Missing bucketname validation while using S3 ListObjectsV2 api

[nohack]

Confirm by changing [ ] to [x] below to ensure that it's a bug:

• [x ] I've gone though the API reference
• [ x] I've checked AWS Forums and StackOverflow for answers
• [ x] I've searched for previous similar issues and didn't find any solution

Describe the bug While invoking ListObjectsV2 api with an bucketname containing slashes, the api throws the below error

operation error S3: ListObjectsV2, https response error StatusCode: 403, RequestID: 6NFB6CNGTZ2WXBE7, HostID: tjAPBXva89ogQ6Xt6NwoeVB7a82L4Kc4+jYWaEqOfpf/GOQfLbhxcOtVp5S2E9QvAFGd/nSSMQ0=, api error SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your key and signing method.

Version of AWS SDK for Go? 1.8.0

Version of Go (go version)? go version go1.16.7 linux/amd64

To Reproduce (observed behavior) The code gist is here

Expected behavior Should throw an error stating Invalid Bucket Name as done in aws sdk for javascript as below.

InvalidBucket: Bucket names cannot contain forward slashes. Bucket: test/bucket
    at Request.validateBucketName (/.../workspace/pocs/aws-s3-listobjects/node_modules/aws-sdk/lib/services/s3.js:234:30)

Here is the source where error is thrown in javascript sdk.

Similarly can't we add a check here.

aws docs bucket naming reference. Am not sure if all the rules need to be validated but at least slash is sometimes mistaken to be part of the name due to the way s3 is accessed in many different ways and the error makes it even more confusing.

Additional context Is path encoding the reason for signature failure ? Its encoding the bucketname as below.For s3 as per the docs, the forward slashes should not be escaped ?

GET /test%2Fbucket?list-type=2 HTTP/1.1
Host: ......
User-Agent: aws-sdk-go-v2/1.8.0 os/linux lang/go/1.16.7 md/GOOS/linux md/GOARCH/amd64 api/s3/1.12.0

[KaibaLopez]

Hi @nohack , Thanks for bringing this up to us. I'll take a look.

[RanVaknin]

Hi @nohack ,

Sorry for the extremely late response. It seems like your thread fell between the cracks.

You getting a SignatureDoesNotMatch means that the signature calculated for your request did not match the actual request sent to the s3 API. It has nothing to do with the validation of the bucket name.

Here my code snippet with the right error from the s3 service:

func main() {
	cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion("us-east-1"), config.WithClientLogMode(aws.LogRequestWithBody|aws.LogResponseWithBody))
	if err != nil {
		panic(err)
	}

	client := s3.NewFromConfig(cfg)

	out, err := client.ListObjectsV2(context.Background(), &s3.ListObjectsV2Input{Bucket: aws.String(`foo-bar\baz`)})
	if err != nil {
		panic(err)
	}
	fmt.Println(len(out.Contents))
}

Response

panic: operation error S3: ListObjectsV2, https response error StatusCode: 400, RequestID: REDACTED, HostID: REDACTED, api error InvalidBucketName: The specified bucket is not valid.

In regards to the JS error code, the JS SDK team might have added some validation, but this might more of a feature request rather than a bug. I'd argue that the validation error coming from the server is pretty self explanatory.

Alas, if you think we need to add that validation, I suggest you create a feature request or even better - try to create a pull request adding that validation yourself, and I will discuss it with the team.

Thank you very much and again apologies for the long wait time. Ran~

[github-actions[bot]]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.