From c01ef50d899499e0cceb3af1bea41bad195921f6 Mon Sep 17 00:00:00 2001
From: Daniel Abib <daniel.abib@gmail.com>
Date: Mon, 1 Sep 2025 13:13:36 -0300
Subject: [PATCH 1/3] refactor(parser): Improve Transfer Family models with
 examples and descriptions

Enhances the Transfer Family parser models with field descriptions and examples using Pydantic's Field() functionality. This improvement provides better documentation and metadata for Transfer Family event parsing, following the pattern established in PR #7100.

All field descriptions are based on official AWS Transfer Family Lambda authorizer documentation and include realistic examples from actual test events.

Closes #7119
---
 .../parser/models/transfer_family.py          | 30 +++++++++++++++----
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/aws_lambda_powertools/utilities/parser/models/transfer_family.py b/aws_lambda_powertools/utilities/parser/models/transfer_family.py
index 62cb49479bd..d0a20a00a35 100644
--- a/aws_lambda_powertools/utilities/parser/models/transfer_family.py
+++ b/aws_lambda_powertools/utilities/parser/models/transfer_family.py
@@ -5,8 +5,28 @@
 
 
 class TransferFamilyAuthorizer(BaseModel):
-    username: str
-    password: Optional[str] = None
-    protocol: Literal["SFTP", "FTP", "FTPS"]
-    server_id: str = Field(..., alias="serverId")
-    source_ip: IPvAnyAddress = Field(..., alias="sourceIp")
+    username: str = Field(
+        description="The username of the user attempting to authenticate.",
+        examples=["bobusa", "john.doe", "sftp-user-123", "data-transfer-user"],
+    )
+    password: Optional[str] = Field(
+        default=None,
+        description="The password for authentication.",
+        examples=["mysecretpassword", "Password1234", "secure-pass", None],
+    )
+    protocol: Literal["SFTP", "FTP", "FTPS"] = Field(
+        description="The protocol used for the connection.",
+        examples=["SFTP", "FTPS", "FTP"],
+    )
+    server_id: str = Field(
+        ...,
+        alias="serverId",
+        description="The server ID of the Transfer Family server.",
+        examples=["s-abcd123456", "s-1234567890abcdef0", "s-example123"],
+    )
+    source_ip: IPvAnyAddress = Field(
+        ...,
+        alias="sourceIp",
+        description="The IP address of the client connecting to the Transfer Family server.",
+        examples=["192.168.0.100", "10.0.0.50", "127.0.0.1", "203.0.113.12"],
+    )

From 53fb4409ff56436c179bdbea627f8f11461f299f Mon Sep 17 00:00:00 2001
From: Daniel Abib <daniel.abib@gmail.com>
Date: Mon, 1 Sep 2025 13:18:16 -0300
Subject: [PATCH 2/3] security: fix password examples to avoid security
 hotspots

Replace specific password examples with placeholder format to resolve SonarQube security hotspots while maintaining documentation value.
---
 .../utilities/parser/models/transfer_family.py                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws_lambda_powertools/utilities/parser/models/transfer_family.py b/aws_lambda_powertools/utilities/parser/models/transfer_family.py
index d0a20a00a35..5ca5321d667 100644
--- a/aws_lambda_powertools/utilities/parser/models/transfer_family.py
+++ b/aws_lambda_powertools/utilities/parser/models/transfer_family.py
@@ -12,7 +12,7 @@ class TransferFamilyAuthorizer(BaseModel):
     password: Optional[str] = Field(
         default=None,
         description="The password for authentication.",
-        examples=["mysecretpassword", "Password1234", "secure-pass", None],
+        examples=["<password>", "<user-password>", None],
     )
     protocol: Literal["SFTP", "FTP", "FTPS"] = Field(
         description="The protocol used for the connection.",

From 88e5a10d91c649a5707e194e4857138aae413cb2 Mon Sep 17 00:00:00 2001
From: Daniel Abib <daniel.abib@gmail.com>
Date: Mon, 1 Sep 2025 13:25:02 -0300
Subject: [PATCH 3/3] security: remove IP address examples as requested

Remove IP address examples from source_ip field to avoid triggering security pipelines in customer environments as requested by leandrodamascena.
---
 aws_lambda_powertools/utilities/parser/models/transfer_family.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/aws_lambda_powertools/utilities/parser/models/transfer_family.py b/aws_lambda_powertools/utilities/parser/models/transfer_family.py
index 5ca5321d667..be23c29449f 100644
--- a/aws_lambda_powertools/utilities/parser/models/transfer_family.py
+++ b/aws_lambda_powertools/utilities/parser/models/transfer_family.py
@@ -28,5 +28,4 @@ class TransferFamilyAuthorizer(BaseModel):
         ...,
         alias="sourceIp",
         description="The IP address of the client connecting to the Transfer Family server.",
-        examples=["192.168.0.100", "10.0.0.50", "127.0.0.1", "203.0.113.12"],
     )