Search code examples
phpaws-clishell-exec

AWS CLI command works on Bash, but not with PHP shell_exec()


I would like to trigger the following command:

aws route53 change-resource-record-sets --hosted-zone-id XXX
 --change-batch '{ "Comment": "2018-06-19-11:31", "Changes":
[ { "Action": "CREATE", "ResourceRecordSet": { "Name": "example.com",
"Type": "TXT", "TTL": 60, "ResourceRecords":
[ { "Value": "\"something\"" } ] } } ] }'

It works when I trigger it on bash, but not when I run it in PHP:

$json = trim(shell_exec($cmd_aws_submit));
// or:
$json = trim(shell_exec("{$cmd_aws_submit}"));

AWS expects, that the value ("\"something\"") for the TXT record is quoted. I tried to quote it like this:

$value = "\\\"" . $textvalue . "\\\"";
$value = "\"" . $textvalue . "\"";
$value = "\\'" . $textvalue . "\\'";
$value = "'" . $textvalue . "'";

None of it works, I always get the following error:

Error parsing parameter '--change-batch': Invalid JSON: Invalid \escape: line 12 column 23 (char 246) JSON received: { "Comment": "2018-06-19-11:54", "Changes": [ { "Action": "CREATE", "ResourceRecordSet": { "Name": "example.com", "Type": "TXT", "TTL": 60, "ResourceRecords": [ { "Value": "\"something\"" } ] } } ] }

With other aws UNQUOTED dns record values, PHP shell_exec() works perfectly.

If I trigger it on Bash, it works perfectly using "\"something\"" - why is it not working with PHP shell_exec()?


Solution

  • You should use the native escapeshellarg method to escape arguments you pass through to the command line. This will also protect you against argument injection attacks if you decide to include potentially unsafe data in your JSON string at some stage.

    $json = '{ "Comment": "2018-06-19-11:31", "Changes":
    [ { "Action": "CREATE", "ResourceRecordSet": { "Name": "example.com",
    "Type": "TXT", "TTL": 60, "ResourceRecords":
    [ { "Value": "\"something\"" } ] } } ] }';
    
    $command = "aws route53 change-resource-record-sets --hosted-zone-id XXX
     --change-batch " . escapeshellarg($json);
    
    $result = trim(shell_exec($command));
    

    You could also choose to build up the JSON string as an array then use json_encode() to construct your string for you.