Use of single quotes causes unexpected behaviour in bigip_command

[alex-harvey-z3q]

Environment

• TMOS/Bigip Version: n/a
• Terraform Version: 1.9.3
• Terraform bigip provider Version: master branch

Summary

Use of single quotes in the bigip_command resource cause unexpected behaviour. For example:

resource "bigip_command" "hello-world" {
  commands = ["bash -c 'echo hello world'"]
}

output "tmsh-test-result" {
  description = "Test"
  value       = bigip_command.hello-world.command_result
}

Steps To Reproduce

resource "bigip_command" "hello-world" {
  commands = ["bash -c 'echo hello world'"]
}

output "tmsh-test-result" {
  description = "Test"
  value       = bigip_command.hello-world.command_result
}

Expected Behavior

The result should contain hello world.

Actual Behavior

The result is an empty string.

[alex-harvey-z3q]

The root cause appears to be unsafe quoting here

terraform-provider-bigip/bigip/resource_bigip_command.go

Line 64 in d1eabd0

commandList = append(commandList, fmt.Sprintf("-c 'tmsh %s'", cmd.(string)))

The possibility that the string itself contains a single quote does not appear to be handled leading to our issue.

[alex-harvey-z3q]

I assume that if the input contained only 1 single quote you'd end up with a syntax error but I haven't tested.

[pgouband]

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1675.