Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(consent-tester): 4 weitere Edge-Cases — Consent-or-Pay, Consent Mode, CNAME-Cloaking, Returning-User

Browse Source 
#4 Consent-or-Pay (EDPB Opinion 08/2024): Banner-Text-Signatur (Pur-Abo/
   "zustimmen oder bezahlen" + Consent-Kontext) → MEDIUM-Befund "rechtlich
   umstritten, gesondert prüfen".
#5 Google Consent Mode v2: page.evaluate (dataLayer-consent-Events / inline
   gtag('consent')) → MEDIUM "ist KEINE gültige Einwilligung".
#6 CNAME-Cloaking: First-Party-Subdomains per socket.gethostbyname_ex auflösen,
   CNAME-Kette gegen bekannte Tracker-Infra (Eulerian/Adobe/Webtrekk/…) → HIGH
   "faktisch Drittanbieter trotz First-Party-Optik". Best-effort, kurze Timeouts.
#7 Returning-User: Scanner nutzt by-design frische Browser-Contexts → Hinweis im
   Kein-Banner-Befund (fehlendes Banner liegt nicht an erinnertem Consent).

Tests + py_compile grün.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-12 20:45:20 +02:00
parent 2b928dcb33
commit 11740bd2f9
3 changed files with 170 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
consent-tester/tests/test_cookieless_optout.py
+25
View File
@@ -9,6 +9,8 @@ from services.banner_text_checker import (
is_cookieless_optout,
detect_non_cookie_tracking,
build_no_banner_finding,
detect_consent_or_pay,
detect_cname_cloaking,
)
@@ -68,3 +70,26 @@ def test_no_banner_finding_is_low_and_compliant():
def test_no_banner_finding_flags_missing_dse():
v = build_no_banner_finding(has_dse=False)
assert "dse" in v.text.lower() or "datenschutzerkl" in v.text.lower()
# ── #4: Consent-or-Pay ─────────────────────────────────────────────────
def test_consent_or_pay_detected():
assert detect_consent_or_pay(
"akzeptieren oder pur-abo abschliessen. cookies & werbung") is True
def test_consent_or_pay_not_on_standard_banner():
assert not detect_consent_or_pay("alle akzeptieren ablehnen einstellungen cookies")
def test_consent_or_pay_needs_consent_context():
# 'Abo' ohne Consent-Kontext (z.B. normale Paywall) ist kein Consent-or-Pay.
assert not detect_consent_or_pay("jetzt abonnieren fuer 5 pro monat")
# ── #6: CNAME-Cloaking (nur DNS-freie Faelle) ──────────────────────────
def test_cname_cloaking_empty_and_no_subdomain():
assert detect_cname_cloaking([], "example.com") == []
assert detect_cname_cloaking(["https://example.com/app.js"], "") == []
# Script auf der Hauptdomain (keine Subdomain) → kein Lookup → []
assert detect_cname_cloaking(["https://example.com/app.js"], "example.com") == []