Acknowledgements
Describe the bug
The S3 service model does not validate empty bucket names, which allows invalid input ("") to pass through SDK validation layers.
This can lead to runtime issues in SDK logic that assumes a non-empty bucket name. For example, in the Go SDK, this results in a panic in dnsCompatibleBucketName due to direct string indexing (bucket[0]).
Regression Issue
Expected Behavior
- Empty string bucket is rejected early with clear errors
- No reliance on downstream defensive checks
- Invalid input should result in a proper validation error instead of panic
Current Behavior
Currently, the generated validation only checks whether the Bucket field is nil, but does not reject empty string values:
Bucket == nil → validation errorBucket == "" → passes validation (unexpected)
This allows invalid input to propagate into downstream logic. This results in a panic in dnsCompatibleBucketName due to direct string indexing (bucket[0]).
func dnsCompatibleBucketName(bucket string) bool {
if strings.Contains(bucket, "..") {
return false
}
// checks for `^[a-z0-9][a-z0-9\.\-]{1,61}[a-z0-9]$` domain mapping
if !((bucket[0] > 96 && bucket[0] < 123) || (bucket[0] > 47 && bucket[0] < 58)) {
return false
}Reproduction Steps
Calling PutObject with an empty bucket name:
_, err := client.PutObject(ctx, &s3.PutObjectInput{
Bucket: aws.String(""),
Key: aws.String("test.txt"),
Body: strings.NewReader("data"),
})
Possible Solution
I raised a PR to address this issue in dnsCompatibleBucketName by safely handling empty input and preventing the panic. However, I guess this still needs to be addressed at the S3 service model level to ensure proper validation across all SDKs.
Additional Information/Context
No response
AWS Go SDK V2 Module Versions Used
github.com/aws/aws-sdk-go-v2 v1.41.5
github.com/aws/aws-sdk-go-v2/config v1.32.14
github.com/aws/aws-sdk-go-v2/service/s3 v1.99.0
Compiler and Version used
go1.24.0 darwin/arm64
Operating System and version
macOS Tahoe Version 26.3
Acknowledgements
go get -u github.com/aws/aws-sdk-go-v2/...)Describe the bug
The S3 service model does not validate empty bucket names, which allows invalid input (
"") to pass through SDK validation layers.This can lead to runtime issues in SDK logic that assumes a non-empty bucket name. For example, in the Go SDK, this results in a panic in
dnsCompatibleBucketNamedue to direct string indexing (bucket[0]).Regression Issue
Expected Behavior
Current Behavior
Currently, the generated validation only checks whether the
Bucketfield isnil, but does not reject empty string values:Bucket == nil→ validation errorBucket == ""→ passes validation (unexpected)This allows invalid input to propagate into downstream logic. This results in a panic in
dnsCompatibleBucketNamedue to direct string indexing (bucket[0]).Reproduction Steps
Calling
PutObjectwith an empty bucket name:Possible Solution
I raised a PR to address this issue in
dnsCompatibleBucketNameby safely handling empty input and preventing the panic. However, I guess this still needs to be addressed at the S3 service model level to ensure proper validation across all SDKs.Additional Information/Context
No response
AWS Go SDK V2 Module Versions Used
Compiler and Version used
go1.24.0 darwin/arm64
Operating System and version
macOS Tahoe Version 26.3