Security patch: Add json.loads on bytes and use errors = replace

[bitterpanda63]

Summary by Aikido

Security Issues: 0	Quality Issues: 0	Resolved Issues: 0

⚡ Enhancements

• Attempted JSON parsing on byte bodies and used replacement decoding.
• Changed path byte decoding to use utf-8 with replacement characters.
• Passed raw request body bytes to context instead of pre-decoding.

^{More info}

[aikido-pr-checks]

Empty except clause swallowing JSONDecodeError/ValueError during body parsing; log or handle the exception instead of using 'pass'.

Suggested change

	except (JSONDecodeError, ValueError):
	except (JSONDecodeError, ValueError) as e:
	# JSON parsing failed, will fall back to UTF-8 decoding
	logger.debug("Failed to parse body as JSON: %s", e)

Details

✨ AI Reasoning
​A new try/except was added around JSON parsing of the request body. The except clause catches JSONDecodeError and ValueError but contains only pass, silently swallowing parsing failures. Silently ignoring errors during body parsing can hide parsing issues and make debugging or security analysis harder, especially since this code manipulates user-controlled input. The try block attempts to json.loads bytes and then falls through to other decoding logic; swallowing errors with no logging or handling loses visibility into why parsing failed.

_{Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info}