=========================================
CVE-2026-34752 Variant Testing
=========================================

=== VARIANT 1: Original __proto__ (should fail on fixed version) ===

[PHASE 1] Testing against VULNERABLE version (1.2.0)...
Running vulnerability confirmation test on v1.2.0...
[+] Testing __proto__ against vulnerable version (1.2.0)...
[!] EXPECTED CRASH - Vulnerability confirmed in v1.2.0
[!] Error: this.headers[key][method] is not a function
  [!] Vulnerability NOT confirmed on v1.2.0 (unexpected)

=== VARIANT 2: __PROTO__ (uppercase) ===

[PHASE 2] Testing against FIXED version (1.3.2)...
Running test 1: __proto__ on fixed version...
Using iconv-lite only. To support rare encodings: npm install iconv
[+] Testing __proto__ against fixed version (1.3.2)...
[✓] Fixed version handled __proto__ safely
  [✓] Variant 1 (original) - No crash on fixed version

Running test 2: __PROTO__ (uppercase) on fixed version...
Using iconv-lite only. To support rare encodings: npm install iconv
[+] Testing __PROTO__ (uppercase) against fixed version (1.3.2)...
[✓] Fixed version handled __PROTO__ safely (keys are lowercased)
  [✓] Variant 2 (uppercase) - No crash on fixed version

Running test 3: constructor on fixed version...
Using iconv-lite only. To support rare encodings: npm install iconv
[+] Testing constructor against fixed version (1.3.2)...
[✓] Fixed version handled constructor safely
  [✓] Variant 3 (constructor) - No crash on fixed version

Running test 4: prototype on fixed version...
Using iconv-lite only. To support rare encodings: npm install iconv
[+] Testing prototype against fixed version (1.3.2)...
[✓] Fixed version handled prototype safely
  [✓] Variant 4 (prototype) - No crash on fixed version

Running test 5: add() method with __proto__ on fixed version...
Using iconv-lite only. To support rare encodings: npm install iconv
[+] Testing add() method with __proto__ against fixed version (1.3.2)...
[✓] Fixed version handled add() with __proto__ safely
  [✓] Variant 5 (add method) - No crash on fixed version

=========================================
Variant Test Summary
=========================================
Vulnerability confirmed on 1.2.0: 0
Variant 1 (__proto__): 1 (1=pass, 0=fail)
Variant 2 (__PROTO__): 1 (1=pass, 0=fail)
Variant 3 (constructor): 1 (1=pass, 0=fail)
Variant 4 (prototype): 1 (1=pass, 0=fail)
Variant 5 (add method): 1 (1=pass, 0=fail)

[✓] No bypass found. Fix appears complete.
=========================================
CVE-2026-34752 Variant Testing
=========================================

=== VARIANT 1: Original __proto__ (should fail on fixed version) ===

[PHASE 1] Testing against VULNERABLE version (1.2.0)...
Running vulnerability confirmation test on v1.2.0...
[+] Testing __proto__ against vulnerable version (1.2.0)...
[!] EXPECTED CRASH - Vulnerability confirmed in v1.2.0
[!] Error: this.headers[key][method] is not a function
  [!] Vulnerability NOT confirmed on v1.2.0 (unexpected)

=== VARIANT 2: __PROTO__ (uppercase) ===

[PHASE 2] Testing against FIXED version (1.3.2)...
Running test 1: __proto__ on fixed version...
Using iconv-lite only. To support rare encodings: npm install iconv
[+] Testing __proto__ against fixed version (1.3.2)...
[✓] Fixed version handled __proto__ safely
  [✓] Variant 1 (original) - No crash on fixed version

Running test 2: __PROTO__ (uppercase) on fixed version...
Using iconv-lite only. To support rare encodings: npm install iconv
[+] Testing __PROTO__ (uppercase) against fixed version (1.3.2)...
[✓] Fixed version handled __PROTO__ safely (keys are lowercased)
  [✓] Variant 2 (uppercase) - No crash on fixed version

Running test 3: constructor on fixed version...
Using iconv-lite only. To support rare encodings: npm install iconv
[+] Testing constructor against fixed version (1.3.2)...
[✓] Fixed version handled constructor safely
  [✓] Variant 3 (constructor) - No crash on fixed version

Running test 4: prototype on fixed version...
Using iconv-lite only. To support rare encodings: npm install iconv
[+] Testing prototype against fixed version (1.3.2)...
[✓] Fixed version handled prototype safely
  [✓] Variant 4 (prototype) - No crash on fixed version

Running test 5: add() method with __proto__ on fixed version...
Using iconv-lite only. To support rare encodings: npm install iconv
[+] Testing add() method with __proto__ against fixed version (1.3.2)...
[✓] Fixed version handled add() with __proto__ safely
  [✓] Variant 5 (add method) - No crash on fixed version

=========================================
Variant Test Summary
=========================================
Vulnerability confirmed on 1.2.0: 0
Variant 1 (__proto__): 1 (1=pass, 0=fail)
Variant 2 (__PROTO__): 1 (1=pass, 0=fail)
Variant 3 (constructor): 1 (1=pass, 0=fail)
Variant 4 (prototype): 1 (1=pass, 0=fail)
Variant 5 (add method): 1 (1=pass, 0=fail)

[✓] No bypass found. Fix appears complete.
=========================================
CVE-2026-34752 Variant Testing
=========================================

=== VARIANT 1: Original __proto__ (should fail on fixed version) ===

[PHASE 1] Testing against VULNERABLE version (1.2.0)...
Running vulnerability confirmation test on v1.2.0...
[+] Testing __proto__ against vulnerable version (1.2.0)...
[!] EXPECTED CRASH - Vulnerability confirmed in v1.2.0
[!] Error: this.headers[key][method] is not a function
  [!] Vulnerability NOT confirmed on v1.2.0 (unexpected)

=== VARIANT 2: __PROTO__ (uppercase) ===

[PHASE 2] Testing against FIXED version (1.3.2)...
Running test 1: __proto__ on fixed version...
Using iconv-lite only. To support rare encodings: npm install iconv
[+] Testing __proto__ against fixed version (1.3.2)...
[✓] Fixed version handled __proto__ safely
  [✓] Variant 1 (original) - No crash on fixed version

Running test 2: __PROTO__ (uppercase) on fixed version...
Using iconv-lite only. To support rare encodings: npm install iconv
[+] Testing __PROTO__ (uppercase) against fixed version (1.3.2)...
[✓] Fixed version handled __PROTO__ safely (keys are lowercased)
  [✓] Variant 2 (uppercase) - No crash on fixed version

Running test 3: constructor on fixed version...
Using iconv-lite only. To support rare encodings: npm install iconv
[+] Testing constructor against fixed version (1.3.2)...
[✓] Fixed version handled constructor safely
  [✓] Variant 3 (constructor) - No crash on fixed version

Running test 4: prototype on fixed version...
Using iconv-lite only. To support rare encodings: npm install iconv
[+] Testing prototype against fixed version (1.3.2)...
[✓] Fixed version handled prototype safely
  [✓] Variant 4 (prototype) - No crash on fixed version

Running test 5: add() method with __proto__ on fixed version...
Using iconv-lite only. To support rare encodings: npm install iconv
[+] Testing add() method with __proto__ against fixed version (1.3.2)...
[✓] Fixed version handled add() with __proto__ safely
  [✓] Variant 5 (add method) - No crash on fixed version

=========================================
Variant Test Summary
=========================================
Vulnerability confirmed on 1.2.0: 0
Variant 1 (__proto__): 1 (1=pass, 0=fail)
Variant 2 (__PROTO__): 1 (1=pass, 0=fail)
Variant 3 (constructor): 1 (1=pass, 0=fail)
Variant 4 (prototype): 1 (1=pass, 0=fail)
Variant 5 (add method): 1 (1=pass, 0=fail)

[✓] No bypass found. Fix appears complete.