services:
  vuln:
    build:
      context: .
      dockerfile: vuln/Dockerfile
    container_name: cve-2026-44338-vuln
    ports:
      - "127.0.0.1:8081:8080"
    read_only: true
    tmpfs:
      - /tmp
    security_opt:
      - no-new-privileges:true
    healthcheck:
      test:
        [
          "CMD",
          "python",
          "-c",
          "import socket; s=socket.create_connection(('127.0.0.1',8080),3); s.close()"
        ]
      interval: 5s
      timeout: 3s
      retries: 20

  patched:
    build:
      context: .
      dockerfile: patched/Dockerfile
    container_name: cve-2026-44338-patched
    ports:
      - "127.0.0.1:8082:8080"
    environment:
      LAB_AUTH_TOKEN: "lab-token"
    read_only: true
    tmpfs:
      - /tmp
    security_opt:
      - no-new-privileges:true
    healthcheck:
      test:
        [
          "CMD",
          "python",
          "-c",
          "import socket; s=socket.create_connection(('127.0.0.1',8080),3); s.close()"
        ]
      interval: 5s
      timeout: 3s
      retries: 20