Avoid leaking system details in 500 error message

Author: stevebux

lambdas/api-handler/src/mappers/__tests__/error-mapper.test.ts

@@ -49,7 +49,7 @@ describe("mapErrorToResponse", () => {
   });
 
   it("should map generic Error to InternalServerError response", () => {
-    const err = new Error("Something broke");
+    const err = new Error("Low level error message");
 
     const res = mapErrorToResponse(err, 'correlationId', { info: jest.fn(), error: jest.fn() } as unknown as Logger);
 
@@ -58,7 +58,7 @@ describe("mapErrorToResponse", () => {
       "errors": [
         {
           "code": "NOTIFY_INTERNAL_SERVER_ERROR",
-          "detail": "Something broke",
+          "detail": "Unexpected error",
           "id": "correlationId",
           "links": {
             "about": "https://digital.nhs.uk/developer/api-catalogue/nhs-notify-supplier"

lambdas/api-handler/src/mappers/error-mapper.ts

@@ -15,9 +15,6 @@ export function mapErrorToResponse(error: unknown, correlationId: string | undef
   } else if (error instanceof NotFoundError) {
     logger.info({ err: error }, `Not found error correlationId=${correlationId}`);
     return buildResponseFromErrorCode(ApiErrorCode.NotFound, error.detail, correlationId);
-  } else if (error instanceof Error) {
-    logger.error({ err: error }, `Internal server error correlationId=${correlationId}`);
-    return buildResponseFromErrorCode(ApiErrorCode.InternalServerError, error.message, correlationId);
   } else {
     logger.error({ err: error }, `Internal server error (non-Error thrown) correlationId=${correlationId}`);
     return buildResponseFromErrorCode(ApiErrorCode.InternalServerError, "Unexpected error", correlationId);