**********************************************************************
CVE-2026-5463 VARIANT ANALYSIS
Code-based analysis of alternate injection paths
**********************************************************************

VULNERABLE CODE PATTERNS FOUND:
----------------------------------------------------------------------

module_options_injection: ✓ CONFIRMED
  Pattern: 'set {} {}\n'.format(k, opts[k])
  Context: options_str += 'set {} {}\n'.format(k, opts[k])

payload_options_injection (VARIANT): ✓ CONFIRMED
  Pattern: 'set {} {}\n'.format(k, v)
  Context: options_str += 'set {} {}\n'.format(k, v)

======================================================================
INJECTION SIMULATION
======================================================================

1. Module Options Injection (Original)
   Injected command: workspace -a pwned_module_injection
   Result: workspace_created

2. Payload Options Injection (Variant)
   Injected command: workspace -a pwned_payload_injection
   Result: workspace_created
   Same root cause: Yes (unsanitized .format() interpolation)

======================================================================
SUMMARY
======================================================================
Module options injection (original): CONFIRMED
Payload options injection (variant): CONFIRMED

Results written to: /data/pruva/runs/7e0c8944-db93-47a1-b397-0bcb07546fb9/vuln_variant/logs/variant_manifest.json

[SUCCESS] Variant injection path confirmed via code analysis!
Payload options at line 2316 are equally vulnerable to newline injection.