From 8a1aad948bef90e548927a293250c77c0374e2f0 Mon Sep 17 00:00:00 2001 From: Maciej Pienczyn Date: Wed, 18 Mar 2026 11:25:18 +0100 Subject: [PATCH] fix(analytics): add bot detection to app.py session creation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The actual analytics code in app.py had no bot filtering — all sessions (including scanners, crawlers, empty UAs) were saved as is_bot=False. Added the same 25+ pattern bot filter that was in utils/analytics.py. Co-Authored-By: Claude Opus 4.6 (1M context) --- app.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/app.py b/app.py index 06de033..29dcbfd 100644 --- a/app.py +++ b/app.py @@ -453,12 +453,25 @@ def get_or_create_analytics_session(): browser_version = ua.browser.version_string os_name = ua.os.family os_version = ua.os.version_string + ua_lower = ua_string.lower() + is_bot = ua.is_bot or any(p in ua_lower for p in [ + 'curl/', 'python-requests', 'axios/', 'wget/', 'scrapy', + 'werkzeug', 'leakix', 'nuclei', 'masscan', 'zgrab', 'httpx', + 'googleassociationservice', 'censysinspect', 'paloaltonetworks', + 'cortex', 'netcraft', 'fasthttp', 'cms-checker', + 'wp-safe-scanner', 'notebooklm', 'ruby/', 'skypeuri', + 'com.apple.webkit', 'networkingextension', + 'oai-searchbot', 'gptbot', 'chatgpt-user', + ]) + if not ua_string.strip() or ua_string.strip() == 'Mozilla/5.0': + is_bot = True except Exception: device_type = 'desktop' browser = 'Unknown' browser_version = '' os_name = 'Unknown' os_version = '' + is_bot = False # GeoIP lookup country, city, region = None, None, None @@ -501,7 +514,8 @@ def get_or_create_analytics_session(): utm_medium=utm_medium, utm_campaign=utm_campaign, utm_term=utm_term, - utm_content=utm_content + utm_content=utm_content, + is_bot=is_bot, ) # PWA detection from cookie (set by JS in standalone mode) if request.cookies.get('pwa_mode') == '1':