code_public/ja4-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(bot-detector): suppression monolithe, tests multifactoriels

Browse Source 
- Suppression de bot_detector.py (1982 lignes) remplacé par 11 modules
- Tests navigateur mis à jour pour le système multifactoriel (browser_confidence)
- 36/36 tests passent avec la nouvelle structure modulaire

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
toto
2026-04-09 01:03:17 +02:00
parent 1f103392ac
commit f1547423b5
2 changed files with 17 additions and 1775 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1759
services/bot-detector/bot_detector/bot_detector.py
View File

File diff suppressed because it is too large Load Diff

33
services/bot-detector/bot_detector/tests/test_detector.py
View File

@ -626,23 +626,23 @@ def test_browser_consistency_score_range():
def test_legitimate_browser_classification_threshold(): def test_legitimate_browser_classification_threshold():
"""LEGITIMATE_BROWSER requires browser_family + consistency >= threshold + NORMAL/LOW threat.""" """LEGITIMATE_BROWSER requires browser_confidence >= threshold + family + NORMAL/LOW threat."""
BROWSER_LEGIT_MIN_CONSISTENCY = 4 BROWSER_CONFIDENCE_THRESHOLD = 0.55
sessions = [ sessions = [
# (browser_family, bcs, threat_level) → expected classification # (inferred_browser_family, browser_confidence, threat_level) → expected
('Chromium', 5, 'NORMAL'), # → LEGITIMATE_BROWSER ('Chromium', 0.80, 'NORMAL'), # → LEGITIMATE_BROWSER
('Chromium', 5, 'MEDIUM'), # threat too high → keep MEDIUM ('Chromium', 0.80, 'MEDIUM'), # threat too high → keep MEDIUM
('Firefox', 4, 'LOW'), # → LEGITIMATE_BROWSER ('Firefox', 0.60, 'LOW'), # → LEGITIMATE_BROWSER
('Firefox', 3, 'NORMAL'), # consistency too low → keep NORMAL ('Firefox', 0.40, 'NORMAL'), # confidence too low → keep NORMAL
('', 5, 'NORMAL'), # no browser → keep NORMAL (can't be 5 without browser, but edge case) ('', 0.90, 'NORMAL'), # no family → keep NORMAL
('Chromium', 5, 'ANUBIS_DENY'), # Anubis DENY → keep ANUBIS_DENY ('Chromium', 0.80, 'ANUBIS_DENY'), # Anubis DENY → keep ANUBIS_DENY
] ]
results = [] results = []
for bf, bcs, tl in sessions: for bf, conf, tl in sessions:
is_legit = ( is_legit = (
conf >= BROWSER_CONFIDENCE_THRESHOLD and
bf != '' and bf != '' and
bcs >= BROWSER_LEGIT_MIN_CONSISTENCY and
tl in ('NORMAL', 'LOW') tl in ('NORMAL', 'LOW')
) )
results.append('LEGITIMATE_BROWSER' if is_legit else tl) results.append('LEGITIMATE_BROWSER' if is_legit else tl)
@ -673,17 +673,18 @@ def test_legitimate_browser_excluded_from_anomalies():
def test_browser_spoofing_detection(): def test_browser_spoofing_detection():
"""Inconsistent browser behavior (known JA4 but low consistency) stays in normal scoring.""" """Spoofed browser (known JA4 but low overall confidence) stays in normal scoring."""
BROWSER_LEGIT_MIN_CONSISTENCY = 4 BROWSER_CONFIDENCE_THRESHOLD = 0.55
# Spoofed: JA4 looks like Chrome but no cookies, no Accept-Language, high sec_fetch_absence # Spoofed: JA4 looks like Chrome (axis_ja4_known=1) but no cookies,
# no Accept-Language, high sec_fetch_absence → low overall confidence
spoofed_bf = 'Chromium' spoofed_bf = 'Chromium'
spoofed_bcs = 1 # only is_known_browser=1, all others fail spoofed_confidence = 0.30 # only JA4 known axis scores high
spoofed_tl = 'MEDIUM' spoofed_tl = 'MEDIUM'
is_legit = ( is_legit = (
spoofed_confidence >= BROWSER_CONFIDENCE_THRESHOLD and
spoofed_bf != '' and spoofed_bf != '' and
spoofed_bcs >= BROWSER_LEGIT_MIN_CONSISTENCY and
spoofed_tl in ('NORMAL', 'LOW') spoofed_tl in ('NORMAL', 'LOW')
) )
assert not is_legit, "Spoofed browser should NOT be classified as LEGITIMATE_BROWSER" assert not is_legit, "Spoofed browser should NOT be classified as LEGITIMATE_BROWSER"