# CVE-2024-47611 — single-container lab. Wine + cross-built vulnerable (5.6.2)
# and patched (5.6.3) Windows xz.exe under a legacy code page (CP1252).
services:
  xz:
    platform: linux/amd64
    build:
      context: .
      dockerfile: Dockerfile
      args:
        VULN_VERSION: "5.6.2"
        PATCHED_VERSION: "5.6.3"
    image: cve-2024-47611-xz:latest
    container_name: cve-2024-47611-xz
    # Legacy code page is in force: LANG/LC_ALL select CP1252 so Wine's CRT
    # argv conversion applies best-fit mapping.
    environment:
      WINEPREFIX: /root/.wine
      WINEARCH: win64
      WINEDEBUG: "-all"
      # Prefix is booted under CP1252 (-> ACP=1252, best-fit active); the
      # runtime launch locale is UTF-8 so the wide command line holds real
      # U+2215. See env/Dockerfile for the rationale.
      WINE_INIT_LOCALE: en_US.CP1252
      LANG: C.UTF-8
      LC_ALL: C.UTF-8
    # No published ports: the CVE has no network surface. The exploiter and
    # verifier reach the binaries via `docker exec`.
    healthcheck:
      test: ["CMD", "sh", "-c", "test -x /opt/xz-vuln/bin/xz.exe && test -x /opt/xz-patched/bin/xz.exe"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 5s
    restart: "no"