AWS logo
Amazon QDetector Library

Inefficient Amazon S3 manual pagination Low

Manual pagination is inefficient and error prone. Use S3Objects.withPrefix() to lazily fetch the list of S3ObjectSummary, a page at a time, as needed. The size of the page can be controlled using withBatchSize(int).

Detector ID
java/amazon-s3-auto-paginated-with-prefix@v1.0
Category
Common Weakness Enumeration (CWE) external icon
-

Noncompliant example

1public void s3GetObjectsNoncompliant(AmazonS3 amazonS3Client, String bucketName) {
2    String continuationToken = null;
3    ListObjectsV2Request listObjectsV2Request = new ListObjectsV2Request().withBucketName(bucketName);
4    ListObjectsV2Result listObjectsV2Result;
5    do {
6        // Noncompliant: uses manual pagination.
7        listObjectsV2Result = amazonS3Client.listObjectsV2(listObjectsV2Request);
8        for (S3ObjectSummary objectSummary : listObjectsV2Result.getObjectSummaries()) {
9            System.out.printf(" - %s (size: %d)\n", objectSummary.getKey(), objectSummary.getSize());
10        }
11        continuationToken = listObjectsV2Result.getNextContinuationToken();
12        listObjectsV2Request.setContinuationToken(continuationToken);
13    } while (continuationToken != null);
14}

Compliant example

1public void s3GetObjectsCompliant(AmazonS3 amazonS3Client, String bucketName, String prefix) {
2    // Compliant: uses S3Objects.withPrefix() for pagination.
3    for (S3ObjectSummary objectSummary : S3Objects.withPrefix(amazonS3Client, bucketName, prefix)) {
4        System.out.printf(" - %s (size: %d)\n", objectSummary.getKey(), objectSummary.getSize());
5    }
6}