Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(cookie): ① Storage Inventory + storage_transparency-Finding

Browse Source 
Trennt echte Cookies von anderem Endgeraete-Speicher (Local/Session Storage,
IndexedDB, Salesforce-Framework-Artefakte) — § 25 TDDDG ist technologieneutral.
- cookie_storage_inventory: detect_storage_type (Name-Muster ComponentDefStorage/
  __MUTEX/LSKey + Laufzeit-Text) + build_storage_inventory + storage_transparency-
  Summenbefund ('X als Cookie gelistet -> Y echte + Z andere').
- Endpoint cookie-check liefert storage_inventory; Frontend zeigt den Breakdown.

Tests: 4 + Frontend-Vitest gruen. Differenzierungsmerkmal: '740 -> 132 + 608'.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-11 09:05:29 +02:00
parent 577ceae4e6
commit 289988d23e
5 changed files with 207 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend-compliance/compliance/tests/test_cookie_storage_inventory.py
+46
View File
@@ -0,0 +1,46 @@
"""Storage-Inventory: Cookie vs. anderer Endgeräte-Speicher (§25 TDDDG)."""
from __future__ import annotations
from compliance.services.cookie_storage_inventory import (
build_storage_inventory,
detect_storage_type,
storage_transparency_finding,
)
def test_framework_artifacts_not_cookies():
assert detect_storage_type("ComponentDefStorage__MUTEX_X") == "framework_storage"
assert detect_storage_type("GlobalValueProviders__MUTEX_Y") == "framework_storage"
assert detect_storage_type("LSKey-c$CookieConsentPolicy") == "framework_storage"
def test_duration_text_signals_local_storage():
assert detect_storage_type(
"x", "Wird solange gespeichert, bis es durch den Nutzer in seinem "
"Browser deaktiviert wird.") == "local_storage"
# echte Cookies bleiben cookie:
assert detect_storage_type("_ga", "2 Jahre") == "cookie"
assert detect_storage_type("sess", "Session") == "cookie"
def test_inventory_counts_and_transparency_finding():
vendors = [{"name": "Salesforce", "cookies": [
{"name": "ComponentDefStorage__MUTEX_X", "expiry": "bis Nutzer deaktiviert"},
{"name": "_ga", "expiry": "2 Jahre"},
{"name": "BrowserId1", "expiry": "1 Jahr"},
]}]
inv = build_storage_inventory(vendors)
assert inv["total"] == 3
assert inv["real_cookies"] == 2 # _ga + BrowserId1
assert inv["other_storage"] == 1 # das Framework-Artefakt
tf = storage_transparency_finding(inv)
assert tf and tf["type"] == "storage_transparency"
assert "§ 25" in tf["control"]["article"]
def test_no_finding_when_all_real_cookies():
inv = build_storage_inventory(
[{"name": "X", "cookies": [{"name": "_ga", "expiry": "2 Jahre"}]}])
assert inv["other_storage"] == 0
assert storage_transparency_finding(inv) is None