assertSame(authEx, thrown, "Should rethrow the same SmbAuthException instance");
        verify(dest, times(1)).getAttributes();
        verify(dest, never()).setPathInformation(anyInt(), anyLong(), anyLong(), anyLong());
    }

    @Test
    @DisplayName("openCopyTargetFile throws NPE on null dest (invalid input)")
    void openCopyTargetFile_nullDest_throwsNPE() {
        // Arrange
        SmbFile dest = null;

import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyInt;
import static org.mockito.ArgumentMatchers.anyLong;
import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.doNothing;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

import java.net.MalformedURLException;

import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyInt;
import static org.mockito.ArgumentMatchers.anyLong;
import static org.mockito.Mockito.atLeastOnce;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.times;

import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyInt;
import static org.mockito.ArgumentMatchers.anyLong;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.mockStatic;

import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.StandardCharsets;

              "waiting": {
                "delay": 2628000,
                "message": "As this PR has been waiting for the original user for a while but seems to be inactive, it's now going to be closed. But if there's anyone interested, feel free to create a new PR.",
                "reminder": {
                    "before": "P3D",
                    "message": "Heads-up: this will be closed in 3 days unless there's new activity."

- If an object is under legal hold, it cannot be deleted unless the legal hold is explicitly removed for the respective version id. DeleteObjectVersion() would fail otherwise.
- In `Compliance` mode, objects cannot be deleted by anyone until retention period has expired for the given version id. If user has governance bypass permissions, an object's retention date can be extended in `Compliance` mode.
- Once object lock configuration is set to a bucket

    // We want the JDK Pattern compiler:
    // - under Android (where it hurts startup performance)
    // - even for the JVM in our open-source release (https://github.com/google/guava/issues/3147)
    // If anyone in our monorepo uses the Android copy of Guava on a JVM, that would be unfortunate.
    // But that is only likely to happen in Robolectric tests, where the risks of JDK regex are low.
    return new JdkPatternCompiler();
  }

Then the malicious website could make the local AI agent send angry messages to the user's ex-boss... or worse. 😅

## Open Internet { #open-internet }

If your app is in the open internet, you wouldn't "trust the network" and let anyone send privileged requests without authentication.

Attackers could simply run a script to send requests to your API, no need for browser interaction, so you are probably already securing any privileged endpoints.

Executing `fastapi run` starts FastAPI in production mode.

By default, **auto-reload** is disabled. It also listens on the IP address `0.0.0.0`, which means all the available IP addresses, this way it will be publicly accessible to anyone that can communicate with the machine. This is how you would normally run it in production, for example, in a container.

      # Our Maven configuration then specifies different JDKs to use for some of the steps:
      # - 11 (sometimes) to *download* to support anyone who runs JDiff or our Gradle integration tests (including our doc snapshots and our Java 11 CI test run) but not to use directly