Bug: the validation failure response might expose too much data

[rubenfonseca]

Expected Behaviour

Only the necessary data to be returned, including the name of the field that failed validation and the kind of error.

Current Behaviour

When a data validation error occurs, we can expose data that might not be wanted. This includes class names, file names, or simply the fact that pydantic and python is being used.

Code snippet

app = APIGatewayHttpResolver()

@app.get("/claims")
def claims() -> Dict[str, Any]:
    return "oh no, this is not a dict"  # type: ignore

Possible Solution

Return a subset of the information, while still allowing the customer to customize the payload using the global exception handler

Steps to Reproduce

Use the snippet above, and see the returned message when the API call is invoked.

Powertools for AWS Lambda (Python) version

latest

AWS Lambda function runtime

3.7

Packaging format used

PyPi

Debugging logs

No response

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

This issue is now closed. Please be mindful that future comments are hard for our team to see.

If you need more assistance, please either tag a team member or open a new issue that references this one.

If you wish to keep having a conversation with other community members under this issue feel free to do so.

[github-actions]

This is now released under 2.28.0 version!