=== Testing Header Exposure in Session Cookie ===

[4/6] Analyzing the vulnerable code pattern...

=== VULNERABILITY ANALYSIS ===

✅ VULNERABILITY CONFIRMED - Vulnerable code pattern detected

   The code contains: `session.headers = headers`
   This stores ALL HTTP headers in the session cookie.

   Impact: Internal proxy headers (x-forwarded-for, x-api-key,
   x-real-ip, authorization, etc.) are base64-encoded in the
   cookie and can be decoded by anyone with access to the cookie.

   Code section:
   ---
    171:     session.redirect = redirect
    172:     session.query = restQuery
>>> 173:     session.headers = headers
    174: 
    175:     return this.handler('GET', handlerParams, {})
    176:   }
   ---

=== PROOF OF VULNERABILITY ===

   Example: When a request contains these headers:
   {
       "x-forwarded-for": "10.0.0.1",
       "x-internal-api-key": "sk_live_secret123",
       "x-real-ip": "192.168.1.1",
       "authorization": "Bearer secret_token",
       "cookie": "other_session=secret_value"
   }

   The session cookie will contain (base64 encoded):
   eyJoZWFkZXJzIjp7IngtZm9yd2FyZGVkLWZvciI6IjEwLjAuMC4xIiwieC1pbnRlcm5hbC1hcGkta2V5...

   Anyone can decode this to reveal the headers:
   {"headers":{"x-forwarded-for":"10.0.0.1","x-internal-api-key":"sk_live_secret123","x-real-ip":"192.1...

   === RISK ASSESSMENT ===
   HIGH: Internal infrastructure details, API keys, and
   sensitive tokens can be exposed to any client that can
   read the session cookie.