breakpilot-compliance/consent-tester/tests/test_cookieless_optout.py

"""Cookieless Opt-out-Erkennung im banner_text_checker.

Sehr untypischer Sonderfall: cookie-FREIE Analyse mit reinem Opt-out-Hinweis
statt Consent-Banner (z.B. bayshore.ai). Standard-Opt-in-Checks duerfen dann
NICHT feuern (sonst False Positives).
"""

from services.banner_text_checker import (
    is_cookieless_optout,
    detect_non_cookie_tracking,
    build_no_banner_finding,
)


def test_bayshore_cookieless_optout_detected():
    # Realer bayshore.ai-Bannertext (Opt-out fuer cookie-freie Analyse).
    bay = ("privacy-friendly, cookie-free analytics are currently enabled. "
           "you can change your choice at any time. disable")
    assert is_cookieless_optout(bay) is True


def test_standard_consent_banner_not_cookieless():
    assert not is_cookieless_optout(
        "wir nutzen cookies. alle akzeptieren  ablehnen  einstellungen")


def test_cookiefree_but_with_accept_is_not_optout():
    # 'cookie-free' genannt, aber echtes Consent ('accept all') → kein reiner Opt-out.
    assert not is_cookieless_optout("cookie-free analytics. accept all  disable")


def test_signal_without_optout_word_is_not_detected():
    # cookie-free, aber kein Opt-out-Mechanismus im Text.
    assert not is_cookieless_optout("cookie-free analytics enabled")


def test_empty():
    assert not is_cookieless_optout("")


# ── #3: Non-Cookie-Tracking-Erkennung ──────────────────────────────────
def test_detect_meta_pixel():
    assert detect_non_cookie_tracking(
        ["https://connect.facebook.net/en_US/fbevents.js"]) == ["Meta-Pixel (Facebook)"]


def test_detect_clarity_and_fingerprint():
    found = detect_non_cookie_tracking([
        "https://www.clarity.ms/tag/abc", "https://cdn.fpjs.io/v3/x.js"])
    assert "Microsoft Clarity" in found
    assert "Fingerprinting (FingerprintJS)" in found


def test_detect_none_on_plain_scripts():
    assert detect_non_cookie_tracking(
        ["https://example.com/app.js", "/static/main.css"]) == []
    assert detect_non_cookie_tracking([]) == []


# ── #1/#2: Kein-Banner-affirmativ-Befund ───────────────────────────────
def test_no_banner_finding_is_low_and_compliant():
    v = build_no_banner_finding(has_dse=True)
    assert v.severity == "LOW"
    assert "konform" in v.text.lower()
    assert "geo-targeting" in v.text.lower()  # Geo-Caveat enthalten


def test_no_banner_finding_flags_missing_dse():
    v = build_no_banner_finding(has_dse=False)
    assert "dse" in v.text.lower() or "datenschutzerkl" in v.text.lower()