Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(consent+report): P56-P67 Mercedes-Audit-Cycle (Anti-Audit, Phase G Vendors, Cookie-Behavior-Validator + 5 Mail-Polish-Items) [migration-approved]
CI / detect-changes (push) Successful in 11s
Details
CI / branch-name (push) Has been skipped
Details
CI / nodejs-build (push) Successful in 2m19s
Details
CI / test-go (push) Has been skipped
Details
CI / test-python-document-crawler (push) Has been skipped
Details
CI / test-python-dsms-gateway (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / secret-scan (push) Has been skipped
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / validate-canonical-controls (push) Successful in 16s
Details
CI / loc-budget (push) Failing after 15s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / iace-gt-coverage (push) Has been skipped
Details
CI / test-python-backend (push) Successful in 37s
Details

Browse Source 
P56  Anti-Auditing-Detection als constructive Compliance-Finding (Audit-API-
     Empfehlung statt Anklage, weil Mercedes berechtigt Bots blockiert)
P57  Phase G vendor_details Union mit cmp_vendors -> 42 Anbieter sichtbar
P58  Anti-Audit-Detection robuster (Script-Domain-Check + Settings-spezifisch)
P59  Cookie-Behavior-Validator (4 Layer, 3-Tier-Severity: MEDIUM=Kategorie-
     Mismatch / HIGH=Zweck-Mismatch / CRITICAL=beide=Vorsatz-Indiz)
     + Open Cookie Database (CC0) als Library-Seed (2264 Cookies)
P59b Cookie-Behavior in Banner-Check verdrahtet + Mail-Block (BUGFIX:
     SessionLocal selbst oeffnen, db war im Background-Task nicht im Scope)

Mail-Polish nach Mercedes-Review:
P63  Banner-Footer-Links auch im wb7-link/role=link erkennen (Shadow-DOM-
     Walker label-based statt nur <a href>)
P64  Re-Access-Severity: MEDIUM statt HIGH, wenn Footer "Einstellungen" oder
     Mercedes-typisch existiert; OEM-Footer-Detection (wb7-footer)
P65  Text-Truncation: Word-Boundary statt Zeichen-Cut (kein "einfa"-Bruch
     mehr in Sofortmassnahmen)
P66  GF-Aktionen: Service-Zweck vs Cookie-Zweck explizit erklaert
     (haeufige Verwechslung Marketing/GF: "Akamai-Beschreibung" != Cookie-
     Zweck pro DSK-OH 2024)
P67  Stirring-Finding mit "Verlust-Framing"-Erklaerung + Alt-vs-Neutral-
     Beispiel, statt nur EDPB-Fachbegriff

Compliance-Advisor FAQ (admin agent-core/soul):
  + CNIL/EDPB Top-Bussgelder (Google 100M, Meta 60M, Amazon 35M)
  + Deutsche Praezedenz (LG Muenchen Google Fonts, EuGH Planet49, BGH I ZR 7/16)
  + 4 Risiko-Pfade (Bussgeld/Abmahnung/Sammelklage/NOYB) + Berechnungs-Methodik

Document-Generator Templates: AGB-DE (142), Impressum (140), Widerrufs-
formular-Anlage (143), DSR-Process-Dedup (139), Cookie-Library (144).

Architektur: doc_action_mappings.py + banner_dom_walkers.py +
cookie_behavior_validator.py + vendor_detail_extractor.py rausgezogen,
um die 500-LOC-Caps in agent_doc_check_report.py und
banner_text_checker.py einzuhalten.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-05-21 06:28:25 +02:00
parent badb356740
commit 57c0f940a2
38 changed files with 3656 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files
consent-tester/services/consent_scanner.py
+231 -14
View File
@@ -6,6 +6,7 @@ Phase B: After rejecting consent
Phase C: After accepting consent
"""
import asyncio
import logging
from dataclasses import dataclass, field
@@ -67,6 +68,15 @@ class ConsentTestResult:
deep_verification: dict = field(default_factory=dict)
# TCF vendors (resolved via GVL after accept phase)
tcf_vendors: list = field(default_factory=list)
# P48: CMP-Payloads captured during all phases (Usercentrics, OneTrust, etc.)
# — passed to backend for deterministic vendor extraction.
cmp_payloads: list = field(default_factory=list)
# P50: per-vendor detail-modal-extracts (description, opt-out, cookies etc.)
vendor_details: list = field(default_factory=list)
# P59b: full cookie details per phase (name, value, domain, expires)
# for behavior-validation in backend. Implicit declared_category:
# before/reject phase = essential (site claims), accept = any.
cookies_detailed: list = field(default_factory=list)
async def run_consent_test(
@@ -83,6 +93,13 @@ async def run_consent_test(
wait_ms = wait_secs * 1000
filter_cats = categories or []
# P48: Init CMP-Capture early so it attaches to every page/context.
# CMP JSON-Endpoints (Usercentrics, OneTrust, Cookiebot, ePaaS) are
# fetched once per page load — capture them across all 3 phases so
# the backend can do deterministic vendor extraction without LLM.
from services.cmp_extractor import CMPCapture
cmp_capture = CMPCapture()
async with async_playwright() as p:
browser = await p.chromium.launch(
headless=True,
@@ -91,6 +108,14 @@ async def run_consent_test(
"--disable-dev-shm-usage",
"--disable-blink-features=AutomationControlled",
"--window-size=1920,1080",
# P50c: Mercedes/Akamai Bot Manager crashed renderer
# without these (limits memory pressure + GPU init):
"--disable-gpu",
"--disable-software-rasterizer",
"--disable-background-timer-throttling",
"--disable-renderer-backgrounding",
"--disable-backgrounding-occluded-windows",
"--js-flags=--max-old-space-size=2048",
],
)
@@ -107,10 +132,28 @@ async def run_consent_test(
await page_a.add_init_script(_INTERCEPTOR_INIT)
if HAS_STEALTH:
await stealth_async(page_a)
cmp_capture.attach(page_a) # P48
scripts_a = []
page_a.on("request", lambda req: _collect_script(req, scripts_a))
await page_a.goto(url, wait_until="networkidle", timeout=30000)
# P50c: Mercedes/Akamai SPA never reaches networkidle.
# Use domcontentloaded + short JS-wait + retry on crash.
for _attempt in range(2):
try:
await page_a.goto(url, wait_until="domcontentloaded", timeout=20000)
await page_a.wait_for_timeout(3500)
break
except Exception as _e:
err = str(_e)[:120]
logger.warning("Phase A goto attempt %d failed: %s", _attempt + 1, err)
if "crashed" in err.lower() and _attempt == 0:
await page_a.wait_for_timeout(2000)
continue
try:
await page_a.goto(url, wait_until="load", timeout=20000)
except Exception:
pass
break
await page_a.wait_for_timeout(wait_ms)
# Deep verification: Phase A
@@ -127,7 +170,18 @@ async def run_consent_test(
logger.warning("Phase A deep verification failed: %s", exc)
result.before_scripts = _get_page_scripts(scripts_a)
result.before_cookies = _get_cookie_names(await ctx_a.cookies())
_cookies_a = await ctx_a.cookies()
result.before_cookies = _get_cookie_names(_cookies_a)
# P59b: capture full details — phase = "before" = implicit essential-claim
for ck in _cookies_a:
result.cookies_detailed.append({
"name": ck.get("name", ""),
"value": (ck.get("value") or "")[:200],
"domain": ck.get("domain", ""),
"expires": ck.get("expires"),
"phase": "before",
"declared_category": "essential",
})
result.before_tracking = find_tracking_services(result.before_scripts)
result.before_violations = find_violations_before_consent(result.before_scripts)
@@ -162,10 +216,15 @@ async def run_consent_test(
await page_b.add_init_script(_INTERCEPTOR_INIT)
if HAS_STEALTH:
await stealth_async(page_b)
cmp_capture.attach(page_b) # P48
scripts_b = []
page_b.on("request", lambda req: _collect_script(req, scripts_b))
await page_b.goto(url, wait_until="networkidle", timeout=30000)
try:
await page_b.goto(url, wait_until="domcontentloaded", timeout=20000)
except Exception as _e:
logger.warning("networkidle timeout, fallback to load: %s", str(_e)[:80])
await page_b.goto(url, wait_until="load", timeout=30000)
await page_b.wait_for_timeout(3000)
clicked = await click_button(page_b, banner.reject_selector)
@@ -189,7 +248,21 @@ async def run_consent_test(
logger.warning("Phase B deep verification failed: %s", exc)
result.reject_scripts = _get_page_scripts(scripts_b)
result.reject_cookies = _get_cookie_names(await ctx_b.cookies())
_cookies_b = await ctx_b.cookies()
result.reject_cookies = _get_cookie_names(_cookies_b)
# P59b: after-Reject = site claims these are essential
_before_names = {c.get("name", "") for c in _cookies_a}
for ck in _cookies_b:
if ck.get("name", "") in _before_names:
continue # already captured in 'before'
result.cookies_detailed.append({
"name": ck.get("name", ""),
"value": (ck.get("value") or "")[:200],
"domain": ck.get("domain", ""),
"expires": ck.get("expires"),
"phase": "reject",
"declared_category": "essential",
})
reject_tracking = find_tracking_services(result.reject_scripts)
result.reject_new_tracking = [t for t in reject_tracking if t not in result.before_tracking]
result.reject_violations = find_violations_after_reject(
@@ -210,10 +283,15 @@ async def run_consent_test(
await page_c.add_init_script(_INTERCEPTOR_INIT)
if HAS_STEALTH:
await stealth_async(page_c)
cmp_capture.attach(page_c) # P48
scripts_c = []
page_c.on("request", lambda req: _collect_script(req, scripts_c))
await page_c.goto(url, wait_until="networkidle", timeout=30000)
try:
await page_c.goto(url, wait_until="domcontentloaded", timeout=20000)
except Exception as _e:
logger.warning("networkidle timeout, fallback to load: %s", str(_e)[:80])
await page_c.goto(url, wait_until="load", timeout=30000)
await page_c.wait_for_timeout(3000)
clicked = await click_button(page_c, banner.accept_selector)
@@ -237,7 +315,21 @@ async def run_consent_test(
logger.warning("Phase C deep verification failed: %s", exc)
result.accept_scripts = _get_page_scripts(scripts_c)
result.accept_cookies = _get_cookie_names(await ctx_c.cookies())
_cookies_c = await ctx_c.cookies()
result.accept_cookies = _get_cookie_names(_cookies_c)
# P59b: post-Accept new cookies — declared "any" (consent given)
_seen_names = {c["name"] for c in result.cookies_detailed}
for ck in _cookies_c:
if ck.get("name", "") in _seen_names:
continue
result.cookies_detailed.append({
"name": ck.get("name", ""),
"value": (ck.get("value") or "")[:200],
"domain": ck.get("domain", ""),
"expires": ck.get("expires"),
"phase": "accept",
"declared_category": "", # unclear what category — consent given
})
accept_tracking = find_tracking_services(result.accept_scripts)
result.accept_new_tracking = [t for t in accept_tracking if t not in result.before_tracking]
@@ -263,7 +355,11 @@ async def run_consent_test(
page_cat = await ctx_cat.new_page()
if HAS_STEALTH:
await stealth_async(page_cat)
await page_cat.goto(url, wait_until="networkidle", timeout=20000)
try:
await page_cat.goto(url, wait_until="domcontentloaded", timeout=15000)
except Exception as _e:
logger.warning("networkidle timeout, fallback to load: %s", str(_e)[:80])
await page_cat.goto(url, wait_until="load", timeout=20000)
await page_cat.wait_for_timeout(2000)
detected_cats = await detect_categories(page_cat, banner)
@@ -280,17 +376,42 @@ async def run_consent_test(
)
if detected_cats:
logger.info("Testing %d categories individually", len(detected_cats))
for cat in detected_cats:
# P26: per-category 25s + phase budget 150s. Mercedes
# has 9 categories which would block the /scan well
# beyond the caller's 240s timeout. Skip rather than
# block — banner_quality + cmp_payloads matter more
# than per-cat detail.
import time # asyncio already imported at top (P50c)
phase_deadline = time.monotonic() + 90.0
# Dedup by name (some sites detect same cat 3x via
# shadow-DOM walk; testing each is wasteful)
seen_names: set[str] = set()
unique_cats = [c for c in detected_cats
if not (c.name in seen_names or seen_names.add(c.name))]
logger.info("Testing %d unique categories (budget=90s, per-cat=15s)",
len(unique_cats))
for cat in unique_cats:
if time.monotonic() >= phase_deadline:
logger.warning("Category phase budget exhausted, "
"skipping remaining %d categories",
len(unique_cats) - len(result.category_tests))
break
cat_ctx = await browser.new_context(
user_agent=USER_AGENT,
viewport={"width": 1920, "height": 1080},
locale="de-DE",
timezone_id="Europe/Berlin",
)
cat_result = await test_single_category(cat_ctx, url, cat, banner, wait_ms)
result.category_tests.append(cat_result)
await cat_ctx.close()
try:
cat_result = await asyncio.wait_for(
test_single_category(cat_ctx, url, cat, banner, wait_ms),
timeout=15.0,
)
result.category_tests.append(cat_result)
except asyncio.TimeoutError:
logger.warning("Category '%s' timed out after 15s, skipping", cat.name)
finally:
await cat_ctx.close()
else:
logger.info("No categories detected — skipping per-category tests")
@@ -298,15 +419,111 @@ async def run_consent_test(
except Exception as cat_err:
logger.warning("Category tests failed (non-blocking): %s", cat_err)
# ── P56: Anti-Auditing-Detection (vor Phase G) ─────────
# Marker erfassen → bei aktivem Bot-Block Phase G überspringen
# (TDM-Respekt) UND HIGH-Finding für Transparenz-Verstoss.
try:
from services.vendor_detail_extractor import _detect_anti_audit
anti = await _detect_anti_audit(page_c)
if anti.get("bot_protection"):
result.banner_text_violations.append(Violation(
service="Cookie-Banner",
severity="LOW",
text=f"Hinweis: {anti['bot_protection']} ist aktiv und blockiert "
f"automatisierte Compliance-Audits. Fuer Endnutzer voll "
f"funktional. Empfehlung: Audit-API bereitstellen damit "
f"unabhaengige Pruefer (Aufsichtsbehoerden, DSB) maschinen"
f"lesbar verifizieren koennen — staerkt Vertrauen ohne "
f"Bot-Schutz zu reduzieren.",
legal_ref="Rechenschaftspflicht Art. 5(2) DSGVO, "
"Transparenz-Empfehlung DSK-OH 2024",
))
if anti.get("user_select_none"):
result.banner_text_violations.append(Violation(
service="Cookie-Banner",
severity="MEDIUM",
text="Banner-Settings-Oberflaeche nicht per Maus kopierbar "
"(CSS user-select:none). Endnutzer koennen sich Cookie-Listen "
"+ Anbieter nicht einfach archivieren. Info-Modals pro Vendor "
"sind hingegen kopierbar — bitte gleiches Verhalten auch "
"auf der Uebersichtsseite ermoeglichen.",
legal_ref="Art. 12(1) DSGVO (transparente Information), "
"DSK-OH Telemedien 2024 (Informations-Festhalten)",
))
if anti.get("tdm_meta"):
logger.info("Anti-Audit: TDM opt-out meta-tag detected: %s",
anti["tdm_meta"])
except Exception as e:
logger.debug("Anti-Audit detection skipped: %s", e)
# ── Phase G: Per-Vendor Detail-Extraction (P50) ─────────
# After Accept, re-open banner and click each Info-button
# to capture detail-modal text. Detail-XHRs also captured
# by CMPCapture (still attached). Runs only if Banner was
# detected and an accept_text is known.
if result.banner_detected and banner is not None:
try:
from services.vendor_detail_extractor import (
extract_vendor_details,
)
accept_sel = banner.accept_selector or None
logger.info("Phase G: starting vendor-detail-extract (max 50 vendors)")
vd = await asyncio.wait_for(
extract_vendor_details(
browser, url,
accept_selector=accept_sel,
max_vendors=50,
),
timeout=600.0, # 10min hard cap
)
# Serialise dataclasses to plain dicts for JSON-Response
for v in vd:
result.vendor_details.append({
"name": v.name,
"description": v.description,
"processing_company": v.processing_company,
"address": v.address,
"purposes": v.purposes,
"technologies": v.technologies,
"cookies": v.cookies,
"retention": v.retention,
"opt_out_url": v.opt_out_url,
"privacy_url": v.privacy_url,
"raw_text": v.raw_text,
})
logger.info("Phase G complete: %d vendor-details captured",
len(result.vendor_details))
except asyncio.TimeoutError:
logger.warning("Phase G: hard timeout reached (10min)")
except Exception as vd_err:
logger.warning("Phase G failed (non-blocking): %s", vd_err)
except Exception as e:
logger.error("Consent test failed: %s", e)
finally:
await browser.close()
# P48: collect CMP-payloads captured during all phases. CMPCapture
# stores them as tuples (cmp_name, data). Convert to dicts that
# match the format used by /dsi-discovery so backend can process
# them with extract_vendors_from_payloads(). Dedup by-data not
# by-URL since CMPCapture doesn't store the URL.
seen_keys: set[str] = set()
for cmp_name, data in cmp_capture.payloads:
# Dedup key: cmp_name + length-of-data + first few JSON keys
try:
sig = f"{cmp_name}:{len(str(data))}:{','.join(sorted(list(data.keys())[:5]) if isinstance(data, dict) else [])}"
except Exception:
sig = f"{cmp_name}:{id(data)}"
if sig in seen_keys:
continue
seen_keys.add(sig)
result.cmp_payloads.append({"kind": cmp_name, "data": data})
logger.info(
"Consent test complete: banner=%s, violations_before=%d, violations_reject=%d, categories=%d",
"Consent test complete: banner=%s, violations_before=%d, violations_reject=%d, categories=%d, cmp_payloads=%d",
result.banner_provider, len(result.before_violations), len(result.reject_violations),
len(result.category_tests),
len(result.category_tests), len(result.cmp_payloads),
)
return result