WuYanBo
/
CodeReview
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
CodeReview/scripts/setup_security_tools.ps1

943 lines
29 KiB
PowerShell
Raw Permalink Normal View History

feat: 新增安全工具集成和漏洞知识库扩展 - 添加 Bandit 和 Safety 安全工具到依赖项 - 新增 CSRF、业务逻辑和开放重定向漏洞知识文档 - 实现安全工具一键安装脚本和文档 - 改进模式匹配工具支持直接文件扫描 - 增强遥测模块和 Agent 审计功能 - 修复验证节点中 findings 合并逻辑 - 优化前端 Agent 审计界面和状态展示
2025-12-13 12:35:03 +08:00
#Requires -Version 5.1
<#
.SYNOPSIS
DeepAudit 安全工具一键安装脚本 (Windows 增强版)
.DESCRIPTION
自动安装沙盒和外部安全扫描工具
- Python 工具: semgrep, bandit, safety
- 系统工具: gitleaks, osv-scanner, trufflehog
- Docker 沙盒镜像
特性:
- 多种安装方式自动回退
- 网络问题自动重试
- 详细的错误诊断
- 支持代理设置
- 虚拟环境兼容
.EXAMPLE
.\setup_security_tools.ps1
.\setup_security_tools.ps1 -InstallAll
.\setup_security_tools.ps1 -VerifyOnly
#>
[CmdletBinding()]
param(
[switch]$InstallAll,
[switch]$PythonOnly,
[switch]$SystemOnly,
[switch]$DockerOnly,
[switch]$VerifyOnly,
[switch]$IncludeOptional,
[switch]$Verbose,
[switch]$Help
)
# ============================================================
# 配置
# ============================================================
$ErrorActionPreference = "Continue"
$ProgressPreference = "SilentlyContinue"
# 版本配置
$GITLEAKS_VERSION = "8.18.4"
$OSV_SCANNER_VERSION = "1.8.3"
$TRUFFLEHOG_VERSION = "3.80.0"
# 重试配置
$MAX_RETRIES = 3
$RETRY_DELAY = 2
# 获取脚本目录
$ScriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
$ProjectRoot = Split-Path -Parent $ScriptDir
# 工具安装目录
$ToolsDir = "$env:LOCALAPPDATA\DeepAudit\tools"
# ============================================================
# 辅助函数
# ============================================================
function Write-ColorOutput {
param(
[string]$Message,
[string]$Type = "Info"
)
switch ($Type) {
"Success" { Write-Host "$Message" -ForegroundColor Green }
"Error" { Write-Host "$Message" -ForegroundColor Red }
"Warning" { Write-Host "! $Message" -ForegroundColor Yellow }
"Info" { Write-Host "$Message" -ForegroundColor Cyan }
"Debug" { if ($script:VerboseMode) { Write-Host " $Message" -ForegroundColor DarkGray } }
"Header" {
Write-Host ""
Write-Host "═══════════════════════════════════════════════════════════════" -ForegroundColor Blue
Write-Host " $Message" -ForegroundColor Blue
Write-Host "═══════════════════════════════════════════════════════════════" -ForegroundColor Blue
Write-Host ""
}
}
}
function Test-Command {
param([string]$Command)
$result = Get-Command -Name $Command -ErrorAction SilentlyContinue
return [bool]$result
}
function Test-AdminPrivilege {
$identity = [Security.Principal.WindowsIdentity]::GetCurrent()
$principal = New-Object Security.Principal.WindowsPrincipal($identity)
return $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
}
function Get-SystemArchitecture {
if ([Environment]::Is64BitOperatingSystem) {
return "x64"
}
return "x86"
}
# 带重试的下载函数
function Download-WithRetry {
param(
[string]$Url,
[string]$OutFile,
[string]$Description
)
for ($attempt = 1; $attempt -le $MAX_RETRIES; $attempt++) {
Write-ColorOutput "下载 $Description (尝试 $attempt/$MAX_RETRIES)..." "Info"
try {
# 设置 TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$webClient = New-Object System.Net.WebClient
# 支持代理
if ($env:HTTP_PROXY) {
$proxy = New-Object System.Net.WebProxy($env:HTTP_PROXY)
$webClient.Proxy = $proxy
}
$webClient.DownloadFile($Url, $OutFile)
Write-ColorOutput "$Description 下载成功" "Success"
return $true
}
catch {
Write-ColorOutput "下载失败: $_" "Warning"
if ($attempt -lt $MAX_RETRIES) {
Write-ColorOutput "${RETRY_DELAY}秒后重试..." "Info"
Start-Sleep -Seconds $RETRY_DELAY
}
}
}
Write-ColorOutput "$Description 下载失败 (已重试 $MAX_RETRIES 次)" "Error"
return $false
}
# 带重试的 pip 安装
function Install-PipPackageWithRetry {
param([string]$Package)
for ($attempt = 1; $attempt -le $MAX_RETRIES; $attempt++) {
Write-ColorOutput "安装 $Package (尝试 $attempt/$MAX_RETRIES)..." "Info"
try {
# 尝试常规安装
$result = & $script:PipCmd install $Package --quiet 2>&1
if ($LASTEXITCODE -eq 0) {
Write-ColorOutput "$Package 安装成功" "Success"
return $true
}
# 尝试 --user 安装
$result = & $script:PipCmd install $Package --user --quiet 2>&1
if ($LASTEXITCODE -eq 0) {
Write-ColorOutput "$Package 安装成功 (--user)" "Success"
return $true
}
# 第一次失败后尝试升级 pip
if ($attempt -eq 1) {
Write-ColorOutput "升级 pip 后重试..." "Debug"
& $script:PipCmd install --upgrade pip --quiet 2>&1 | Out-Null
}
}
catch {
Write-ColorOutput "安装错误: $_" "Debug"
}
Start-Sleep -Seconds $RETRY_DELAY
}
Write-ColorOutput "$Package 安装失败" "Error"
return $false
}
# 检测 Python 环境
function Detect-PythonEnvironment {
Write-ColorOutput "检测 Python 环境..." "Info"
$script:PythonCmd = $null
$script:PipCmd = $null
# 检查虚拟环境
if ($env:VIRTUAL_ENV) {
Write-ColorOutput "检测到虚拟环境: $env:VIRTUAL_ENV" "Info"
$script:PythonCmd = "python"
$script:PipCmd = "pip"
}
# 检查 python
elseif (Test-Command "python") {
$script:PythonCmd = "python"
# 检查是否是 Python 3
$version = & python --version 2>&1
if ($version -notmatch "Python 3") {
Write-ColorOutput "需要 Python 3.x当前: $version" "Warning"
}
if (Test-Command "pip") {
$script:PipCmd = "pip"
}
else {
$script:PipCmd = "python -m pip"
}
}
# 检查 python3
elseif (Test-Command "python3") {
$script:PythonCmd = "python3"
if (Test-Command "pip3") {
$script:PipCmd = "pip3"
}
else {
$script:PipCmd = "python3 -m pip"
}
}
else {
Write-ColorOutput "未找到 Python请先安装 Python 3.8+" "Error"
Write-ColorOutput "下载地址: https://www.python.org/downloads/" "Info"
return $false
}
# 验证
try {
$version = & $script:PythonCmd --version 2>&1
Write-ColorOutput "Python: $version" "Success"
# 确保 pip 可用
$pipVersion = & $script:PipCmd --version 2>&1
if ($LASTEXITCODE -ne 0) {
Write-ColorOutput "pip 不可用,尝试安装..." "Warning"
& $script:PythonCmd -m ensurepip --upgrade 2>&1 | Out-Null
}
return $true
}
catch {
Write-ColorOutput "Python 验证失败: $_" "Error"
return $false
}
}
# 添加到 PATH
function Add-ToPath {
param([string]$Directory)
# 当前会话
if ($env:PATH -notlike "*$Directory*") {
$env:PATH = "$Directory;$env:PATH"
}
# 持久化到用户 PATH
$userPath = [Environment]::GetEnvironmentVariable("PATH", "User")
if ($userPath -notlike "*$Directory*") {
[Environment]::SetEnvironmentVariable("PATH", "$Directory;$userPath", "User")
Write-ColorOutput "已添加 $Directory 到用户 PATH" "Debug"
}
}
# 确保工具目录存在
function Ensure-ToolsDirectory {
if (-not (Test-Path $ToolsDir)) {
New-Item -ItemType Directory -Path $ToolsDir -Force | Out-Null
Write-ColorOutput "创建工具目录: $ToolsDir" "Info"
}
Add-ToPath $ToolsDir
}
# ============================================================
# Python 工具安装
# ============================================================
function Install-PythonTools {
Write-ColorOutput "安装 Python 安全工具" "Header"
if (-not (Detect-PythonEnvironment)) {
return $false
}
$tools = @("bandit", "safety")
$failed = @()
$installed = @()
# Semgrep 单独处理
Write-ColorOutput "检查 semgrep..." "Info"
if (Test-Command "semgrep") {
$version = semgrep --version 2>&1 | Select-Object -First 1
Write-ColorOutput "semgrep 已安装: $version" "Success"
}
else {
if (Install-PipPackageWithRetry "semgrep") {
$installed += "semgrep"
}
else {
$failed += "semgrep"
Write-ColorOutput "semgrep pip 安装失败,可尝试其他方式" "Warning"
}
}
# 安装其他工具
foreach ($tool in $tools) {
Write-ColorOutput "检查 $tool..." "Info"
if (Test-Command $tool) {
Write-ColorOutput "$tool 已安装" "Success"
}
else {
if (Install-PipPackageWithRetry $tool) {
$installed += $tool
}
else {
$failed += $tool
}
}
}
# 可选: TruffleHog
if ($script:InstallOptional) {
if (-not (Test-Command "trufflehog")) {
Write-ColorOutput "安装 trufflehog..." "Info"
if (Install-PipPackageWithRetry "trufflehog") {
$installed += "trufflehog"
}
else {
$failed += "trufflehog"
}
}
}
# 报告结果
Write-Host ""
if ($installed.Count -gt 0) {
Write-ColorOutput "已安装: $($installed -join ', ')" "Success"
}
if ($failed.Count -gt 0) {
Write-ColorOutput "安装失败: $($failed -join ', ')" "Warning"
return $false
}
return $true
}
# ============================================================
# 系统工具安装
# ============================================================
function Install-SystemTools {
Write-ColorOutput "安装 Windows 系统工具" "Header"
Ensure-ToolsDirectory
$arch = Get-SystemArchitecture
$failed = @()
$installed = @()
# ---- Gitleaks ----
Write-ColorOutput "检查 gitleaks..." "Info"
if (Test-Command "gitleaks") {
Write-ColorOutput "gitleaks 已安装" "Success"
}
else {
if (Install-Gitleaks) {
$installed += "gitleaks"
}
else {
$failed += "gitleaks"
}
}
# ---- OSV-Scanner ----
Write-ColorOutput "检查 osv-scanner..." "Info"
if (Test-Command "osv-scanner") {
Write-ColorOutput "osv-scanner 已安装" "Success"
}
else {
if (Install-OsvScanner) {
$installed += "osv-scanner"
}
else {
$failed += "osv-scanner"
}
}
# ---- TruffleHog (可选) ----
if ($script:InstallOptional) {
if (-not (Test-Command "trufflehog")) {
Write-ColorOutput "安装 trufflehog (二进制)..." "Info"
if (Install-TruffleHog) {
$installed += "trufflehog"
}
}
}
# 报告结果
Write-Host ""
if ($installed.Count -gt 0) {
Write-ColorOutput "已安装: $($installed -join ', ')" "Success"
}
if ($failed.Count -gt 0) {
Write-ColorOutput "安装失败: $($failed -join ', ')" "Warning"
return $false
}
return $true
}
function Install-Gitleaks {
$arch = if ((Get-SystemArchitecture) -eq "x64") { "x64" } else { "x32" }
$url = "https://github.com/gitleaks/gitleaks/releases/download/v$GITLEAKS_VERSION/gitleaks_${GITLEAKS_VERSION}_windows_${arch}.zip"
$zipFile = "$env:TEMP\gitleaks.zip"
if (Download-WithRetry -Url $url -OutFile $zipFile -Description "Gitleaks") {
try {
Expand-Archive -Path $zipFile -DestinationPath $ToolsDir -Force
Remove-Item $zipFile -Force -ErrorAction SilentlyContinue
Write-ColorOutput "Gitleaks 安装成功" "Success"
return $true
}
catch {
Write-ColorOutput "Gitleaks 解压失败: $_" "Error"
}
}
return $false
}
function Install-OsvScanner {
$arch = if ((Get-SystemArchitecture) -eq "x64") { "amd64" } else { "386" }
$url = "https://github.com/google/osv-scanner/releases/download/v$OSV_SCANNER_VERSION/osv-scanner_windows_${arch}.exe"
$exeFile = "$ToolsDir\osv-scanner.exe"
if (Download-WithRetry -Url $url -OutFile $exeFile -Description "OSV-Scanner") {
Write-ColorOutput "OSV-Scanner 安装成功" "Success"
return $true
}
return $false
}
function Install-TruffleHog {
$arch = if ((Get-SystemArchitecture) -eq "x64") { "amd64" } else { "386" }
$url = "https://github.com/trufflesecurity/trufflehog/releases/download/v$TRUFFLEHOG_VERSION/trufflehog_${TRUFFLEHOG_VERSION}_windows_${arch}.tar.gz"
$tarFile = "$env:TEMP\trufflehog.tar.gz"
if (Download-WithRetry -Url $url -OutFile $tarFile -Description "TruffleHog") {
try {
# 使用 tar (Windows 10 1803+)
tar -xzf $tarFile -C $ToolsDir 2>$null
Remove-Item $tarFile -Force -ErrorAction SilentlyContinue
Write-ColorOutput "TruffleHog 安装成功" "Success"
return $true
}
catch {
Write-ColorOutput "TruffleHog 解压失败 (需要 Windows 10 1803+)" "Warning"
}
}
return $false
}
# ============================================================
# 包管理器安装 (备选)
# ============================================================
function Install-WithPackageManager {
Write-ColorOutput "使用包管理器安装工具" "Header"
$hasScoop = Test-Command "scoop"
$hasWinget = Test-Command "winget"
$hasChoco = Test-Command "choco"
if (-not ($hasScoop -or $hasWinget -or $hasChoco)) {
Write-ColorOutput "未检测到包管理器 (scoop/winget/chocolatey)" "Warning"
$response = Read-Host "是否自动安装 Scoop (推荐)? [Y/n]"
if ($response -ne 'n' -and $response -ne 'N') {
try {
Write-ColorOutput "安装 Scoop..." "Info"
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force
Invoke-RestMethod get.scoop.sh | Invoke-Expression
$hasScoop = $true
Write-ColorOutput "Scoop 安装成功" "Success"
}
catch {
Write-ColorOutput "Scoop 安装失败: $_" "Error"
return $false
}
}
else {
return $false
}
}
# 使用 Scoop
if ($hasScoop) {
Write-ColorOutput "使用 Scoop 安装工具..." "Info"
# 添加 bucket
scoop bucket add extras 2>$null
scoop bucket add main 2>$null
$scoopTools = @("gitleaks", "python")
foreach ($tool in $scoopTools) {
Write-ColorOutput "scoop install $tool..." "Info"
scoop install $tool 2>&1 | Out-Null
if (Test-Command $tool) {
Write-ColorOutput "$tool 安装成功" "Success"
}
}
}
# 使用 Winget
elseif ($hasWinget) {
Write-ColorOutput "使用 Winget 安装工具..." "Info"
winget install --id=Gitleaks.Gitleaks -e --silent 2>&1 | Out-Null
}
# 使用 Chocolatey
elseif ($hasChoco) {
Write-ColorOutput "使用 Chocolatey 安装工具..." "Info"
choco install gitleaks -y 2>&1 | Out-Null
}
return $true
}
# ============================================================
# Docker 沙盒安装
# ============================================================
function Install-DockerSandbox {
Write-ColorOutput "配置 Docker 沙盒" "Header"
# 检查 Docker
if (-not (Test-Command "docker")) {
Write-ColorOutput "Docker 未安装!" "Error"
Write-ColorOutput "请安装 Docker Desktop: https://www.docker.com/products/docker-desktop/" "Info"
return $false
}
# 检查 Docker 是否运行
$dockerInfo = docker info 2>&1
if ($LASTEXITCODE -ne 0) {
Write-ColorOutput "Docker 未运行!请启动 Docker Desktop" "Error"
# 尝试启动 Docker Desktop
Write-ColorOutput "尝试启动 Docker Desktop..." "Info"
Start-Process "C:\Program Files\Docker\Docker\Docker Desktop.exe" -ErrorAction SilentlyContinue
Write-ColorOutput "等待 Docker 启动 (最多 60 秒)..." "Info"
for ($i = 1; $i -le 12; $i++) {
Start-Sleep -Seconds 5
$dockerInfo = docker info 2>&1
if ($LASTEXITCODE -eq 0) {
Write-ColorOutput "Docker 已启动" "Success"
break
}
Write-Host "." -NoNewline
}
Write-Host ""
if ($LASTEXITCODE -ne 0) {
Write-ColorOutput "Docker 启动超时,请手动启动 Docker Desktop" "Error"
return $false
}
}
Write-ColorOutput "Docker 已运行" "Success"
# 构建沙盒镜像
$sandboxDir = Join-Path $ProjectRoot "docker\sandbox"
$dockerfile = Join-Path $sandboxDir "Dockerfile"
if (-not (Test-Path $dockerfile)) {
Write-ColorOutput "创建沙盒 Dockerfile..." "Info"
New-SandboxDockerfile -Path $sandboxDir
}
Write-ColorOutput "构建 DeepAudit 沙盒镜像..." "Info"
Push-Location $sandboxDir
try {
for ($attempt = 1; $attempt -le $MAX_RETRIES; $attempt++) {
Write-ColorOutput "构建镜像 (尝试 $attempt/$MAX_RETRIES)..." "Info"
docker build -t deepaudit-sandbox:latest -f Dockerfile . 2>&1
if ($LASTEXITCODE -eq 0) {
Write-ColorOutput "沙盒镜像构建成功: deepaudit-sandbox:latest" "Success"
# 验证
Write-ColorOutput "验证沙盒镜像..." "Info"
docker run --rm deepaudit-sandbox:latest python3 --version
Write-ColorOutput "Python 环境正常" "Success"
return $true
}
Write-ColorOutput "构建失败,重试..." "Warning"
Start-Sleep -Seconds $RETRY_DELAY
}
Write-ColorOutput "沙盒镜像构建失败" "Error"
return $false
}
finally {
Pop-Location
}
}
function New-SandboxDockerfile {
param([string]$Path)
if (-not (Test-Path $Path)) {
New-Item -ItemType Directory -Path $Path -Force | Out-Null
}
$dockerfileContent = @'
# DeepAudit 安全沙盒
FROM python:3.11-slim-bookworm
RUN apt-get update && apt-get install -y --no-install-recommends \
curl wget netcat-openbsd dnsutils iputils-ping ca-certificates git \
&& rm -rf /var/lib/apt/lists/*
RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
&& apt-get install -y nodejs \
&& rm -rf /var/lib/apt/lists/*
RUN groupadd -g 1000 sandbox \
&& useradd -u 1000 -g sandbox -m -s /bin/bash sandbox
RUN pip install --no-cache-dir \
requests httpx aiohttp beautifulsoup4 lxml \
pycryptodome paramiko pyjwt python-jose sqlparse
WORKDIR /workspace
RUN mkdir -p /workspace /tmp/sandbox \
&& chown -R sandbox:sandbox /workspace /tmp/sandbox
USER sandbox
ENV PYTHONDONTWRITEBYTECODE=1 PYTHONUNBUFFERED=1 HOME=/home/sandbox
CMD ["/bin/bash"]
'@
$dockerfilePath = Join-Path $Path "Dockerfile"
Set-Content -Path $dockerfilePath -Value $dockerfileContent -Encoding UTF8
Write-ColorOutput "已创建沙盒 Dockerfile" "Success"
}
# ============================================================
# 验证安装
# ============================================================
function Test-Installation {
Write-ColorOutput "验证安装结果" "Header"
$tools = @(
@{ Name = "semgrep"; Desc = "Semgrep 静态分析" },
@{ Name = "bandit"; Desc = "Bandit Python安全" },
@{ Name = "safety"; Desc = "Safety 依赖漏洞" },
@{ Name = "gitleaks"; Desc = "Gitleaks 密钥检测" },
@{ Name = "osv-scanner"; Desc = "OSV-Scanner 漏洞" },
@{ Name = "trufflehog"; Desc = "TruffleHog 密钥" },
@{ Name = "npm"; Desc = "NPM Audit" },
@{ Name = "docker"; Desc = "Docker" }
)
$installed = 0
$total = $tools.Count
Write-Host ""
Write-Host ("{0,-18} {1,-12} {2,-30}" -f "工具", "状态", "版本")
Write-Host ("" * 60)
foreach ($tool in $tools) {
$name = $tool.Name
if (Test-Command $name) {
$version = ""
try {
switch ($name) {
"semgrep" { $version = (semgrep --version 2>&1 | Select-Object -First 1) }
"bandit" { $version = (bandit --version 2>&1 | Select-Object -First 1) }
"safety" { $version = (safety --version 2>&1 | Select-Object -First 1) }
"gitleaks" { $version = (gitleaks version 2>&1 | Select-Object -First 1) }
"osv-scanner" { $version = (osv-scanner --version 2>&1 | Select-Object -First 1) }
"trufflehog" { $version = (trufflehog --version 2>&1 | Select-Object -First 1) }
"npm" { $version = (npm --version 2>&1) }
"docker" { $version = ((docker --version 2>&1) -split ' ')[2] }
}
$version = $version.ToString().Substring(0, [Math]::Min(28, $version.Length))
}
catch {
$version = "已安装"
}
Write-Host ("{0,-18} " -f $name) -NoNewline
Write-Host ("{0,-12} " -f "已安装") -ForegroundColor Green -NoNewline
Write-Host $version
$installed++
}
else {
Write-Host ("{0,-18} " -f $name) -NoNewline
Write-Host ("{0,-12} " -f "未安装") -ForegroundColor Yellow -NoNewline
Write-Host "-"
}
}
Write-Host ("" * 60)
Write-Host ""
# Docker 沙盒检查
if (Test-Command "docker") {
$imageExists = docker image inspect deepaudit-sandbox:latest 2>&1
if ($LASTEXITCODE -eq 0) {
Write-ColorOutput "Docker 沙盒镜像: deepaudit-sandbox:latest ✓" "Success"
}
else {
Write-ColorOutput "Docker 沙盒镜像未构建" "Warning"
}
}
Write-Host ""
Write-ColorOutput "安装统计: $installed/$total 个工具可用" "Info"
# PATH 提示
if ($env:PATH -notlike "*$ToolsDir*") {
Write-ColorOutput "请重启终端使 PATH 生效" "Warning"
}
if ($installed -ge 5) {
Write-ColorOutput "核心安全工具已就绪!" "Success"
return $true
}
else {
Write-ColorOutput "部分工具未安装,某些功能可能受限" "Warning"
return $false
}
}
# ============================================================
# 更新环境配置
# ============================================================
function Update-EnvConfig {
Write-ColorOutput "更新环境配置" "Header"
$envFile = Join-Path $ProjectRoot "backend\.env"
if (-not (Test-Path $envFile)) {
Write-ColorOutput ".env 文件不存在,跳过配置更新" "Warning"
return
}
$envContent = Get-Content $envFile -Raw -ErrorAction SilentlyContinue
if ($envContent -match "SANDBOX_IMAGE") {
Write-ColorOutput "沙盒配置已存在于 .env 文件中" "Info"
}
else {
Write-ColorOutput "添加沙盒配置到 .env 文件..." "Info"
$sandboxConfig = @"
# =============================================
# 沙盒配置 (自动添加)
# =============================================
SANDBOX_IMAGE=deepaudit-sandbox:latest
SANDBOX_MEMORY_LIMIT=512m
SANDBOX_CPU_LIMIT=1.0
SANDBOX_TIMEOUT=60
SANDBOX_NETWORK_MODE=none
"@
Add-Content -Path $envFile -Value $sandboxConfig
Write-ColorOutput "沙盒配置已添加到 .env" "Success"
}
}
# ============================================================
# 显示帮助
# ============================================================
function Show-Help {
Write-Host @"
DeepAudit 安全工具一键安装脚本 (Windows 增强版)
用法:
.\setup_security_tools.ps1 [选项]
选项:
-InstallAll 全部安装 (推荐)
-PythonOnly 仅安装 Python 工具 (pip)
-SystemOnly 仅安装系统工具 (二进制)
-DockerOnly 仅构建 Docker 沙盒
-VerifyOnly 仅验证安装状态
-IncludeOptional 包含可选工具 (TruffleHog)
-Verbose 显示详细输出
-Help 显示帮助信息
示例:
.\setup_security_tools.ps1 # 交互式安装
.\setup_security_tools.ps1 -InstallAll # 自动全部安装
.\setup_security_tools.ps1 -InstallAll -IncludeOptional # 全部 + 可选
.\setup_security_tools.ps1 -VerifyOnly # 仅检查状态
"@
}
# ============================================================
# 显示菜单
# ============================================================
function Show-Menu {
Write-Host ""
Write-Host "╔═══════════════════════════════════════════════════════════════╗" -ForegroundColor Blue
Write-Host "║ ║" -ForegroundColor Blue
Write-Host "║ 🔐 DeepAudit 安全工具一键安装脚本 (Windows 增强版) ║" -ForegroundColor Blue
Write-Host "║ ║" -ForegroundColor Blue
Write-Host "╚═══════════════════════════════════════════════════════════════╝" -ForegroundColor Blue
Write-Host ""
Write-Host "请选择要安装的组件:"
Write-Host " 1) 全部安装 (推荐)"
Write-Host " 2) 仅 Python 工具 (pip)"
Write-Host " 3) 仅系统工具 (二进制下载)"
Write-Host " 4) 使用包管理器安装 (Scoop/Winget)"
Write-Host " 5) 仅 Docker 沙盒"
Write-Host " 6) 仅验证安装状态"
Write-Host " 7) 退出"
Write-Host ""
$choice = Read-Host "请输入选项 [1-7]"
return $choice
}
# ============================================================
# 主函数
# ============================================================
function Main {
# 设置全局变量
$script:VerboseMode = $Verbose
$script:InstallOptional = $IncludeOptional
# 处理命令行参数
if ($Help) {
Show-Help
return
}
if ($VerifyOnly) {
Test-Installation
return
}
if ($InstallAll) {
Install-PythonTools
Install-SystemTools
Install-DockerSandbox
Update-EnvConfig
Test-Installation
return
}
if ($PythonOnly) {
Install-PythonTools
Test-Installation
return
}
if ($SystemOnly) {
Install-SystemTools
Test-Installation
return
}
if ($DockerOnly) {
Install-DockerSandbox
Update-EnvConfig
Test-Installation
return
}
# 交互式模式
$choice = Show-Menu
switch ($choice) {
"1" {
Install-PythonTools
Install-SystemTools
Install-DockerSandbox
Update-EnvConfig
Test-Installation
}
"2" {
Install-PythonTools
Test-Installation
}
"3" {
Install-SystemTools
Test-Installation
}
"4" {
Install-WithPackageManager
Test-Installation
}
"5" {
Install-DockerSandbox
Update-EnvConfig
Test-Installation
}
"6" {
Test-Installation
}
"7" {
Write-Host "退出"
return
}
default {
Write-ColorOutput "无效选项" "Error"
return
}
}
Write-ColorOutput "安装完成" "Header"
Write-Host ""
Write-Host "下一步操作:"
Write-Host " 1. 重启终端使 PATH 生效"
Write-Host " 2. 启动后端: cd backend && uvicorn app.main:app --reload"
Write-Host " 3. 在 Agent 审计中测试工具"
Write-Host ""
}
# 运行主函数
Main