Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(consent+report): P56-P67 Mercedes-Audit-Cycle (Anti-Audit, Phase G Vendors, Cookie-Behavior-Validator + 5 Mail-Polish-Items) [migration-approved]
CI / detect-changes (push) Successful in 11s
Details
CI / branch-name (push) Has been skipped
Details
CI / nodejs-build (push) Successful in 2m19s
Details
CI / test-go (push) Has been skipped
Details
CI / test-python-document-crawler (push) Has been skipped
Details
CI / test-python-dsms-gateway (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / secret-scan (push) Has been skipped
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / validate-canonical-controls (push) Successful in 16s
Details
CI / loc-budget (push) Failing after 15s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / iace-gt-coverage (push) Has been skipped
Details
CI / test-python-backend (push) Successful in 37s
Details

Browse Source 
P56  Anti-Auditing-Detection als constructive Compliance-Finding (Audit-API-
     Empfehlung statt Anklage, weil Mercedes berechtigt Bots blockiert)
P57  Phase G vendor_details Union mit cmp_vendors -> 42 Anbieter sichtbar
P58  Anti-Audit-Detection robuster (Script-Domain-Check + Settings-spezifisch)
P59  Cookie-Behavior-Validator (4 Layer, 3-Tier-Severity: MEDIUM=Kategorie-
     Mismatch / HIGH=Zweck-Mismatch / CRITICAL=beide=Vorsatz-Indiz)
     + Open Cookie Database (CC0) als Library-Seed (2264 Cookies)
P59b Cookie-Behavior in Banner-Check verdrahtet + Mail-Block (BUGFIX:
     SessionLocal selbst oeffnen, db war im Background-Task nicht im Scope)

Mail-Polish nach Mercedes-Review:
P63  Banner-Footer-Links auch im wb7-link/role=link erkennen (Shadow-DOM-
     Walker label-based statt nur <a href>)
P64  Re-Access-Severity: MEDIUM statt HIGH, wenn Footer "Einstellungen" oder
     Mercedes-typisch existiert; OEM-Footer-Detection (wb7-footer)
P65  Text-Truncation: Word-Boundary statt Zeichen-Cut (kein "einfa"-Bruch
     mehr in Sofortmassnahmen)
P66  GF-Aktionen: Service-Zweck vs Cookie-Zweck explizit erklaert
     (haeufige Verwechslung Marketing/GF: "Akamai-Beschreibung" != Cookie-
     Zweck pro DSK-OH 2024)
P67  Stirring-Finding mit "Verlust-Framing"-Erklaerung + Alt-vs-Neutral-
     Beispiel, statt nur EDPB-Fachbegriff

Compliance-Advisor FAQ (admin agent-core/soul):
  + CNIL/EDPB Top-Bussgelder (Google 100M, Meta 60M, Amazon 35M)
  + Deutsche Praezedenz (LG Muenchen Google Fonts, EuGH Planet49, BGH I ZR 7/16)
  + 4 Risiko-Pfade (Bussgeld/Abmahnung/Sammelklage/NOYB) + Berechnungs-Methodik

Document-Generator Templates: AGB-DE (142), Impressum (140), Widerrufs-
formular-Anlage (143), DSR-Process-Dedup (139), Cookie-Library (144).

Architektur: doc_action_mappings.py + banner_dom_walkers.py +
cookie_behavior_validator.py + vendor_detail_extractor.py rausgezogen,
um die 500-LOC-Caps in agent_doc_check_report.py und
banner_text_checker.py einzuhalten.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-05-21 06:28:25 +02:00
parent badb356740
commit 57c0f940a2
38 changed files with 3656 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend-compliance/compliance/services/vendor_extractor.py
+26 -6
View File
@@ -236,27 +236,47 @@ def _extract_cookiebot(d: dict) -> list[dict]:
# ── Usercentrics ────────────────────────────────────────────────────
def _extract_usercentrics(d: dict) -> list[dict]:
"""Usercentrics 'services' / 'dataProcessingServices' shape."""
"""Usercentrics shape — legacy 'services' and modern 'consentTemplates'.
P49: modern Usercentrics-Settings (e.g. Mercedes 2026) keep vendors
in `consentTemplates[]` with name inside `_meta.name` and category
in `categorySlug`. Legacy format used `services[]` / `dataProcessingServices[]`
with name as direct field.
"""
out: list[dict] = []
services = (d.get("services") or d.get("dataProcessingServices")
or (d.get("settings") or {}).get("services") or [])
# P49: fall through to consentTemplates if legacy keys are empty.
# Filter out hidden/deactivated entries (UC backend toggles).
if not services:
services = [t for t in d.get("consentTemplates") or []
if not t.get("isHidden") and not t.get("isDeactivated")]
for s in services:
name = s.get("name") or s.get("dataProcessor") or ""
name = (s.get("name") or s.get("dataProcessor")
or (s.get("_meta") or {}).get("name") or "")
name = name.strip()
if not name:
continue
max_age = s.get("cookieMaxAgeSeconds")
persistence = ""
if isinstance(max_age, int) and max_age > 0:
persistence = f"{max_age // 86400} Tage"
# P49: modern format stores company / urls in _meta
meta = s.get("_meta") or {}
out.append({
"name": name,
"country": (s.get("processingCompanyCountry")
or s.get("country") or "").strip(),
"purpose": _clean(s.get("dataPurpose") or s.get("description")),
"category": (s.get("categorySlug") or s.get("category") or "").strip(),
"opt_out_url": (s.get("optOutUrl") or "").strip(),
or s.get("country")
or meta.get("country") or "").strip(),
"purpose": _clean(s.get("dataPurpose") or s.get("description")
or meta.get("description") or ""),
"category": (s.get("categorySlug") or s.get("category")
or meta.get("categorySlug") or "").strip(),
"opt_out_url": (s.get("optOutUrl")
or meta.get("optOutUrl") or "").strip(),
"privacy_policy_url": (s.get("policyOfProcessorUrl")
or s.get("urls", {}).get("privacyPolicy", "")
or meta.get("policyOfProcessorUrl")
or "").strip(),
"persistence": persistence or _clean(s.get("retentionPeriodDescription")),
"cookies": [],