feat(consent+report): P56-P67 Mercedes-Audit-Cycle (Anti-Audit, Phase G Vendors, Cookie-Behavior-Validator + 5 Mail-Polish-Items) [migration-approved]
CI / detect-changes (push) Successful in 11s
CI / branch-name (push) Has been skipped
CI / nodejs-build (push) Successful in 2m19s
CI / test-go (push) Has been skipped
CI / test-python-document-crawler (push) Has been skipped
CI / test-python-dsms-gateway (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / secret-scan (push) Has been skipped
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / validate-canonical-controls (push) Successful in 16s
CI / loc-budget (push) Failing after 15s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / iace-gt-coverage (push) Has been skipped
CI / test-python-backend (push) Successful in 37s
CI / detect-changes (push) Successful in 11s
CI / branch-name (push) Has been skipped
CI / nodejs-build (push) Successful in 2m19s
CI / test-go (push) Has been skipped
CI / test-python-document-crawler (push) Has been skipped
CI / test-python-dsms-gateway (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / secret-scan (push) Has been skipped
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / validate-canonical-controls (push) Successful in 16s
CI / loc-budget (push) Failing after 15s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / iace-gt-coverage (push) Has been skipped
CI / test-python-backend (push) Successful in 37s
P56 Anti-Auditing-Detection als constructive Compliance-Finding (Audit-API-
Empfehlung statt Anklage, weil Mercedes berechtigt Bots blockiert)
P57 Phase G vendor_details Union mit cmp_vendors -> 42 Anbieter sichtbar
P58 Anti-Audit-Detection robuster (Script-Domain-Check + Settings-spezifisch)
P59 Cookie-Behavior-Validator (4 Layer, 3-Tier-Severity: MEDIUM=Kategorie-
Mismatch / HIGH=Zweck-Mismatch / CRITICAL=beide=Vorsatz-Indiz)
+ Open Cookie Database (CC0) als Library-Seed (2264 Cookies)
P59b Cookie-Behavior in Banner-Check verdrahtet + Mail-Block (BUGFIX:
SessionLocal selbst oeffnen, db war im Background-Task nicht im Scope)
Mail-Polish nach Mercedes-Review:
P63 Banner-Footer-Links auch im wb7-link/role=link erkennen (Shadow-DOM-
Walker label-based statt nur <a href>)
P64 Re-Access-Severity: MEDIUM statt HIGH, wenn Footer "Einstellungen" oder
Mercedes-typisch existiert; OEM-Footer-Detection (wb7-footer)
P65 Text-Truncation: Word-Boundary statt Zeichen-Cut (kein "einfa"-Bruch
mehr in Sofortmassnahmen)
P66 GF-Aktionen: Service-Zweck vs Cookie-Zweck explizit erklaert
(haeufige Verwechslung Marketing/GF: "Akamai-Beschreibung" != Cookie-
Zweck pro DSK-OH 2024)
P67 Stirring-Finding mit "Verlust-Framing"-Erklaerung + Alt-vs-Neutral-
Beispiel, statt nur EDPB-Fachbegriff
Compliance-Advisor FAQ (admin agent-core/soul):
+ CNIL/EDPB Top-Bussgelder (Google 100M, Meta 60M, Amazon 35M)
+ Deutsche Praezedenz (LG Muenchen Google Fonts, EuGH Planet49, BGH I ZR 7/16)
+ 4 Risiko-Pfade (Bussgeld/Abmahnung/Sammelklage/NOYB) + Berechnungs-Methodik
Document-Generator Templates: AGB-DE (142), Impressum (140), Widerrufs-
formular-Anlage (143), DSR-Process-Dedup (139), Cookie-Library (144).
Architektur: doc_action_mappings.py + banner_dom_walkers.py +
cookie_behavior_validator.py + vendor_detail_extractor.py rausgezogen,
um die 500-LOC-Caps in agent_doc_check_report.py und
banner_text_checker.py einzuhalten.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
@@ -283,6 +283,50 @@ def build_vvt_table_html(vendors: list[dict]) -> str:
|
||||
summary_parts.append("— alle ueber 50%")
|
||||
summary = " ".join(summary_parts)
|
||||
|
||||
# P60: Wenn viele Vendors die GLEICHEN Flag-Sets haben, einmal
|
||||
# global hinweisen statt 42x pro Vendor wiederholen.
|
||||
from collections import Counter
|
||||
flag_sets = Counter()
|
||||
for v in vendors:
|
||||
flags = v.get("compliance_flags") or []
|
||||
if flags:
|
||||
flag_sets[tuple(sorted(flags))] += 1
|
||||
pattern_notice = ""
|
||||
if flag_sets:
|
||||
most_common, n_match = flag_sets.most_common(1)[0]
|
||||
share = n_match / max(1, len(vendors))
|
||||
if n_match >= 8 and share >= 0.5:
|
||||
from compliance.services.finding_action_recipes import recipe_for
|
||||
labels = [_flag_short(f) for f in most_common]
|
||||
shared_actions = []
|
||||
for f in most_common:
|
||||
rec = recipe_for(f)
|
||||
if rec:
|
||||
shared_actions.append(
|
||||
f'<li><strong>{_flag_short(f)}:</strong> '
|
||||
f'{rec.get("fix_text", "").splitlines()[0][:180]}</li>'
|
||||
)
|
||||
pattern_notice = (
|
||||
f'<div style="margin:8px 0 12px;padding:10px 14px;'
|
||||
f'background:#fef3c7;border-left:3px solid #d97706;'
|
||||
f'border-radius:4px;font-size:11px;color:#92400e">'
|
||||
f'<strong>Wiederkehrendes Muster ({n_match} von {len(vendors)} '
|
||||
f'Anbietern, {int(share*100)}%):</strong> '
|
||||
f'Bei diesen Anbietern fehlen jeweils: '
|
||||
f'<em>{", ".join(labels)}</em>. '
|
||||
f'Vermutlich systembedingt (z.B. Settings-Export liefert '
|
||||
f'nur Namen, oder Banner-API blockiert Detail-Extraktion). '
|
||||
f'Die globalen Empfehlungen unten gelten fuer all diese Eintraege; '
|
||||
f'in der Tabelle werden sie nicht pro Zeile wiederholt.'
|
||||
+ (f'<ul style="margin:8px 0 0 0;padding-left:20px">{"".join(shared_actions)}</ul>'
|
||||
if shared_actions else '')
|
||||
+ '</div>'
|
||||
)
|
||||
# Mark vendors so _render_vendor_row can suppress redundant actions
|
||||
for v in vendors:
|
||||
if tuple(sorted(v.get("compliance_flags") or [])) == most_common:
|
||||
v["_actions_in_global_notice"] = True
|
||||
|
||||
out: list[str] = [
|
||||
'<div style="font-family:-apple-system,BlinkMacSystemFont,sans-serif;'
|
||||
'max-width:760px;margin:0 auto 16px;padding:12px 16px;'
|
||||
@@ -296,6 +340,7 @@ def build_vvt_table_html(vendors: list[dict]) -> str:
|
||||
'Verarbeitungen (INTERNAL/GROUP) werden Opt-Out und Privacy-Link '
|
||||
'NICHT als Pflicht gewertet — der Widerruf erfolgt ueber das '
|
||||
'Cookie-Banner, Privacy ist in der Haupt-DSI dokumentiert.</p>',
|
||||
pattern_notice,
|
||||
]
|
||||
|
||||
for rtype, section_label in RECIPIENT_TYPE_SECTIONS:
|
||||
@@ -389,7 +434,9 @@ def _render_vendor_row_full(v: dict) -> str:
|
||||
|
||||
# Inline-Aktions-Anweisungen pro Flag
|
||||
actions_html = ""
|
||||
if flags:
|
||||
# P60: skip per-row actions when already covered by global pattern notice
|
||||
skip_actions = bool(v.get("_actions_in_global_notice"))
|
||||
if flags and not skip_actions:
|
||||
from compliance.services.finding_action_recipes import recipe_for
|
||||
action_items = []
|
||||
for f in flags:
|
||||
|
||||
Reference in New Issue
Block a user