Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(consent-tester): 3 Edge-Cases — kein-Banner-konform, Geo-Caveat, Non-Cookie-Tracking

Browse Source 
#1/#2: Wenn KEIN Banner erkannt UND kein Tracking vor Consent (statische Seite
oder nur technisch notwendige Cookies, §25 Abs.2 TDDDG) → affirmativer LOW-Befund
"konform, kein Banner nötig" statt stillem "Banner fehlt". Inkl. Geo-Caveat
(Scan außerhalb EU sieht geo-getargetete Banner evtl. nicht).

#3: detect_non_cookie_tracking erkennt Pixel/Fingerprinting per Domain-Signatur
(Meta, TikTok, LinkedIn, Pinterest, Clarity, FingerprintJS, Hotjar, Reddit,
Snapchat) → MEDIUM-Befund "§25/Art.5(3) gilt auch ohne Cookies". '0 Cookies' ≠
'kein einwilligungspflichtiges Tracking'.

Verdrahtet in consent_scanner vor dem Return. Tests + py_compile grün.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-06-12 19:49:55 +02:00
parent d8a9e3049d
commit c2422138e6
3 changed files with 129 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
consent-tester/tests/test_cookieless_optout.py
+37 -1
View File
@@ -5,7 +5,11 @@ statt Consent-Banner (z.B. bayshore.ai). Standard-Opt-in-Checks duerfen dann
NICHT feuern (sonst False Positives).
"""
from services.banner_text_checker import is_cookieless_optout
from services.banner_text_checker import (
is_cookieless_optout,
detect_non_cookie_tracking,
build_no_banner_finding,
)
def test_bayshore_cookieless_optout_detected():
@@ -32,3 +36,35 @@ def test_signal_without_optout_word_is_not_detected():
def test_empty():
assert not is_cookieless_optout("")
# ── #3: Non-Cookie-Tracking-Erkennung ──────────────────────────────────
def test_detect_meta_pixel():
assert detect_non_cookie_tracking(
["https://connect.facebook.net/en_US/fbevents.js"]) == ["Meta-Pixel (Facebook)"]
def test_detect_clarity_and_fingerprint():
found = detect_non_cookie_tracking([
"https://www.clarity.ms/tag/abc", "https://cdn.fpjs.io/v3/x.js"])
assert "Microsoft Clarity" in found
assert "Fingerprinting (FingerprintJS)" in found
def test_detect_none_on_plain_scripts():
assert detect_non_cookie_tracking(
["https://example.com/app.js", "/static/main.css"]) == []
assert detect_non_cookie_tracking([]) == []
# ── #1/#2: Kein-Banner-affirmativ-Befund ───────────────────────────────
def test_no_banner_finding_is_low_and_compliant():
v = build_no_banner_finding(has_dse=True)
assert v.severity == "LOW"
assert "konform" in v.text.lower()
assert "geo-targeting" in v.text.lower() # Geo-Caveat enthalten
def test_no_banner_finding_flags_missing_dse():
v = build_no_banner_finding(has_dse=False)
assert "dse" in v.text.lower() or "datenschutzerkl" in v.text.lower()