fix: 4 bugs from IHK Konstanz scan validation

1. DSE-Matcher: Google/YouTube false match — now requires 2+ word match for provider-name fallback, not just "Google" matching YouTube section 2. AGB/Widerrufsbelehrung: only_ecommerce flag — skips for non-shop websites (detected via payment providers, cart keywords) 3. DSE-internal link following — scanner now discovers links WITHIN the privacy policy and scans those too (finds regional DSE sub-pages) 4. Expanded keyword synonyms for DSE mandatory checks: - "Zweck und Rechtsgrundlage" now matches "zwecke" - "behoerdlichen datenschutzbeauftragt" matches DSB - "aufsichtsbehörde" with umlaut matches Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-29 17:57:19 +02:00
parent 0f3ba9c207
commit fff47cc52e
3 changed files with 70 additions and 7 deletions
@@ -51,6 +51,7 @@ MANDATORY_DOCUMENTS = [
        "legal_ref": "§305 BGB (bei Vertragsschluss)",
        "patterns": [r"agb", r"nutzungsbedingung", r"terms"],
        "severity": "MEDIUM",
+        "only_ecommerce": True,  # Nur bei Shops/Buchungsseiten
    },
    {
        "id": "widerruf",
@@ -58,6 +59,7 @@ MANDATORY_DOCUMENTS = [
        "legal_ref": "§355 BGB, Art. 246a §1 EGBGB (nur Fernabsatz)",
        "patterns": [r"widerruf", r"cancellation.?policy", r"right.?of.?withdrawal"],
        "severity": "MEDIUM",
+        "only_ecommerce": True,  # Nur bei Fernabsatzvertraegen
    },
 ]

@@ -78,21 +80,27 @@ MANDATORY_DSE_CONTENT = [
        "id": "dsb_kontakt",
        "name": "Kontaktdaten des Datenschutzbeauftragten",
        "legal_ref": "Art. 13 Abs. 1 lit. b DSGVO",
-        "keywords": ["datenschutzbeauftragt", "data protection officer", "dsb", "dpo"],
+        "keywords": ["datenschutzbeauftragt", "data protection officer", "dsb", "dpo",
+                      "behördlichen datenschutz", "behoerdlichen datenschutz",
+                      "datenschutz@", "datenschutzbeauftragter"],
        "severity": "HIGH",
    },
    {
        "id": "zwecke",
        "name": "Zwecke der Datenverarbeitung",
        "legal_ref": "Art. 13 Abs. 1 lit. c DSGVO",
-        "keywords": ["zweck", "purpose", "verarbeitungszweck"],
+        "keywords": ["zweck", "purpose", "verarbeitungszweck", "verarbeitungszwecke",
+                      "wozu", "wofuer", "zu welchem zweck", "nutzungszweck",
+                      "zweck und rechtsgrundlage", "zwecke der verarbeitung"],
        "severity": "HIGH",
    },
    {
        "id": "rechtsgrundlage",
        "name": "Rechtsgrundlagen der Verarbeitung",
        "legal_ref": "Art. 13 Abs. 1 lit. c DSGVO",
-        "keywords": ["rechtsgrundlage", "legal basis", "art. 6", "art.6"],
+        "keywords": ["rechtsgrundlage", "legal basis", "art. 6", "art.6",
+                      "berechtigtes interesse", "einwilligung", "vertragserfuellung",
+                      "vertragserfüllung", "rechtliche verpflichtung"],
        "severity": "HIGH",
    },
    {
@@ -116,8 +124,9 @@ MANDATORY_DSE_CONTENT = [
        "id": "beschwerderecht",
        "name": "Beschwerderecht bei Aufsichtsbehoerde",
        "legal_ref": "Art. 13 Abs. 2 lit. d DSGVO",
-        "keywords": ["aufsichtsbehoerde", "beschwerde", "supervisory authority",
-                      "datenschutzbehoerde"],
+        "keywords": ["aufsichtsbehoerde", "aufsichtsbehörde", "beschwerde",
+                      "supervisory authority", "datenschutzbehoerde",
+                      "landesbeauftragte", "bundesdatenschutz", "bfdi"],
        "severity": "MEDIUM",
    },
    {
@@ -183,13 +192,32 @@ MANDATORY_IMPRESSUM_CONTENT = [
 ]


+ECOMMERCE_INDICATORS = [
+    r"warenkorb", r"cart", r"shop", r"bestell", r"order",
+    r"checkout", r"kasse", r"buy", r"kaufen", r"add.?to.?cart",
+    r"stripe|paypal|klarna|mollie|adyen",  # Payment providers
+]
+
+
+def _is_ecommerce(scanned_pages: list[str], html_content: str = "") -> bool:
+    """Detect if website is an e-commerce/transactional site."""
+    all_text = " ".join(scanned_pages).lower() + " " + html_content.lower()
+    return any(re.search(p, all_text) for p in ECOMMERCE_INDICATORS)
+
+
 def check_mandatory_documents(
    scanned_pages: list[str], page_status: dict[str, int],
+    html_content: str = "",
 ) -> list[MandatoryFinding]:
    """Check if mandatory documents/pages exist on the website."""
    findings = []
+    is_shop = _is_ecommerce(scanned_pages, html_content)

    for doc in MANDATORY_DOCUMENTS:
+        # Skip e-commerce-only checks for non-shop websites
+        if doc.get("only_ecommerce") and not is_shop:
+            continue
+
        found = False
        for page in scanned_pages:
            if any(re.search(p, page, re.IGNORECASE) for p in doc["patterns"]):