Benjamin Admin
e1dadc8027
Stage 1.a Browser-Matrix (Task #15) — Multi-Engine Scaffolding: - consent-tester/Dockerfile: firefox + webkit + Xvfb deps - playwright install chromium firefox webkit - services/browser_profiles.py: Registry mit DEFAULT_PROFILES (Chromium-Headed/Firefox-Headed/WebKit-Headed/Mobile-Safari) + EXTRA_PROFILES (Chrome-Channel, Edge, Brave) - services/multi_browser_scanner.py: run_matrix() orchestriert N parallele Scans + worst-of-Aggregation + 3 Sub-Scores (Pre-Consent 50%, Reject-Respekt 30%, Banner-Design 20%) + Hard-Fail-Cap auf <60% bei Pre-Consent/Reject-Verstoß - routes_matrix.py: POST /scan-matrix Endpoint (eigenes Modul, damit main.py unter 500 LOC bleibt) KNOWN: Stage 1.a-Shim ruft alle Profile auf demselben Chromium, echte Engine-Diversität in Stage 1.b (consent_scanner.py Param) Coverage-Gap 3 (Task #17): 2/3 verbleibende GT-Lücken geschlossen: - B9 impressum_multi_entity_check (IMPRESSUM-001): erkennt USt-IdNr/HR/GF-Fehlen pro Entity bei multi-entity Impressen (Elli: USt-IdNr nur bei Elli Mobility, fehlt bei VW Group Charging) - B10 transfer_mechanism_check (TRANSFER-001): pro Non-EU-Vendor in cmp_vendors prüft DSE auf DPF/SCCs/BCRs/Einwilligung im ±400-char-Window. Findet Vendors ohne benannten Mechanismus. - TH-RETENTION-002 (AI-Datenkategorie-Differenzierung) bleibt semantisch-tief, vorgesehen für Specialist-Agents Task #18. Plausibility-LLM Empty-Response-Härtung (Task #16): - BATCH_SIZE 8 → 4, EXCERPT 4000 → 1500 chars, TIMEOUT 60 → 45s - Single-retry mit halbierter Batch wenn LLM empty content zurückgibt — qwen3:30b-a3b rejektiert manchmal ≥6-Item-Prompts unter format='json'. Falls auch Half-Batch empty: log + skip. - Pipeline läuft jetzt nicht mehr 10min in Timeouts. GT-Coverage Sprung: 10/13 → 11/13 (85%). 4/4 HIGH ✓, 5/6 MEDIUM ✓, 2/3 LOW ✓. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
159 lines
5.7 KiB
Python
159 lines
5.7 KiB
Python
"""Multi-browser consent-scan orchestrator (browser-matrix stage 1).
|
|
|
|
Runs the existing single-browser `consent_scanner.run_consent_test`
|
|
once per profile from `browser_profiles.resolve_profiles` and
|
|
aggregates the per-browser results with the worst-of rule:
|
|
|
|
* any HIGH-violation on any browser → robustness_score capped to <60
|
|
* Pre-Consent + Reject-Respekt are weighted 80% combined
|
|
* Banner-Design only contributes if the banner was detected at all
|
|
|
|
Returns a unified ScanResponse-compatible dict plus a fresh
|
|
`browser_matrix` block (one entry per profile) so the backend mail
|
|
renderer can show "Chrome 95% · Firefox 92% · WebKit 78% · Mobile-Safari 65%".
|
|
|
|
Heuristic only — the real per-test scoring (T1..T7 from the EDPB
|
|
taskforce report) is mocked here as a placeholder until the consent
|
|
scanner emits structured per-test results.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import asyncio
|
|
import logging
|
|
from typing import Any, Callable, Awaitable
|
|
|
|
from .browser_profiles import resolve_profiles
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
# Worst-of capping: if pre-consent or reject-respect has ANY hard fail,
|
|
# overall robustness can never exceed this value.
|
|
_HARD_FAIL_CAP = 55
|
|
|
|
# Per-dimension weights — Sales/Risk-tuned (see strategy doc):
|
|
# Pre-Consent-Compliance 50%
|
|
# Reject-Respekt 30%
|
|
# Banner-Design / Dark 20%
|
|
_WEIGHTS = {"pre_consent": 0.5, "reject_respect": 0.3, "banner_design": 0.2}
|
|
|
|
|
|
def _extract_dimensions(banner_result: dict) -> dict[str, float]:
|
|
"""Best-effort: derive 3 sub-scores from the existing scan output.
|
|
|
|
Falls back to neutral 0.5 when the input is too sparse.
|
|
"""
|
|
if not banner_result:
|
|
return {"pre_consent": 0.5, "reject_respect": 0.5,
|
|
"banner_design": 0.5}
|
|
phases = banner_result.get("phases") or {}
|
|
before = phases.get("before_consent") or phases.get("before") or {}
|
|
after_reject = phases.get("after_reject") or {}
|
|
bv = (banner_result.get("banner_checks") or {}).get("violations") or []
|
|
pre_cookies = len(before.get("cookies") or [])
|
|
rej_cookies = len(after_reject.get("cookies") or [])
|
|
pre_consent = max(0.0, 1.0 - min(1.0, pre_cookies / 10.0))
|
|
reject_respect = max(0.0, 1.0 - min(1.0, rej_cookies / 5.0))
|
|
banner_design = max(0.0, 1.0 - min(1.0, len(bv) / 5.0))
|
|
return {
|
|
"pre_consent": round(pre_consent, 3),
|
|
"reject_respect": round(reject_respect, 3),
|
|
"banner_design": round(banner_design, 3),
|
|
}
|
|
|
|
|
|
def _score(dimensions: dict[str, float]) -> int:
|
|
base = (
|
|
dimensions["pre_consent"] * _WEIGHTS["pre_consent"]
|
|
+ dimensions["reject_respect"] * _WEIGHTS["reject_respect"]
|
|
+ dimensions["banner_design"] * _WEIGHTS["banner_design"]
|
|
)
|
|
pct = int(round(base * 100))
|
|
if (dimensions["pre_consent"] < 0.5
|
|
or dimensions["reject_respect"] < 0.5):
|
|
pct = min(pct, _HARD_FAIL_CAP)
|
|
return pct
|
|
|
|
|
|
def _verbal(score: int) -> str:
|
|
if score >= 95:
|
|
return "Im Prüfumfang keine wesentlichen Mängel"
|
|
if score >= 80:
|
|
return "Niedriges Risiko, Korrektur empfohlen"
|
|
if score >= 60:
|
|
return "Mittlere Mängel, kurzfristige Korrektur"
|
|
if score >= 30:
|
|
return "Schwere Mängel, sofortige Korrektur"
|
|
return "Bußgeldrelevante Verstöße"
|
|
|
|
|
|
async def run_matrix(
|
|
scanner: Callable[..., Awaitable[Any]],
|
|
url: str,
|
|
requested_profiles: list[str] | None = None,
|
|
**scanner_kwargs: Any,
|
|
) -> dict:
|
|
"""Run `scanner(url, profile=…, **kw)` once per profile in parallel.
|
|
|
|
`scanner` must be the existing consent_scanner.run_consent_test
|
|
or a shim with the same signature; it must accept a `browser_profile`
|
|
kwarg. Returns:
|
|
|
|
{
|
|
"browser_matrix": [
|
|
{"profile_id": ..., "label": ..., "scan": <raw scan dict>,
|
|
"dimensions": {...}, "score": int, "verbal": str},
|
|
...
|
|
],
|
|
"aggregate": {
|
|
"worst_score": int, "worst_profile": "...",
|
|
"best_score": int, "best_profile": "...",
|
|
"verbal": "...",
|
|
},
|
|
}
|
|
"""
|
|
profiles = resolve_profiles(requested_profiles)
|
|
if not profiles:
|
|
return {"browser_matrix": [], "aggregate": {}}
|
|
|
|
async def _run_one(prof: dict) -> dict:
|
|
try:
|
|
scan = await scanner(
|
|
url, browser_profile=prof, **scanner_kwargs,
|
|
)
|
|
except TypeError:
|
|
# Backward-compat: scanner that doesn't accept the kwarg
|
|
scan = await scanner(url, **scanner_kwargs)
|
|
except Exception as e:
|
|
logger.warning("matrix profile %s failed: %s", prof["id"], e)
|
|
return {
|
|
"profile_id": prof["id"], "label": prof["label"],
|
|
"scan": None, "error": str(e)[:200],
|
|
"dimensions": {"pre_consent": 0, "reject_respect": 0,
|
|
"banner_design": 0},
|
|
"score": 0, "verbal": "Scan fehlgeschlagen",
|
|
}
|
|
dims = _extract_dimensions(scan or {})
|
|
score = _score(dims)
|
|
return {
|
|
"profile_id": prof["id"], "label": prof["label"],
|
|
"scan": scan, "dimensions": dims, "score": score,
|
|
"verbal": _verbal(score),
|
|
}
|
|
|
|
results = await asyncio.gather(*[_run_one(p) for p in profiles])
|
|
sorted_by_score = sorted(results, key=lambda r: r["score"])
|
|
worst = sorted_by_score[0]
|
|
best = sorted_by_score[-1]
|
|
return {
|
|
"browser_matrix": results,
|
|
"aggregate": {
|
|
"worst_score": worst["score"],
|
|
"worst_profile": worst["profile_id"],
|
|
"best_score": best["score"],
|
|
"best_profile": best["profile_id"],
|
|
"verbal": worst["verbal"],
|
|
"profiles_run": len(results),
|
|
},
|
|
}
|