je_web_runner.api.security

Façade: PII / license / CSP / cookie consent / header tampering.

exception je_web_runner.api.security.ConsentBannerError

Bases: WebRunnerException

Raised when consent dismissal fails or driver is unsupported.

class je_web_runner.api.security.ConsentDismisser(selectors: List[str] = <factory>)

Bases: object

Try each selector against a driver / page; click the first hit.

add_selector(selector: str) → None

dismiss(driver: Any, timeout_per_selector: float = 0.5) → str | None: 嘗試點擊 banner 上的 Accept 按鈕；找不到時回傳 None Click the first matching consent button. Returns the selector that was clicked, or None if no banner was found.

selectors: List[str]

exception je_web_runner.api.security.CspReporterError

Bases: WebRunnerException

Raised when the reporter cannot inject or read violations.

class je_web_runner.api.security.CspViolation(violated_directive: 'str', blocked_uri: 'str', source_file: 'Optional[str]', line_number: 'Optional[int]', sample: 'Optional[str]')

Bases: object

blocked_uri: str

line_number: int | None

sample: str | None

source_file: str | None

violated_directive: str

class je_web_runner.api.security.CspViolationCollector

Bases: object

Inject + read CSP-violation listener for a Selenium driver / Playwright page.

assert_no_directive(directive: str) → None

assert_none() → None

collect(driver: Any) → List[CspViolation]

install(driver: Any) → None

violations() → List[CspViolation]

class je_web_runner.api.security.HeaderRule(name: str, header: str, action: str, value: str | None = None, url_match: Pattern | None = None)

Bases: object

One (url_match, header, action) directive.

action: str

header: str

name: str

url_match: Pattern | None = None

value: str | None = None

class je_web_runner.api.security.HeaderTampering(rules: List[HeaderRule] = <factory>)

Bases: object

Track a list of rules and attach to a Playwright page.

attach_to_page(page: Any) → None: Wire the rules onto a Playwright page via page.route('**/*').

remove_header(header: str, url_substring: str | None = None) → HeaderRule

rules: List[HeaderRule]

set_header(header: str, value: str, url_substring: str | None = None, name: str | None = None) → HeaderRule

exception je_web_runner.api.security.HeaderTamperingError

Bases: WebRunnerException

Raised when a rule is malformed or driver does not expose route().

class je_web_runner.api.security.LicenseFinding(license_id: 'str', line_number: 'int', snippet: 'str')

Bases: object

license_id: str

line_number: int

snippet: str

exception je_web_runner.api.security.LicenseScannerError

Bases: WebRunnerException

Raised when the scanner is asked for invalid input or assertion fails.

class je_web_runner.api.security.PiiFinding(category: 'str', start: 'int', end: 'int', redacted: 'str')

Bases: object

category: str

end: int

redacted: str

start: int

exception je_web_runner.api.security.PiiScannerError

Bases: WebRunnerException

Raised when scanning input is invalid or assertion fails.

je_web_runner.api.security.apply_to_request_headers(headers: Dict[str, str], url: str, rules: List[HeaderRule]) → Dict[str, str]: Return a new headers dict with all matching rules applied.

je_web_runner.api.security.assert_allowed_licenses(findings: Iterable[LicenseFinding], allow: Sequence[str], deny: Sequence[str] | None = None) → None: 斷言所有偵測到的授權都在 allow、且不在 deny 名單中 Raise unless every finding is in allow and not in deny.

je_web_runner.api.security.assert_no_pii(text: str, categories: Sequence[str] | None = None, allow_categories: Sequence[str] | None = None) → None: 斷言文本中沒有指定類別的 PII；allow_categories 可白名單跳過。 Raise PiiScannerError when any non-allowed category is found.

je_web_runner.api.security.assert_no_violations(driver: Any, allow_directives: Iterable[str] | None = None) → None

je_web_runner.api.security.collect_violations(driver: Any) → List[CspViolation]

je_web_runner.api.security.common_dismiss_selectors() → List[str]

je_web_runner.api.security.install_listener(driver: Any) → None

je_web_runner.api.security.redact_text(text: str, replacement: str = '[REDACTED]', categories: Sequence[str] | None = None) → str: Return text with each PII match replaced by replacement.

je_web_runner.api.security.register_selector(selector: str) → None: Append selector to the module-default list (idempotent).

je_web_runner.api.security.scan_license_text(text: str) → List[LicenseFinding]: 從文字內容找出 SPDX/已知授權字樣 Find every SPDX identifier and known license phrase in text.

je_web_runner.api.security.scan_pii_text(text: str, categories: Sequence[str] | None = None) → List[PiiFinding]: 對 text 跑全部或指定的 PII 偵測類別 Run every (or a filtered subset of) PII detector against text.