raw = new byte[10];
        buf = new NdrBuffer(raw, 0);
    }

    /**
     * Validate that the constructor masks the supplied value to its
     * lowest 8 bits (NdrShort incorrectly masks to 8 bits even though it's a short).
     */
    @ParameterizedTest
    @ValueSource(ints = { 0, 1, 255, -1, 256, 65535 })
    void constructorMasksValue(int input) {
        NdrShort ns = new NdrShort(input);

        smbRandomAccessFile.readFully(buffer);
        assertArrayEquals(new byte[] { 10, 20, 30, 40, 50 }, buffer);
        // Note: There appears to be a bug in the implementation where readFully
        // incorrectly updates the file pointer twice
        assertEquals(10, smbRandomAccessFile.getFilePointer());
    }

#### El tiempo de respuesta ayuda a los atacantes { #the-time-to-answer-helps-the-attackers }

En ese punto, al notar que el servidor tardó algunos microsegundos más en enviar el response "Nombre de usuario o contraseña incorrectos", los atacantes sabrán que acertaron en _algo_, algunas de las letras iniciales eran correctas.

    security_scopes: SecurityScopes,
):
    # This is an incorrect way of using it, this is not checking if the scopes are
    # provided by the token, only if the endpoint is requesting them, but the test
    # here is just to check if FastAPI is indeed registering and passing the scopes
    # correctly when using Security with parameterless dependencies.

///

Now, get the user data from the (fake) database, using the `username` from the form field.

If there is no such user, we return an error saying "Incorrect username or password".

For the error, we use the exception `HTTPException`:

{* ../../docs_src/security/tutorial003_an_py310.py hl[3,79:81] *}

### Check the password { #check-the-password }

        assertNotNull(dcerpcBinding.getUuid(), "UUID should be set for a valid pipe endpoint.");
        assertEquals("4B324FC8-1670-01D3-1278-5A47BF6EE188", dcerpcBinding.getUuid().toString(), "UUID should be parsed correctly.");
        assertEquals(3, dcerpcBinding.getMajor(), "Major version should be parsed correctly.");

        // Verify the raw bytes are correctly stored
        assertArrayEquals(rawBytes, avTargetName.getRaw(), "Raw bytes should match the input");
    }

    /**
     * Test constructor with a target name string.
     * Verifies that the string is correctly encoded to UTF-16LE bytes and stored.
     */
    @Test
    void testConstructorWithString() {

<img src="/img/tutorial/body/image03.png">

Et vous obtenez aussi de la vérification d'erreur pour les opérations incorrectes de types :

<img src="/img/tutorial/body/image04.png">

Ce n'est pas un hasard, ce framework entier a été bâti avec ce design comme objectif.

        assertEquals(smbComNtTransaction.dataCount, SmbComTransaction.readInt4(dst, 27), "dataCount should be written correctly");
        assertEquals(smbComNtTransaction.dataOffset, SmbComTransaction.readInt4(dst, 31), "dataOffset should be written correctly");
        assertEquals(smbComNtTransaction.setupCount, dst[35], "setupCount should be written correctly");

        assertEquals(positiveValue, ndrLongPositive.value, "Constructor should correctly initialize with a positive value.");

        // Test case 2: Negative value
        int negativeValue = -54321;
        NdrLong ndrLongNegative = new NdrLong(negativeValue);
        assertEquals(negativeValue, ndrLongNegative.value, "Constructor should correctly initialize with a negative value.");

        // Test case 3: Zero value