Response Validation

28 tests ensure response schema conformity, data leak prevention, and sensitive data filtering.

OpenAPI Response Schema

Responses are validated against schemas defined in OpenAPI. Only defined fields are allowed:

# openapi.yaml
paths:
  /users/{id}:
    get:
      responses:
        "200":
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserResponse'

components:
  schemas:
    UserResponse:
      type: object
      properties:
        id:
          type: string
        name:
          type: string
        email:
          type: string
      # password_hash, internal_id NOT defined = filtered!

RESP-001FILTERED

Extra fields removed from response

Backend Response

{
  "id": "123",
  "name": "John",
  "email": "john@example.com",
  "password_hash": "$2b$12$...",
  "internal_id": "int-987654"
}

Client Receives

{
  "id": "123",
  "name": "John",
  "email": "john@example.com"
}

Fields not defined in the response schema are automatically filtered. This prevents accidental data leaks.

RESP-005SANITIZED

Stack traces removed from error responses

Backend Error Response

{
  "error": "Database error",
  "stack": "at DB.connect (db.js:45)\n    at Service.get...",
  "query": "SELECT * FROM users WHERE id='123'"
}

Client Receives

{"error": "Internal server error"}

Stack traces and internal error details are replaced with generic messages.

RESP-010FILTERED

Internal IPs removed from responses

Backend Response

{"error": "Cannot connect to 10.0.1.45:5432"}

Client Receives

{"error": "Service temporarily unavailable"}

Internal IP addresses are detected and removed to prevent network topology disclosure.

RESP-015BLOCKED

Response schema violation detected

Backend Response

{"id": 123, "name": "John"}

Schema Expects

id: type: string (not integer)

Client Receives

HTTP/1.1 502 Bad Gateway

If the backend returns a response that violates the schema, a 502 error is returned instead.