refactor(bot-detector): suppression monolithe, tests multifactoriels

- Suppression de bot_detector.py (1982 lignes) remplacé par 11 modules - Tests navigateur mis à jour pour le système multifactoriel (browser_confidence) - 36/36 tests passent avec la nouvelle structure modulaire Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-09 01:03:17 +02:00
parent 1f103392ac
commit f1547423b5
2 changed files with 17 additions and 1775 deletions
--- a/services/bot-detector/bot_detector/tests/test_detector.py
+++ b/services/bot-detector/bot_detector/tests/test_detector.py
@ -626,23 +626,23 @@ def test_browser_consistency_score_range():


 def test_legitimate_browser_classification_threshold():
-    """LEGITIMATE_BROWSER requires browser_family + consistency >= threshold + NORMAL/LOW threat."""
-    BROWSER_LEGIT_MIN_CONSISTENCY = 4
+    """LEGITIMATE_BROWSER requires browser_confidence >= threshold + family + NORMAL/LOW threat."""
+    BROWSER_CONFIDENCE_THRESHOLD = 0.55

    sessions = [
-        # (browser_family, bcs, threat_level) → expected classification
-        ('Chromium', 5, 'NORMAL'),      # → LEGITIMATE_BROWSER
-        ('Chromium', 5, 'MEDIUM'),      # threat too high → keep MEDIUM
-        ('Firefox',  4, 'LOW'),         # → LEGITIMATE_BROWSER
-        ('Firefox',  3, 'NORMAL'),      # consistency too low → keep NORMAL
-        ('',         5, 'NORMAL'),      # no browser → keep NORMAL (can't be 5 without browser, but edge case)
-        ('Chromium', 5, 'ANUBIS_DENY'), # Anubis DENY → keep ANUBIS_DENY
+        # (inferred_browser_family, browser_confidence, threat_level) → expected
+        ('Chromium', 0.80, 'NORMAL'),      # → LEGITIMATE_BROWSER
+        ('Chromium', 0.80, 'MEDIUM'),      # threat too high → keep MEDIUM
+        ('Firefox',  0.60, 'LOW'),         # → LEGITIMATE_BROWSER
+        ('Firefox',  0.40, 'NORMAL'),      # confidence too low → keep NORMAL
+        ('',         0.90, 'NORMAL'),      # no family → keep NORMAL
+        ('Chromium', 0.80, 'ANUBIS_DENY'), # Anubis DENY → keep ANUBIS_DENY
    ]
    results = []
-    for bf, bcs, tl in sessions:
+    for bf, conf, tl in sessions:
        is_legit = (
+            conf >= BROWSER_CONFIDENCE_THRESHOLD and
            bf != '' and
-            bcs >= BROWSER_LEGIT_MIN_CONSISTENCY and
            tl in ('NORMAL', 'LOW')
        )
        results.append('LEGITIMATE_BROWSER' if is_legit else tl)
@ -673,17 +673,18 @@ def test_legitimate_browser_excluded_from_anomalies():


 def test_browser_spoofing_detection():
-    """Inconsistent browser behavior (known JA4 but low consistency) stays in normal scoring."""
-    BROWSER_LEGIT_MIN_CONSISTENCY = 4
+    """Spoofed browser (known JA4 but low overall confidence) stays in normal scoring."""
+    BROWSER_CONFIDENCE_THRESHOLD = 0.55

-    # Spoofed: JA4 looks like Chrome but no cookies, no Accept-Language, high sec_fetch_absence
+    # Spoofed: JA4 looks like Chrome (axis_ja4_known=1) but no cookies,
+    # no Accept-Language, high sec_fetch_absence → low overall confidence
    spoofed_bf = 'Chromium'
-    spoofed_bcs = 1  # only is_known_browser=1, all others fail
+    spoofed_confidence = 0.30  # only JA4 known axis scores high
    spoofed_tl = 'MEDIUM'

    is_legit = (
+        spoofed_confidence >= BROWSER_CONFIDENCE_THRESHOLD and
        spoofed_bf != '' and
-        spoofed_bcs >= BROWSER_LEGIT_MIN_CONSISTENCY and
        spoofed_tl in ('NORMAL', 'LOW')
    )
    assert not is_legit, "Spoofed browser should NOT be classified as LEGITIMATE_BROWSER"