Unchecked S3 object metadata content length High

Uploading an object of type stream to Amazon S3 without setting the content length of the object will cause the entire contents of the input stream to be buffered locally in memory so that the content length can be calculated. This might result in negative performance problems.

Detector ID
java/s3-object-metadata-content-length-check@v1.0
Category

Noncompliant example

1public void s3PutOjectFromStreamNoncompliant(AmazonS3 s3Client, File inputFile) throws FileNotFoundException {
2    String s3Bucket = "sample-bucket";
3    FileInputStream inputStream = null;
4    try {
5        inputStream = new FileInputStream(inputFile);
6        ObjectMetadata metadata = new ObjectMetadata();
7        // Noncompliant: puts object from stream without specifying the content length of the stream.
8        s3Client.putObject(s3Bucket, inputFile.getName(), inputStream, metadata);
9    } finally {
10        IOUtils.closeQuietly(inputStream, null);
11    }
12}

Compliant example

1public void s3PutOjectFromStreamCompliant(AmazonS3 s3Client, File inputFile) throws FileNotFoundException {
2    String s3Bucket = "sample-bucket";
3    FileInputStream inputStream = null;
4    try {
5        inputStream = new FileInputStream(inputFile);
6        ObjectMetadata metadata = new ObjectMetadata();
7        // Compliant: specifies the content length of the stream.
8        metadata.setContentLength(inputFile.length());
9        s3Client.putObject(s3Bucket, inputFile.getName(), inputStream, metadata);
10    } finally {
11        IOUtils.closeQuietly(inputStream, null);
12    }
13}