Validate bucket name before processing any request

src/main/java/org/gaul/s3proxy/S3ProxyHandler.java

@@ -274,6 +274,18 @@ public class S3ProxyHandler {
         return blobStore.getContext().unwrap().getProviderMetadata().getId();
     }
 
+    private static boolean isValidContainer(String containerName) {
+        if (containerName == null ||
+                containerName.length() < 3 || containerName.length() > 255 ||
+                containerName.startsWith(".") || containerName.endsWith(".") ||
+                validateIpAddress(containerName) ||
+                !VALID_BUCKET_FIRST_CHAR.matches(containerName.charAt(0)) ||
+                !VALID_BUCKET.matchesAllOf(containerName)) {
+            return false;
+        }
+        return true;
+    }
+
     public final void doHandle(HttpServletRequest baseRequest,
             HttpServletRequest request, HttpServletResponse response,
             InputStream is) throws IOException, S3Exception {
@@ -547,6 +559,10 @@ public class S3ProxyHandler {
             }
         }
 
+        if (!uri.equals("/") && !isValidContainer(path[1])) {
+            throw new S3Exception(S3ErrorCode.INVALID_BUCKET_NAME);
+        }
+
         String uploadId = request.getParameter("uploadId");
         switch (method) {
         case "DELETE":
@@ -1096,13 +1112,6 @@ public class S3ProxyHandler {
         if (containerName.isEmpty()) {
             throw new S3Exception(S3ErrorCode.METHOD_NOT_ALLOWED);
         }
-        if (containerName.length() < 3 || containerName.length() > 255 ||
-                containerName.startsWith(".") || containerName.endsWith(".") ||
-                validateIpAddress(containerName) ||
-                !VALID_BUCKET_FIRST_CHAR.matches(containerName.charAt(0)) ||
-                !VALID_BUCKET.matchesAllOf(containerName)) {
-            throw new S3Exception(S3ErrorCode.INVALID_BUCKET_NAME);
-        }
 
         String contentLengthString = request.getHeader(
                 HttpHeaders.CONTENT_LENGTH);