Reputation: 15746
How to look for files that have an extra character at the end?
I have a strange situation. A group of folks asked me to look at their hacked Wordpress site. When I got in, I noticed there were extra files here and there that had an extra non-printable character at end. In Bash, it shows it as a \r.
Just next to these files with the weird character is the original file. I'm trying to locate all these suspicious files and delete them. But the correct Bash incantation is eluding me.
find . | grep -i \?
and
find . | grep -i '\r'
aren't working
How do I use bash to find them?
Upvotes: 0
Views: 84
Answers (4)
Reputation: 22291
shopt -s globstar # Enable **
shopt -s dotglob # Also cover hidden files
offending_files=(**/*$'\r')
should store into the array offending_files a list of all files which are compromised in that way. Of course you could also glob for **/*$'\r'*, which searches for all files having a carriage return anywhere in the name (not necessarily at the end).
You can then log the name of those broken files (which might make sense for auditing) and remove them.
Upvotes: 0
Reputation: 23864
if it a special character
Recursive look up
grep -ir $'\r'
# sample output
# empty line
Recursive look up + just print file name
grep -lir $'\r'
# sample output
file.txt
if it not a special character
You need to escape the backslash \ with a backslash so it becomes \\
Recursive look up
grep -ir '\\r$`
# sample output
file.txt:file.php\r
Recursive look up + just print file name
grep -lir '\\r$`
# sample output
file.txt
help:
-icase insensitive-rrecursive mode-lprint file name\escape another backslash$match the end$''the value is a special character e.g.\r,\t
Upvotes: 0
Reputation: 5241
Remove all files with filename ending in \r (carriage return), recursively, in current directory:
find . -type f -name $'*\r' -exec rm -fv {} +
- Use
ls -lhinstead of rm to view the file list without removing. - Use
rm -fvito prompt before each removal. -name GLOBspecifies a matching glob pattern forfind.$'\r'is bash syntax for C style escapes.- You said "non-printable character", but
lsindicates it's specifically a carriage return. The pattern'*[^[:graph:]'matches filenames ending in any non printable character, which may be relevant. - To remove all files and directories matching
$'*\r'and all contents recursively:find . -name $'*\r' -exec rm -rfv {} +.
Upvotes: 2
Reputation: 141493
You have to pass carriage return character literally to grep. Use ANSI-C quoting in Bash.
find . -name $'*\r'
find . | grep $'\r'
find . | sed '/\x0d/!d'
Upvotes: 0
Related Questions
- Find all files ending in extension in bash
- How to find a list of files that are of specific extension but do not contain certain characters in their file name?
- Checking the last character of a filename in bash
- bash find filenames with the same last four character
- In bash, how can I check if a file name begins with a certain string and ends with another?
- How to find all file has 4 characters in their name
- How to find files that contain two or more of a specific character?
- Finding files not ending with specific extensions
- Find character in file name bash
- Search for files with specific ending