}

    /**
     * Gets the compiled pattern for matching sensitive property/environment variable keys.
     * The pattern is read from the system property 'app.log.sensitive.property.pattern'.
     * If not set, a default pattern matching common sensitive key names is used.
     *
     * @return The compiled Pattern for sensitive key matching
     */
    private static Pattern getSensitivePattern() {

**Warning**: The logs generated by this interceptor when using the `HEADERS` or `BODY` levels have
the potential to leak sensitive information such as "Authorization" or "Cookie" headers and the
contents of request and response bodies. This data should only be logged in a controlled way or in
a non-production environment.

You can redact headers that may contain sensitive information by calling `redactHeader()`.
```java
logging.redactHeader("Authorization");

    server.enqueue(
      MockResponse
        .Builder()
        .addHeader("SeNsItIvE", "Value")
        .addHeader("Not-Sensitive", "Value")
        .build(),
    )
    val response =
      client
        .newCall(
          request()
            .addHeader("SeNsItIvE", "Value")
            .addHeader("Not-Sensitive", "Value")
            .build(),
        ).execute()
    response.body.close()

 *
 * <p><b>Security Note:</b> This class stores credentials in memory. For security best practices:
 * <ul>
 *   <li>Call {@link #clearCredentials()} after authentication is complete to clear sensitive data from memory</li>
 *   <li>Avoid logging instances of this class as it may expose credentials</li>
 *   <li>Consider using external secret management systems for credential storage in production</li>
 * </ul>
 *

the header line. This behavior can be disabled with `GODEBUG=tracebacklabels=0`
(added in [Go 1.26](/doc/godebug#go-126)). This opt-out is expected to be
kept indefinitely in case goroutine labels acquire sensitive information that

## Log Message Guidelines

- Logger: `LogManager.getLogger(ClassName.class)`
- Format: `key=value` (e.g., `userId={}`, `url={}`)
- Prefix with `[name]` when context identification is needed
- Mask sensitive values (passwords, tokens)

## i18n / Localization

    }

    @Test
    public void test_maskSensitiveValue_withPrivate() {
        assertEquals("********", SystemUtil.maskSensitiveValue("PRIVATE_DATA", "sensitive"));
        assertEquals("********", SystemUtil.maskSensitiveValue("private_config", "internal"));
    }

    @Test
    public void test_maskSensitiveValue_safeValues() {
        // These should NOT be masked

        setupVirtualHostHelper("/Site1", "/SITE2");

        // The current implementation is case-sensitive
        Boolean result = invokeIsValidVirtualHostPath("/site1");
        assertFalse("Case mismatch should be blocked (implementation is case-sensitive)", result);
    }

    // ===================================================================================

     * Used for compilation, execution and Javadoc among others.
     * The Java tools location is {@link StandardLocation#CLASS_PATH}.
     *
     * <h4>Context-sensitive interpretation</h4>
     * A dependency with this path type will not necessarily be placed on the class path.
     * There are two circumstances where the dependency may nevertheless be placed somewhere else:
     *
     * <ul>

  //  - Some providers may choose to also include alias names.
  //  - For example, the "SHA-1" algorithm might be referred to as "SHA1".
  //  - The algorithm name is not case-sensitive.
  @SuppressWarnings("deprecation") // We still need to test our deprecated APIs.
  private static final ImmutableMap<String, HashFunction> ALGORITHMS =
      new ImmutableMap.Builder<String, HashFunction>()