities: &config.AllowActivities{
+			TransmitUserFPD:    buildDefaultActivityConfig(componentName, allowTransmitUserFPD),
+			TransmitPreciseGeo: buildDefaultActivityConfig(componentName, allowTransmitPreciseGeo),
+		},
+	}
+}
+
 func getTransmitUFPDActivityConfig(componentName string, allow bool) *config.AccountPrivacy {
 	return &config.AccountPrivacy{
 		AllowActivities: &config.AllowActivities{
@@ -1208,6 +1217,14 @@ func getTransmitUFPDActivityConfig(componentName string, allow bool) *config.Acc
 	}
 }
 
+func getTransmitPreciseGeoActivityConfig(componentName string, allow bool) *config.AccountPrivacy {
+	return &config.AccountPrivacy{
+		AllowActivities: &config.AllowActivities{
+			TransmitPreciseGeo: buildDefaultActivityConfig(componentName, allow),
+		},
+	}
+}
+
 func buildDefaultActivityConfig(componentName string, allow bool) config.Activity {
 	return config.Activity{
 		Default: ptrutil.ToPtr(true),
@@ -1427,7 +1444,7 @@ func TestExecuteRawBidderResponseStage(t *testing.T) {
 		t.Run(test.description, func(ti *testing.T) {
 			exec := NewHookExecutor(test.givenPlanBuilder, EndpointAuction, &metricsConfig.NilMetricsEngine{})
 
-			privacyConfig := getTransmitUFPDActivityConfig("foo", false)
+			privacyConfig := getModuleActivities("foo", false, false)
 			ac := privacy.NewActivityControl(privacyConfig)
 			exec.SetActivityControl(ac)
 			exec.SetAccount(test.givenAccount)
@@ -1710,7 +1727,7 @@ func TestExecuteAllProcessedBidResponsesStage(t *testing.T) {
 		t.Run(test.description, func(t *testing.T) {
 			exec := NewHookExecutor(test.givenPlanBuilder, EndpointAuction, &metricsConfig.NilMetricsEngine{})
 
-			privacyConfig := getTransmitUFPDActivityConfig("foo", false)
+			privacyConfig := getModuleActivities("foo", false, false)
 			ac := privacy.NewActivityControl(privacyConfig)
 			exec.SetActivityControl(ac)
 			exec.SetAccount(test.givenAccount)
@@ -1963,7 +1980,7 @@ func TestExecuteAuctionResponseStage(t *testing.T) {
 		t.Run(test.description, func(t *testing.T) {
 			exec := NewHookExecutor(test.givenPlanBuilder, EndpointAuction, &metricsConfig.NilMetricsEngine{})
 
-			privacyConfig := getTransmitUFPDActivityConfig("foo", false)
+			privacyConfig := getModuleActivities("foo", false, false)
 			ac := privacy.NewActivityControl(privacyConfig)
 			exec.SetActivityControl(ac)
 			exec.SetAccount(test.givenAccount)