diff --git a/aws_lambda_powertools/event_handler/api_gateway.py b/aws_lambda_powertools/event_handler/api_gateway.py index 4263a5132a8..2231bc1b400 100644 --- a/aws_lambda_powertools/event_handler/api_gateway.py +++ b/aws_lambda_powertools/event_handler/api_gateway.py @@ -1979,11 +1979,14 @@ def _call_exception_handler(self, exp: Exception, route: Route) -> Optional[Resp exp = service_error if isinstance(exp, RequestValidationError): + # For security reasons, we hide msg details (don't leak Python, Pydantic or file names) + errors = [{"loc": e["loc"], "type": e["type"]} for e in exp.errors()] + return self._response_builder_class( response=Response( status_code=HTTPStatus.UNPROCESSABLE_ENTITY, content_type=content_types.APPLICATION_JSON, - body={"statusCode": HTTPStatus.UNPROCESSABLE_ENTITY, "message": exp.errors()}, + body={"statusCode": HTTPStatus.UNPROCESSABLE_ENTITY, "detail": errors}, ), serializer=self._serializer, route=route, diff --git a/tests/functional/event_handler/test_bedrock_agent.py b/tests/functional/event_handler/test_bedrock_agent.py index df9fb66afc8..266edd10de0 100644 --- a/tests/functional/event_handler/test_bedrock_agent.py +++ b/tests/functional/event_handler/test_bedrock_agent.py @@ -121,11 +121,11 @@ def claims() -> Dict[str, Any]: assert result["response"]["httpMethod"] == "GET" assert result["response"]["httpStatusCode"] == 422 - body = result["response"]["responseBody"]["application/json"]["body"] + body = json.loads(result["response"]["responseBody"]["application/json"]["body"]) if PYDANTIC_V2: - assert "should be a valid dictionary" in body + assert body["detail"][0]["type"] == "dict_type" else: - assert "value is not a valid dict" in body + assert body["detail"][0]["type"] == "type_error.dict" def test_bedrock_agent_event_with_exception():