fix(event_handler): hide error details by default (#3406)

fix(event_handler): hide error details by default

aws_lambda_powertools/event_handler/api_gateway.py

@@ -1979,11 +1979,14 @@ def _call_exception_handler(self, exp: Exception, route: Route) -> Optional[Resp
                 exp = service_error
 
         if isinstance(exp, RequestValidationError):
+            # For security reasons, we hide msg details (don't leak Python, Pydantic or file names)
+            errors = [{"loc": e["loc"], "type": e["type"]} for e in exp.errors()]
+
             return self._response_builder_class(
                 response=Response(
                     status_code=HTTPStatus.UNPROCESSABLE_ENTITY,
                     content_type=content_types.APPLICATION_JSON,
-                    body={"statusCode": HTTPStatus.UNPROCESSABLE_ENTITY, "message": exp.errors()},
+                    body={"statusCode": HTTPStatus.UNPROCESSABLE_ENTITY, "detail": errors},
                 ),
                 serializer=self._serializer,
                 route=route,

tests/functional/event_handler/test_bedrock_agent.py

@@ -121,11 +121,11 @@ def claims() -> Dict[str, Any]:
     assert result["response"]["httpMethod"] == "GET"
     assert result["response"]["httpStatusCode"] == 422
 
-    body = result["response"]["responseBody"]["application/json"]["body"]
+    body = json.loads(result["response"]["responseBody"]["application/json"]["body"])
     if PYDANTIC_V2:
-        assert "should be a valid dictionary" in body
+        assert body["detail"][0]["type"] == "dict_type"
     else:
-        assert "value is not a valid dict" in body
+        assert body["detail"][0]["type"] == "type_error.dict"
 
 
 def test_bedrock_agent_event_with_exception():