}

    /**
     * Gets the compiled pattern for matching sensitive property/environment variable keys.
     * The pattern is read from the system property 'app.log.sensitive.property.pattern'.
     * If not set, a default pattern matching common sensitive key names is used.
     *
     * @return The compiled Pattern for sensitive key matching
     */
    private static Pattern getSensitivePattern() {

**Warning**: The logs generated by this interceptor when using the `HEADERS` or `BODY` levels have
the potential to leak sensitive information such as "Authorization" or "Cookie" headers and the
contents of request and response bodies. This data should only be logged in a controlled way or in
a non-production environment.

You can redact headers that may contain sensitive information by calling `redactHeader()`.
```java
logging.redactHeader("Authorization");

    server.enqueue(
      MockResponse
        .Builder()
        .addHeader("SeNsItIvE", "Value")
        .addHeader("Not-Sensitive", "Value")
        .build(),
    )
    val response =
      client
        .newCall(
          request()
            .addHeader("SeNsItIvE", "Value")
            .addHeader("Not-Sensitive", "Value")
            .build(),
        ).execute()
    response.body.close()

 *
 * <p><b>Security Note:</b> This class stores credentials in memory. For security best practices:
 * <ul>
 *   <li>Call {@link #clearCredentials()} after authentication is complete to clear sensitive data from memory</li>
 *   <li>Avoid logging instances of this class as it may expose credentials</li>
 *   <li>Consider using external secret management systems for credential storage in production</li>
 * </ul>
 *

    }

    @Test
    public void test_maskSensitiveValue_withPrivate() {
        assertEquals("********", SystemUtil.maskSensitiveValue("PRIVATE_DATA", "sensitive"));
        assertEquals("********", SystemUtil.maskSensitiveValue("private_config", "internal"));
    }

    @Test
    public void test_maskSensitiveValue_safeValues() {
        // These should NOT be masked

        setupVirtualHostHelper("/Site1", "/SITE2");

        // The current implementation is case-sensitive
        Boolean result = invokeIsValidVirtualHostPath("/site1");
        assertFalse("Case mismatch should be blocked (implementation is case-sensitive)", result);
    }

    // ===================================================================================

     * Used for compilation, execution and Javadoc among others.
     * The Java tools location is {@link StandardLocation#CLASS_PATH}.
     *
     * <h4>Context-sensitive interpretation</h4>
     * A dependency with this path type will not necessarily be placed on the class path.
     * There are two circumstances where the dependency may nevertheless be placed somewhere else:
     *
     * <ul>

  //  - Some providers may choose to also include alias names.
  //  - For example, the "SHA-1" algorithm might be referred to as "SHA1".
  //  - The algorithm name is not case-sensitive.
  @SuppressWarnings("deprecation") // We still need to test our deprecated APIs.
  private static final ImmutableMap<String, HashFunction> ALGORITHMS =
      new ImmutableMap.Builder<String, HashFunction>()

@app.get("/items/me")
async def get_item() -> Item:
    return Item(name="Plumbus", description="All-purpose home device")
```

**Important**: Return types or response models are what filter data ensuring no sensitive information is exposed. And they are used to serialize data with Pydantic (in Rust), this is the main idea that can increase response performance.

        assertFalse(goAction.isFileSystemPath("C:\\Windows\\System32"));
    }

    @Test
    public void test_isFileSystemPath_case_sensitivity() {
        // URLs are case-sensitive for protocol
        assertFalse(goAction.isFileSystemPath("FILE://path"));
        assertFalse(goAction.isFileSystemPath("S3://bucket/path"));
        assertFalse(goAction.isFileSystemPath("GCS://bucket/path"));