SecureCode-AI/data_ingestion.py at main · JunYong0218/SecureCode-AI · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
import os
import requests

# 設定存放知識庫的資料夾名稱
KB_FOLDER = "knowledge_base"

# 設定要下載的資料來源
# 1. OWASP Top 10 2021 (最穩定的標準 Web 漏洞定義)
OWASP_2021_BASE_URL = "https://raw.githubusercontent.com/OWASP/Top10/master/2021/docs/zh-TW/"
OWASP_2025_BASE_URL = "https://raw.githubusercontent.com/OWASP/Top10/master/2025/docs/en/"
OWASP_2021_FILES = [
    "A01_2021-Broken_Access_Control.md",
    "A02_2021-Cryptographic_Failures.md",
    "A03_2021-Injection.md",  # 這是你要偵測 SQL Injection 的關鍵
    "A04_2021-Insecure_Design.md",
    "A05_2021-Security_Misconfiguration.md",
    "A06_2021-Vulnerable_and_Outdated_Components.md",
    "A07_2021-Identification_and_Authentication_Failures.md",
    "A08_2021-Software_and_Data_Integrity_Failures.md",
    "A09_2021-Security_Logging_and_Monitoring_Failures.md",
    "A10_2021-Server-Side_Request_Forgery_SSRF.md"
]
OWASP_2025_FILES = [
    "A01_2025-Broken_Access_Control.md",
    "A02_2025-Security_Misconfiguration.md",
    "A03_2025-Software_Supply_Chain_Failures.md",
    "A04_2025-Cryptographic_Failures.md",
    "A05_2025-Injection.md",
    "A06_2025-Insecure_Design.md",
    "A07_2025-Authentication_Failures.md",
    "A08_2025-Software_or_Data_Integrity_Failures.md",
    "A09_2025-Security_Logging_and_Alerting_Failures.md",
    "A10_2025-Mishandling_of_Exceptional_Conditions.md"
]

def create_directory():
    """如果資料夾不存在，就建立它"""
    if not os.path.exists(KB_FOLDER):
        os.makedirs(KB_FOLDER)
        print(f"✅ 已建立資料夾: {KB_FOLDER}")
    else:
        print(f"ℹ️ 資料夾已存在: {KB_FOLDER}")

def download_file(url, save_name):
    """通用的下載函式"""
    try:
        response = requests.get(url)
        response.raise_for_status()  # 檢查請求是否成功

        # 組合完整的儲存路徑
        file_path = os.path.join(KB_FOLDER, save_name)

        with open(file_path, "w", encoding="utf-8") as f:
            f.write(response.text)
        print(f"⬇️ 下載成功: {save_name}")

    except requests.exceptions.RequestException as e:
        print(f"❌ 下載失敗 {save_name}: {e}")

def main():
    print("🚀 開始準備資安知識庫...")

    # 1. 建立資料夾
    create_directory()

    # 2. 下載 OWASP Top 10 2021
    print("\n正在下載 OWASP Top 10 2021 (標準 Web 漏洞)...")
    for file_name in OWASP_2021_FILES:
        download_file(OWASP_2021_BASE_URL + file_name, file_name)

    for file_name in OWASP_2025_FILES:
        download_file(OWASP_2025_BASE_URL + file_name, file_name)

    print("\n✨ 所有資料下載完成！請檢查 'knowledge_base' 資料夾。")

if __name__ == "__main__":
    main()