Let S3Mock validate bucket names according to AWS rules

Author: afranken

CHANGELOG.md

@@ -166,7 +166,7 @@ Version 4.x is JDK17 LTS bytecode compatible, with Docker and JUnit / direct Jav
 Version 4.x is JDK17 LTS bytecode compatible, with Docker and JUnit / direct Java integration.
 
 * Features and fixes
-  * TBD
+  * Let S3Mock validate bucket names according to AWS rules
 * Refactorings
   * Let TaggingHeaderConverter convert XML tags
   * Let Spring convert StorageClass in postObject

server/src/main/java/com/adobe/testing/s3mock/service/BucketService.java

@@ -63,12 +63,23 @@
 import java.util.Objects;
 import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.regex.Pattern;
 import org.jspecify.annotations.Nullable;
 import software.amazon.awssdk.utils.http.SdkHttpUtils;
 
 public class BucketService {
   private final Map<String, String> listObjectsPagingStateCache = new ConcurrentHashMap<>();
   private final Map<String, String> listBucketsPagingStateCache = new ConcurrentHashMap<>();
+  // Validation patterns per S3 bucket naming rules
+  private static final Pattern ALLOWED_CHARS_AND_LENGTH =
+      Pattern.compile("^[a-z0-9.-]{3,63}$");
+  private static final Pattern STARTS_AND_ENDS_WITH_ALNUM =
+      Pattern.compile("^[a-z0-9].*[a-z0-9]$");
+  private static final Pattern ADJACENT_DOTS =
+      Pattern.compile("\\.\\.");
+  private static final Pattern IP_LIKE_FOUR_PARTS =
+      Pattern.compile("^(\\d{1,3}\\.){3}\\d{1,3}$");
+
   private final BucketStore bucketStore;
   private final ObjectStore objectStore;
 
@@ -498,12 +509,73 @@ public void verifyBucketObjectLockEnabled(String bucketName) {
   }
 
   /**
+   * Validates S3 bucket names according to the documented constraints.
    * <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html">API Reference Bucket Naming</a>.
    */
   public void verifyBucketNameIsAllowed(String bucketName) {
-    if (!bucketName.matches("[a-z0-9.-]+")) {
+    if (bucketName.isBlank()) {
+      throw INVALID_BUCKET_NAME;
+    }
+
+    // Allowed chars and length (3..63)
+    if (!ALLOWED_CHARS_AND_LENGTH.matcher(bucketName).matches()) {
+      throw INVALID_BUCKET_NAME;
+    }
+
+    // Must start and end with a letter or number
+    if (!STARTS_AND_ENDS_WITH_ALNUM.matcher(bucketName).matches()) {
+      throw INVALID_BUCKET_NAME;
+    }
+
+    // Must not contain two adjacent periods
+    if (ADJACENT_DOTS.matcher(bucketName).find()) {
+      throw INVALID_BUCKET_NAME;
+    }
+
+    // Must not be formatted as an IP address (e.g., 192.168.5.4)
+    if (IP_LIKE_FOUR_PARTS.matcher(bucketName).matches() && isValidIpv4(bucketName)) {
+      throw INVALID_BUCKET_NAME;
+    }
+
+    // Disallowed prefixes
+    if (bucketName.startsWith("xn--")) {
+      throw INVALID_BUCKET_NAME;
+    }
+    if (bucketName.startsWith("sthree-")) {
       throw INVALID_BUCKET_NAME;
     }
+    if (bucketName.startsWith("amzn-s3-demo-")) {
+      throw INVALID_BUCKET_NAME;
+    }
+  }
+
+  // Parses and validates IPv4 octets (0..255) to avoid false positives like 999.999.999.999
+  private static boolean isValidIpv4(String s) {
+    String[] parts = s.split("\\.");
+    if (parts.length != 4) {
+      return false;
+    }
+    for (String p : parts) {
+      if (p.isEmpty() || p.length() > 3) {
+        return false;
+      }
+      // Disallow leading plus/minus; Pattern already ensures digits only
+      int val;
+      try {
+        val = Integer.parseInt(p);
+      } catch (NumberFormatException e) {
+        return false;
+      }
+      if (val < 0 || val > 255) {
+        return false;
+      }
+      // Avoid leading zeros ambiguity like "01", but S3 only cares about "formatted as IP".
+      // If you prefer to allow "01", remove this check.
+      if (p.length() > 1 && p.startsWith("0")) {
+        return false;
+      }
+    }
+    return true;
   }
 
   public void verifyBucketIsEmpty(String bucketName) {

server/src/test/kotlin/com/adobe/testing/s3mock/service/BucketServiceTest.kt

@@ -221,6 +221,51 @@ internal class BucketServiceTest : ServiceTestBase() {
       .isEqualTo(S3Exception.INVALID_BUCKET_NAME)
   }
 
+  @Test
+  fun verifyBucketNameIsAllowed_multipleValid() {
+    val max63 = "a".repeat(63)
+    val samples = listOf(
+      "abc",
+      "a-b",
+      "a.b",
+      "my.bucket-name-1",
+      "n0dots-or-underscores", // hyphens and digits allowed
+      "a1b2c3",
+      "a.b.c",
+      "start1-end2",
+      max63
+    )
+    samples.forEach { name ->
+      iut.verifyBucketNameIsAllowed(name)
+    }
+  }
+
+  @Test
+  fun verifyBucketNameIsAllowed_multipleInvalid() {
+    val tooLong = "a".repeat(64)
+    val samples = listOf(
+      "",                 // blank
+      "a",                // too short
+      "ab",               // too short
+      "Aaa",              // uppercase not allowed
+      "abc_",             // underscore not allowed
+      "-abc",             // must start with alnum
+      ".abc",             // must start with alnum
+      "abc-",             // must end with alnum
+      "abc.",             // must end with alnum
+      "ab..cd",           // adjacent periods
+      "192.168.5.4",      // formatted as IPv4
+      "xn--punycode",     // forbidden prefix
+      "sthree-bucket",    // forbidden prefix
+      "amzn-s3-demo-foo", // forbidden prefix
+      tooLong             // > 63
+    )
+    samples.forEach { name ->
+      assertThatThrownBy { iut.verifyBucketNameIsAllowed(name) }
+        .isEqualTo(S3Exception.INVALID_BUCKET_NAME)
+    }
+  }
+
   @Test
   fun testVerifyBucketDoesNotExist_success() {
     val bucketName = "bucket"
@@ -632,6 +677,8 @@ internal class BucketServiceTest : ServiceTestBase() {
     assertThat(out.objectVersions()).isNotEmpty()
   }
 
+
+
   companion object {
     private const val TEST_BUCKET_NAME = "test-bucket"