-
Notifications
You must be signed in to change notification settings - Fork 7
/
database.py
193 lines (182 loc) · 8.49 KB
/
database.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys
import datetime
import configparser
import re
from sqlalchemy import create_engine
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy import Column, Integer, String, DateTime, ForeignKey, Boolean, ARRAY
from sqlalchemy.orm import sessionmaker
from sqlalchemy.dialects.postgresql import TEXT
from sqlalchemy.types import LargeBinary
from utils import *
########### GLOBAL VARs
Base = declarative_base()
def start_db(prod=False, ac=False):
if prod:
config = parse_config_file(CONFIG_FILE_PROD)
elif ac:
config = parse_config_file(CONFIG_FILE_AC)
else:
config = parse_config_file(CONFIG_FILE)
eng = create_engine('postgresql://' + config.db_user + ':' +
config.db_pass + '@' + config.db_server +
'/' + config.db_name, pool_recycle=3600)
Base.metadata.bind = eng
Session = sessionmaker(bind=eng)
db = Session()
Base.metadata.create_all(bind=eng)
return db
########### CLASSES
class Config():
def __init__(self, c):
self.db_name = c.get('Database', 'db_name')
self.db_server = c.get('Database', 'db_server')
self.db_user = c.get('Database', 'db_user')
self.db_pass = c.get('Database', 'db_pass')
class Website(Base):
__tablename__ = "website"
id = Column(Integer, primary_key=True)
domain = Column(String(2083), unique=True) # https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers
main_page_url = Column(String(2083))
last_visited = Column(DateTime)
access_successful = Column(Boolean)
robot_txt_ban = Column(Boolean)
iab_banner = Column(Boolean)
iab_banner_cmplocator = Column(Boolean)
tcfv2 = Column(Boolean)
iab_banner_tcfapilocator = Column(Boolean)
cmpid = Column(Integer)
cmp_code = Column(TEXT)
tcfapi_code = Column(TEXT)
# for all consent_set violations:
# - 1 = undoubtful violation
# - 2 = doubtful violation (no purpose is set but vendors are)
violation_consent_set_before_user_action_direct = Column(Integer)
violation_consent_set_before_user_action_postmessage = Column(Integer)
violation_consent_set_before_user_action_get = Column(Integer)
violation_consent_set_before_user_action_post = Column(Integer)
violation_consent_set_before_user_action_cookie = Column(Integer)
violation_consent_set_before_user_action_sure = Column(Boolean) # preaction_n2 or preaction_n3
violation_consent_set_before_user_action_cookie_sure = Column(Boolean)
violation_no_banner = Column(Boolean)
violation_broken_banner = Column(Boolean)
violation_no_option = Column(Boolean)
violation_preticked = Column(Boolean)
violation_consent_set_active_refusal_direct = Column(Integer)
violation_consent_set_active_refusal_postmessage = Column(Integer)
violation_consent_set_active_refusal_get = Column(Integer)
violation_consent_set_active_refusal_post = Column(Integer)
violation_consent_set_active_refusal_cookie = Column(Integer)
violation_consent_set_active_refusal_sure = Column(Boolean) # nonrespect_n3
violation_consent_set_active_refusal_cookie_sure = Column(Boolean)
violation_consent_set_active_refusal_queries_sure = Column(Boolean)
nonrespect_n0 = Column(Boolean)
nonrespect_n1 = Column(Boolean)
nonrespect_n2 = Column(Boolean)
preaction_n0 = Column(Boolean)
preaction_n1 = Column(Boolean)
preaction_n2 = Column(Boolean)
preaction_n3 = Column(Boolean)
violation_shared_cookie = Column(Boolean)
violation_unregistered_vendors_in_consent_string = Column(Boolean)
violation_incorrect_cmpid = Column(Boolean)
violation_vendor_1 = Column(ARRAY(String(256)))
violation_vendor_1_legint = Column(ARRAY(String(256)))
violation_vendor_2_direct = Column(ARRAY(String(256)))
violation_vendor_2_postmessage = Column(ARRAY(String(256)))
violation_vendor_2_get = Column(ARRAY(String(256)))
violation_vendor_2_post = Column(ARRAY(String(256)))
violation_vendor_3 = Column(ARRAY(String(256)))
violation_vendor_4_direct = Column(ARRAY(String(256)))
violation_vendor_4_postmessage = Column(ARRAY(String(256)))
violation_vendor_4_get = Column(ARRAY(String(256)))
violation_vendor_4_post = Column(ARRAY(String(256)))
regular_consent_verification_direct = Column(ARRAY(String(256)))
regular_consent_verification_postmessage = Column(ARRAY(String(256)))
regular_consent_verification_get = Column(ARRAY(String(256)))
regular_consent_verification_post = Column(ARRAY(String(256)))
violation_gdpr_does_not_apply = Column(Boolean)
#violation_vendor_not_in_consent_string = Column(Boolean)
different_consent_strings = Column(Boolean)
different_cmpids = Column(Boolean)
shared_cookie_set = Column(Boolean)
shared_cookie_set_refusal = Column(Boolean)
shared_cookie_set_acceptance = Column(Boolean)
trackers = Column(ARRAY(String(256)))
non_trackers = Column(ARRAY(String(256)))
trackers_before_action = Column(ARRAY(String(256)))
trackers_after_refusal = Column(ARRAY(String(256)))
trackers_after_acceptance = Column(ARRAY(String(256)))
non_trackers_before_action = Column(ARRAY(String(256)))
non_trackers_after_refusal = Column(ARRAY(String(256)))
non_trackers_after_acceptance = Column(ARRAY(String(256)))
consent_strings = Column(ARRAY(String(256))) # should be ok with current number of vendors, but no max length is specified
consent_strings_v2 = Column(ARRAY(TEXT))
nothing_found_after_manual_validation = Column(Boolean) # in case semi-automatic check finds nothing
# sorted by origin, not stored in db (unlike above field)
seen_consent_strings = {"direct": set(), "postmessage": set(), "GET": set(), "POST": set(), "cookie": set()}
seen_consent_strings_v2 = {"direct": set(), "postmessage": set(), "GET": set(), "POST": set(), "cookie": set()}
pickled_consent_strings = Column(LargeBinary)
pickled_consent_strings_v2 = Column(LargeBinary)
violation_gdpr_does_not_apply_this_session = False # for printing
http_only = Column(Boolean)
unknown_consent_checks = Column(Integer)
semi_automatic_done = Column(Boolean)
redirector_seen = Column(Boolean)
other_consensu_seen = Column(Boolean)
current_state = 0
def __init__(self, domain):
self.domain = domain
self.last_visited = datetime.datetime.now()
self.violation_vendor_1 = set()
self.violation_vendor_2_direct = set()
self.violation_vendor_2_postmessage = set()
self.violation_vendor_2_get = set()
self.violation_vendor_2_post = set()
self.violation_vendor_3 = set()
self.violation_vendor_4_direct = set()
self.violation_vendor_4_postmessage = set()
self.violation_vendor_4_get = set()
self.violation_vendor_4_post = set()
self.regular_consent_verification_direct = set()
self.regular_consent_verification_postmessage = set()
self.regular_consent_verification_get = set()
self.regular_consent_verification_post = set()
self.trackers = set()
self.non_trackers = set()
self.trackers_before_action = set()
self.trackers_after_refusal = set()
self.trackers_after_acceptance = set()
self.non_trackers_before_action = set()
self.non_trackers_after_refusal = set()
self.non_trackers_after_acceptance = set()
self.consent_strings = set()
self.consent_strings_v2 = set()
self.unknown_consent_checks = 0
self.main_page_url = ""
self.violation_no_option = False
self.violation_no_banner = False
def move_to_http(self):
if self.main_page_url.startswith('http://'):
return False
self.http_only = True
self.main_page_url = re.sub('https://', 'http://', self.main_page_url)
print("HTTPS access failed, moving to HTTP.")
return True
def remove_www(self):
if '://www.' not in self.main_page_url:
return False
self.main_page_url = re.sub('://www.', '://', self.main_page_url)
print("Accessing www.domain failed, attempting domain (without www.)")
return True
########### FUNCTIONS
def parse_config_file(config_file):
c = configparser.RawConfigParser()
if not c.read(config_file):
print("Could not find config file %s." % config_file)
print('Please copy it from %s.example and fill it appropiately.' % CONFIG_FILE)
sys.exit(1)
config = Config(c)
return config