Performing S3 operations like CreateBucket, CopyObject, PutObject, etc. without specifying ExpectedBucketOwner or ExpectedSourceBucketOwner omits validation of bucket ownership. This could result in accidentally accessing the wrong bucket, such as using a test bucket in production. Setting the expected owner enables verifying the target bucket is owned by the intended account before access. Skipping this validation means S3 buckets may be used without certainty they belong to the expected owner.

Unvalidated S3 Bucket Ownership

S3 bucket operations without owner validation

Creating new AWS service clients within Lambda handler functions on each invocation introduces repetitive initialization overhead. This negatively impacts function performance, latency, and scalability. AWS clients should be initialized once and reused across invocations. Avoiding redundant client creation improves efficiency and availability in serverless applications.

Lambda Client Reuse

AWS client re-creation in Lambda handlers

Using deprecated Amazon Web Services (AWS) APIs and outdated client initialization in Go code can introduce security risks and quality issues. Initializing old S3 or Kinesis clients without proper configuration may leak credentials or have other security flaws. Calling unsupported APIs like GetRecords and ListObjects can lead to unexpected breaks when AWS fully retires those APIs. To improve quality and security, use the latest AWS SDK client initialization patterns and avoid APIs not currently recommended per the AWS documentation. This reduces technical debt and avoids known issues with outdated clients and APIs.

Not Recommended API Usage

Security risks and quality issues from deprecated AWS APIs and clients

Calling AWS API methods that return paginated results without properly handling pagination can lead to incomplete data. The full result set may span multiple pages, but only the first page is returned without pagination. Failing to retrieve all pages can cause data loss or inaccurate results. Pagination should be used to automatically handle page tokens and iterate through all response pages.

Missing Pagination

Missing pagination in paginated API calls

Q

Detector Library

Go detectors (45/45)

Tag: security-context

Unvalidated S3 Bucket Ownership

Lambda Client Reuse

Not Recommended API Usage

Missing Pagination