Description
Reading https://github.com/astaxie/bat/blob/master/bat.go#L195-L204 bat attempts to parse stdin as JSON, and when it succeeds, the body content may be different to what was originally submitted. For example if that content has been previously used to calculate a signature such as HMAC-SHA1,
then the signature may no longer be valid.
In practice, when POSTing a file and adding its HMAC as a header, bat effectively appends 0x0a and it's possible that the final output JSON may be altered -- I haven't yet checked this but it could have different key/object order, or changed keys, as JSON allows repeated keys within objects.
I can understand if this is intended behaviour but it took a surprisingly long time to realise
this was the case, and track it down.
I'd propose that PoLA should apply for content from stdin and it not be altered, or at least, only if the -json=true flag has been specified.
Activity