future.get(10, SECONDS);
    assertThrows(RejectedExecutionException.class, () -> executor.execute(Runnables.doNothing()));
    latch.countDown();
    ExecutionException expected =
        assertThrows(ExecutionException.class, () -> first.get(10, SECONDS));
    assertThat(expected).hasCauseThat().isInstanceOf(RejectedExecutionException.class);
  }

  public void testToString() {
    Runnable[] currentTask = new Runnable[1];

    future.get(10, SECONDS);
    assertThrows(RejectedExecutionException.class, () -> executor.execute(Runnables.doNothing()));
    latch.countDown();
    ExecutionException expected =
        assertThrows(ExecutionException.class, () -> first.get(10, SECONDS));
    assertThat(expected).hasCauseThat().isInstanceOf(RejectedExecutionException.class);
  }

  public void testToString() {
    Runnable[] currentTask = new Runnable[1];

{* ../../docs_src/json_base64_bytes/tutorial001_py310.py ln[1:9,29:35] hl[9] *}

If you check the `/docs`, they will show that the field `data` expects base64 encoded bytes:

<div class="screenshot">
<img src="/img/tutorial/json-base64-bytes/image01.png">
</div>

You could send a request like:

```json
{
    "description": "Some data",

func IsRISCV64VTypeI(op obj.As) bool {
	return op == riscv.AVSETVLI || op == riscv.AVSETIVLI
}

// IsRISCV64CSRO reports whether the op is an instruction that uses
// CSR symbolic names and whether that instruction expects a register
// or an immediate source operand.
func IsRISCV64CSRO(op obj.As) (imm bool, ok bool) {
	switch op {
	case riscv.ACSRRCI, riscv.ACSRRSI, riscv.ACSRRWI:
		imm = true
		fallthrough

This type of attack is mainly relevant when:

* the application is running locally (e.g. on `localhost`) or in an internal network
* and the application doesn't have any authentication, it expects that any request from the same network can be trusted.

## Example Attack { #example-attack }

Imagine you build a way to run a local AI agent.

It provides an API at

```

    assertEquals(3, uniqueEntries.size());
  }

  // Wrapper of EnumMultiset factory methods, because we need to skip create(Class).
  // create(Enum1.class) is equal to create(Enum2.class) but testEquals() expects otherwise.
  // For the same reason, we need to skip create(Iterable, Class).
  private static class EnumMultisetFactory {
    @Keep // used reflectively by testEquals

    assertEquals(3, uniqueEntries.size());
  }

  // Wrapper of EnumMultiset factory methods, because we need to skip create(Class).
  // create(Enum1.class) is equal to create(Enum2.class) but testEquals() expects otherwise.
  // For the same reason, we need to skip create(Iterable, Class).
  private static class EnumMultisetFactory {
    @Keep // used reflectively by testEquals

# HTTP Basic Auth { #http-basic-auth }

For the simplest cases, you can use HTTP Basic Auth.

In HTTP Basic Auth, the application expects a header that contains a username and a password.

If it doesn't receive it, it returns an HTTP 401 "Unauthorized" error.

And returns a header `WWW-Authenticate` with a value of `Basic`, and an optional `realm` parameter.

That tells the browser to show the integrated prompt for a username and password.

```
// This is a sample console code block
$ echo "Hello, world!"  // Print greeting
```


### Code blocks with comments that don't follow pattern { #code-blocks-with-comments-without-pattern }

Fixer tool expects comments that follow specific pattern:

- For hash-style comments: comment starts with `# ` (hash following by whitespace) in the beginning of the string or after a whitespace.

        Pattern pattern = Pattern.compile(wrongPattern);

        // Without escaping, "application/xhtml+xml" does NOT match
        // because the pattern expects "one or more 'l'" followed by "xml"
        assertFalse(pattern.matcher("application/xhtml+xml").matches());
        assertFalse(pattern.matcher("application/rdf+xml").matches());
    }

    @Test