feat(vvt): per-vendor extraction + opt-out check + VVT table in email (V1)
When a known CMP (ePaaS, OneTrust) renders the cookie policy, we now
extract structured vendor records, probe their opt-out + privacy URLs,
score each vendor (0-100), and append a 'VVT-Vorschlag' table to the
compliance email — one row per vendor, sortable by compliance score.
consent-tester:
- DSIDiscoveryResult.cmp_payloads: surfaces raw CMP JSON to callers
- DSIDiscoveryResponse: new cmp_payloads field
- discover_dsi_documents sets cmp_payloads from cmp_capture
- cmp_library/{epaas,onetrust}.py: new extract_vendors(d) returning
list[VendorRecord]
backend:
- _fetch_text() now returns (text, cmp_payloads) tuple
- doc_entries store cmp_payloads per doc (mostly cookie)
- _autodiscover_missing forwards homepage payloads to the cookie entry
- New module vendor_extractor.py: dispatches ePaaS/OneTrust/generic
schemas; dedupes vendors across multiple payloads
- cookie_link_validator.py extended with validate_vendor_urls(vendors)
and score_vendors(vendors) — 0-100 score per vendor based on name,
purpose, country, opt-out reachable, privacy URL reachable, cookies
with names + expiry
- agent_doc_check_extras.build_vvt_table_html: renders the table
- Route appends VVT HTML after the provider list, before the
document-by-document report
- Response JSON gains cmp_vendors for future frontend rendering
Example for BMW: ~30 ePaaS providers → table with Name | Kategorie |
Sitz | Cookies | Opt-Out (✓/✗) | Privacy (✓/✗) | Score. Sorted by
score ascending so the worst-compliant vendors are at the top.
This commit is contained in:
Benjamin Admin
@@ -67,3 +67,53 @@ def reconstruct(d: dict) -> str:
|
||||
parts.append(_clean(str(meta["persistencePurposeText"])))
|
||||
|
||||
return "\n".join(parts)
|
||||
|
||||
|
||||
def extract_vendors(d: dict) -> list[dict]:
|
||||
"""Return structured vendor records from ePaaS policy JSON.
|
||||
|
||||
Schema returned (per vendor):
|
||||
{name, country, purpose, category, opt_out_url, privacy_policy_url,
|
||||
persistence, cookies: [{name, purpose, expiry, is_third_party}]}
|
||||
"""
|
||||
out: list[dict] = []
|
||||
providers = d.get("providers", []) or []
|
||||
cookies_by_provider: dict[str, list[dict]] = {}
|
||||
|
||||
# ePaaS sometimes stores cookies in a separate 'cookies' array referenced
|
||||
# by providerId. If so, group them by provider.
|
||||
cookies_list = d.get("cookies", []) or []
|
||||
for c in cookies_list:
|
||||
pid = (c.get("providerId") or c.get("provider")
|
||||
or c.get("vendorId") or c.get("vendor") or "")
|
||||
if pid:
|
||||
cookies_by_provider.setdefault(str(pid), []).append({
|
||||
"name": c.get("name") or c.get("id") or "",
|
||||
"purpose": _clean(str(c.get("purpose") or c.get("description") or "")),
|
||||
"expiry": _clean(str(c.get("expiry") or c.get("retention")
|
||||
or c.get("persistence") or "")),
|
||||
"is_third_party": bool(c.get("isThirdParty")
|
||||
or c.get("third_party")),
|
||||
})
|
||||
|
||||
for p in providers:
|
||||
pid = str(p.get("id") or p.get("vendorId") or p.get("name") or "")
|
||||
cookies = (cookies_by_provider.get(pid, [])
|
||||
or [{"name": c.get("name", ""),
|
||||
"purpose": _clean(str(c.get("purpose", ""))),
|
||||
"expiry": _clean(str(c.get("expiry") or c.get("persistence") or "")),
|
||||
"is_third_party": True}
|
||||
for c in (p.get("cookies", []) or [])])
|
||||
out.append({
|
||||
"name": p.get("name") or pid or "",
|
||||
"country": (p.get("country") or "").strip(),
|
||||
"purpose": _clean(str(p.get("purpose") or "")),
|
||||
"category": (p.get("category") or "").strip(),
|
||||
"opt_out_url": (p.get("optOutUrl") or p.get("optoutUrl")
|
||||
or p.get("opt_out_url") or "").strip(),
|
||||
"privacy_policy_url": (p.get("policyUrl") or p.get("policy_url")
|
||||
or p.get("privacyPolicyUrl") or "").strip(),
|
||||
"persistence": _clean(str(p.get("persistencePurposeDescription") or "")),
|
||||
"cookies": cookies,
|
||||
})
|
||||
return out
|
||||
|
||||
Reference in New Issue
Block a user