Detect cookie popups based on full document text (#148)

* Define the desired data types

* Collect document-level text and buttons for cookie popup detection

* Prevent empty result entries

* Annotate buttons in extracted text

* Switch to a simpler document text scraping

* Add an LLM detection script

* Skip some shadowroot elements

* Add heuristic to filter common false positives

* use document.body when possible

* Add regex-based detection

* Fix detection script after refactoring

* Move all LLM calssification in one script

* Move button text verification into the llm script

* Adapt the rule generation script to after crawler refactoring

* Cleanup: move the types in a separate file

* cleanup: refactor the generation functions

* Lint fixes

* fix unit tests

* Clean up: split out classification utility functions

* Parallelize crawl processing

* Classify buttons in the document context

* Do not render progress bar in CI

* Synchronize autoconsent with the scraping job

* More verbose lifecycle logs

* Add two columns in clickhouse

* populate the new detection columns

* Fix typo

* Remove unnecessary import

* Escape whitespaces in selector components

* Handle scrapescript errors better

* Defend against DOM clobbering

* Clarify the comment

* Lint fix

* Clarify the TS types

* minor code style fix

* Fix lint errors

* Fix unit test

* Add a comment about openAI usage costs.

* More logs for debugging

* Log last crawled site

* naive attempt to prevent duplicate script injection

* Do context deduplication inside the ContentScriptSelector

* Report the current sites/min rate

* Fix unit tests

* lint fix

* Add collector-specific extra timeouts and give Autoconsent more time to finish

* Wait for scrape job to finish before waiting for optOut

* Lint fix

* More timeouts for CPM collector: some rules take a long time to finish.

* Prevent unnecessary OpenAI calls

Author: muodov

collectors/BaseCollector.js

@@ -1,13 +1,18 @@
 class BaseCollector {
 
+    /**
+     * Override this to increase the total crawl time when this collector is enabled.
+     */
+    collectorExtraTimeMs = 0;
+
     id() {
         return 'base';
     }
 
     /**
      * Called before the crawl begins. Can be async, can throw errors.
-     * 
-     * @param {CollectorInitOptions} options 
+     *
+     * @param {CollectorInitOptions} options
      */
     // eslint-disable-next-line @typescript-eslint/no-unused-vars
     init(options) {

collectors/ContentScriptCollector.js

@@ -1,6 +1,7 @@
 const BaseCollector = require('./BaseCollector');
 
 const ISOLATED_WORLD_PREFIX = 'iw_for_';
+const ISOLATED_WORLD_SEPARATOR = '_frameId_';
 
 /**
  * @param {String|Error} e
@@ -60,8 +61,15 @@ class ContentScriptCollector extends BaseCollector {
         session.on('Runtime.executionContextCreated', async ({context}) => {
             // new isolated world for our content script
             if (context.auxData.type === 'isolated' && context.name.startsWith(this.iwPrefix)) {
-                const pageWorldUniqueId = context.name.slice(this.iwPrefix.length);
-                this.log(`isolated world created ${context.uniqueId} for ${pageWorldUniqueId}`);
+                // Chromium will create a new isolated context for each frame in the page, even the ones we already asked for.
+                // We need to filter those out and ignore.
+                const pageWorldUniqueId = context.name.slice(this.iwPrefix.length, context.name.indexOf(ISOLATED_WORLD_SEPARATOR));
+                const intendedFrameId = context.name.slice(context.name.indexOf(ISOLATED_WORLD_SEPARATOR) + ISOLATED_WORLD_SEPARATOR.length);
+                if (intendedFrameId !== context.auxData.frameId) {
+                    this.log(`Skipping isolated context for fId ${context.auxData.frameId} (waiting for fId ${intendedFrameId})`);
+                    return;
+                }
+                this.log(`isolated world created ${context.uniqueId} for cId ${pageWorldUniqueId}: fId ${context.auxData.frameId}`);
                 this.isolated2pageworld.set(context.uniqueId, pageWorldUniqueId);
                 this.cdpSessions.set(context.uniqueId, session);
                 await this.onIsolatedWorldCreated(session, context);
@@ -73,12 +81,12 @@ class ContentScriptCollector extends BaseCollector {
                 return;
             }
 
-            this.log(`creating isolated world for ${context.uniqueId}`);
+            this.log(`creating isolated world for cId ${context.uniqueId} fId ${context.auxData.frameId}`);
             // request an isolated world for this frame
             try {
                 await session.send('Page.createIsolatedWorld', {
                     frameId: context.auxData.frameId,
-                    worldName: `${this.iwPrefix}${context.uniqueId}`,
+                    worldName: `${this.iwPrefix}${context.uniqueId}${ISOLATED_WORLD_SEPARATOR}${context.auxData.frameId}`,
                 });
             } catch (e) {
                 if (!this.isIgnoredCdpError(e)) {

collectors/CookiePopups/scrapeScript.js

@@ -1,4 +1,29 @@
-/* global window, document, HTMLElement, Node, NodeFilter, location */
+/* global window, document, HTMLElement, Node, NodeFilter, location, NamedNodeMap, DOMTokenList, DOMException */
+
+const BUTTON_LIKE_ELEMENT_SELECTOR = 'button, input[type="button"], input[type="submit"], a, [role="button"], [class*="button"]';
+const LIMIT_TEXT_LENGTH = 150000;
+const ELEMENT_TAGS_TO_SKIP = [
+    'SCRIPT',
+    'STYLE',
+    'NOSCRIPT',
+    'TEMPLATE',
+    'META',
+    'LINK',
+    'SVG',
+    'CANVAS',
+    'IFRAME',
+    'FRAME',
+    'FRAMESET',
+    'NOFRAMES',
+    'NOEMBED',
+    'AUDIO',
+    'VIDEO',
+    'SOURCE',
+    'TRACK',
+    'PICTURE',
+    'IMG',
+    'MAP',
+];
 
 /**
  * @param {HTMLElement} node
@@ -89,12 +114,62 @@ function getPopupLikeElements() {
     return excludeContainers(found);
 }
 
+function getDocumentText() {
+    /**
+     * @param {Node} root
+     */
+    function collectShadowDOMText(root) {
+        const walker = document.createTreeWalker(
+            root,
+            NodeFilter.SHOW_ELEMENT,
+            {
+                /**
+                 * @param {Node} node
+                 */
+                acceptNode(node) {
+                    const element = /** @type {HTMLElement} */ (node);
+                    // Accept elements with shadow roots for special handling
+                    if (element.shadowRoot) {
+                        return NodeFilter.FILTER_ACCEPT;
+                    }
+                    // Skip other elements but continue traversing their children
+                    return NodeFilter.FILTER_SKIP;
+                }
+            }
+        );
+
+        let result = '';
+        let node;
+        while ((node = walker.nextNode())) {
+            const element = /** @type {HTMLElement} */ (node);
+            let shadowText = '';
+            for (const child of element.shadowRoot.children) {
+                if (child instanceof HTMLElement && !ELEMENT_TAGS_TO_SKIP.includes(child.tagName)) {
+                    shadowText += ' ' + child.innerText;
+                }
+                if (child.shadowRoot) {
+                    shadowText += ' ' + collectShadowDOMText(child);
+                }
+            }
+            if (shadowText.trim()) {
+                result += ' ' + shadowText.trim();
+            }
+        }
+
+        return result;
+    }
+
+    const visibleText = (document.body ?? document.documentElement).innerText;
+    const shadowText = collectShadowDOMText(document.documentElement);
+    return `${visibleText} ${shadowText}`.trim();
+}
+
 /**
  * @param {HTMLElement} el
  * @returns {HTMLElement[]}
  */
-function getButtons(el) {
-    return Array.from(el.querySelectorAll('button, input[type="button"], input[type="submit"], a, [role="button"], [class*="button"]'));
+function getButtonLikeElements(el) {
+    return Array.from(el.querySelectorAll(BUTTON_LIKE_ELEMENT_SELECTOR));
 }
 
 /**
@@ -103,7 +178,7 @@ function getButtons(el) {
  * @returns {string}
  */
 function insecureEscapeSelectorPart(selector) {
-    return selector.replace(/[.*+?^${}()|[\]\\"]/g, '\\$&');
+    return selector.replace(/[ .*+?^${}()|[\]\\"]/g, '\\$&');
 }
 
 /**
@@ -142,22 +217,23 @@ function getSelector(el, specificity) {
         }
 
         if (specificity.ids) {
-            if (element.id) {
-                localSelector += `#${insecureEscapeSelectorPart(element.id)}`;
+            // use getAttribute() instead of element.id to protect against DOM clobbering
+            if (element.getAttribute('id')) {
+                localSelector += `#${insecureEscapeSelectorPart(element.getAttribute('id'))}`;
             } else if (!element.hasAttribute('id')) { // do not add it for id attribute without a value
                 localSelector += `:not([id])`;
             }
         }
 
-        if (specificity.dataAttributes) {
+        if (specificity.dataAttributes && element.attributes instanceof NamedNodeMap) {
             const dataAttributes = Array.from(element.attributes).filter(a => a.name.startsWith('data-'));
             dataAttributes.forEach(a => {
                 const escapedValue = insecureEscapeSelectorPart(a.value);
                 localSelector += `[${a.name}="${escapedValue}"]`;
             });
         }
 
-        if (specificity.classes) {
+        if (specificity.classes && element.classList instanceof DOMTokenList) {
             const classes = Array.from(element.classList);
             if (classes.length > 0) {
                 localSelector += `.${classes.map(c => insecureEscapeSelectorPart(c)).join('.')}`;
@@ -192,37 +268,52 @@ function getUniqueSelector(el) {
     };
     let selector = getSelector(el, specificity);
 
-    // verify that the selector is unique
-    if (document.querySelectorAll(selector).length > 1) {
-        specificity.dataAttributes = true;
-        selector = getSelector(el, specificity);
-    }
+    try {
+        // verify that the selector is unique
+        if (document.querySelectorAll(selector).length > 1) {
+            specificity.dataAttributes = true;
+            selector = getSelector(el, specificity);
+        }
 
-    if (document.querySelectorAll(selector).length > 1) {
-        specificity.classes = true;
-        selector = getSelector(el, specificity);
-    }
+        if (document.querySelectorAll(selector).length > 1) {
+            specificity.classes = true;
+            selector = getSelector(el, specificity);
+        }
 
-    if (document.querySelectorAll(selector).length > 1) {
-        specificity.absoluteOrder = true;
-        selector = getSelector(el, specificity);
+        if (document.querySelectorAll(selector).length > 1) {
+            specificity.absoluteOrder = true;
+            selector = getSelector(el, specificity);
+        }
+    } catch (e) {
+        console.error(`Error getting unique selector for`, el, e);
+        if (e instanceof DOMException && e.message.includes('is not a valid selector')) {
+            return 'cookiepopups-collector-selector-error';
+        }
     }
 
     return selector;
 }
 
 /**
- * @returns {import('../CookiePopupsCollector').ScrapeScriptResult}
+ * Serialize all actionable buttons on the page
+ * @param {HTMLElement} el
+ * @returns {import('../CookiePopupsCollector').ButtonData[]}
  */
-function collectPotentialPopups() {
-    const isFramed = window.top !== window || location.ancestorOrigins?.length > 0;
-    // do not inspect frames that are more than one level deep
-    if (isFramed && window.parent && window.parent !== window.top) {
-        return {
-            potentialPopups: [],
-        };
-    }
+function getButtonData(el) {
+    const actionableButtons = excludeContainers(getButtonLikeElements(el))
+        .filter(b => isVisible(b) && !isDisabled(b));
 
+    return actionableButtons.map(b => ({
+        text: b.innerText,
+        selector: getUniqueSelector(b),
+    }));
+}
+
+/**
+ * @param {boolean} isFramed
+ * @returns {import('../CookiePopupsCollector').PopupData[]}
+ */
+function collectPotentialPopups(isFramed) {
     let elements = [];
     if (!isFramed) {
         elements = getPopupLikeElements();
@@ -234,27 +325,48 @@ function collectPotentialPopups() {
         }
     }
 
+    /**
+     * @type {import('../CookiePopupsCollector').PopupData[]}
+     */
     const potentialPopups = [];
 
     // for each potential popup, get the buttons
     for (const el of elements) {
-        const buttons = excludeContainers(getButtons(el))
-            .filter(b => isVisible(b) && !isDisabled(b));
         if (el.innerText) {
             potentialPopups.push({
                 text: el.innerText,
                 selector: getUniqueSelector(el),
-                buttons: buttons.map(b => ({
-                    text: b.innerText,
-                    selector: getUniqueSelector(b),
-                })),
-                isTop: !isFramed,
-                origin: window.location.origin,
+                buttons: getButtonData(el),
             });
         }
     }
 
-    return { potentialPopups };
+    return potentialPopups;
+}
+
+/**
+ * @returns {import('../CookiePopupsCollector').ScrapeScriptResult}
+ */
+function scrapePage() {
+    const isFramed = window.top !== window || location.ancestorOrigins?.length > 0;
+    // do not inspect frames that are more than one level deep
+    if (isFramed && window.parent && window.parent !== window.top) {
+        return {
+            isTop: !isFramed,
+            origin: window.location.origin,
+            buttons: [],
+            cleanedText: '',
+            potentialPopups: [],
+        };
+    }
+
+    return {
+        isTop: !isFramed,
+        origin: window.location.origin,
+        buttons: getButtonData(document.documentElement),
+        cleanedText: getDocumentText().slice(0, LIMIT_TEXT_LENGTH),
+        potentialPopups: collectPotentialPopups(isFramed),
+    };
 }
 
-collectPotentialPopups();
+scrapePage();