services:
  vuln:
    platform: ${LAB_PLATFORM:-linux/amd64}
    build:
      context: .
      dockerfile: ./vuln/Dockerfile
    container_name: cve-2026-34234-vuln
    restart: unless-stopped
    depends_on:
      fake-api:
        condition: service_healthy
      mysql_vuln:
        condition: service_healthy
      redis_vuln:
        condition: service_started
    ports:
      - "127.0.0.1:8081:80"
    volumes:
      - "./env/vuln.env:/var/www/html/.env:rw"
    networks:
      - cve-2026-34234

  patched:
    platform: ${LAB_PLATFORM:-linux/amd64}
    build:
      context: .
      dockerfile: ./patched/Dockerfile
    container_name: cve-2026-34234-patched
    restart: unless-stopped
    depends_on:
      fake-api:
        condition: service_healthy
      mysql_patched:
        condition: service_healthy
      redis_patched:
        condition: service_started
    ports:
      - "127.0.0.1:8082:80"
    volumes:
      - "./env/patched.env:/var/www/html/.env:rw"
    networks:
      - cve-2026-34234

  fake-api:
    image: python:3.12.3-slim
    container_name: cve-2026-34234-fake-api
    restart: unless-stopped
    working_dir: /srv/fake-api
    command: python /srv/fake-api/server.py
    environment:
      PORT: "80"
    ports:
      - "127.0.0.1:9100:80"
    volumes:
      - "./fake-api:/srv/fake-api:ro"
    healthcheck:
      test: ["CMD-SHELL", "python -c \"import urllib.request; urllib.request.urlopen('http://127.0.0.1/health', timeout=2).read()\""]
      interval: 5s
      timeout: 3s
      retries: 20
    networks:
      cve-2026-34234:
        aliases:
          - fake-api.local

  mysql_vuln:
    image: mariadb:11.4
    container_name: cve-2026-34234-mariadb-vuln
    restart: unless-stopped
    environment:
      MARIADB_DATABASE: ctrlpanel
      MARIADB_USER: ctrlpaneluser
      MARIADB_PASSWORD: ctrlpanelpass
      MARIADB_ROOT_PASSWORD: rootpass
    volumes:
      - mysql_vuln_data:/var/lib/mysql
    healthcheck:
      test: ["CMD-SHELL", "mariadb-admin ping -h 127.0.0.1 -uroot -prootpass --silent"]
      interval: 5s
      timeout: 5s
      retries: 30
    networks:
      - cve-2026-34234

  mysql_patched:
    image: mariadb:11.4
    container_name: cve-2026-34234-mariadb-patched
    restart: unless-stopped
    environment:
      MARIADB_DATABASE: ctrlpanel
      MARIADB_USER: ctrlpaneluser
      MARIADB_PASSWORD: ctrlpanelpass
      MARIADB_ROOT_PASSWORD: rootpass
    volumes:
      - mysql_patched_data:/var/lib/mysql
    healthcheck:
      test: ["CMD-SHELL", "mariadb-admin ping -h 127.0.0.1 -uroot -prootpass --silent"]
      interval: 5s
      timeout: 5s
      retries: 30
    networks:
      - cve-2026-34234

  redis_vuln:
    image: redis:7.4-alpine
    container_name: cve-2026-34234-redis-vuln
    restart: unless-stopped
    networks:
      - cve-2026-34234

  redis_patched:
    image: redis:7.4-alpine
    container_name: cve-2026-34234-redis-patched
    restart: unless-stopped
    networks:
      - cve-2026-34234

networks:
  cve-2026-34234:
    name: cve-2026-34234
    driver: bridge

volumes:
  mysql_vuln_data:
  mysql_patched_data: