*/
  private abstract static class Traversal<N> {
    final SuccessorsFunction<N> successorFunction;

    Traversal(SuccessorsFunction<N> successorFunction) {
      this.successorFunction = successorFunction;
    }

    static <N> Traversal<N> inGraph(SuccessorsFunction<N> graph) {
      Set<N> visited = new HashSet<>();
      return new Traversal<N>(graph) {
        @Override

            throw new SmbException("Path contains control characters");
        }

        // Check for traversal sequences
        if (containsTraversal(path)) {
            log.warn("Path contains directory traversal: {}", sanitizeForLog(path));
            throw new SmbException("Path contains directory traversal sequences");
        }

        // Normalize the path
        String normalized = normalizePath(path);

        // Test simple path traversal attack
        File baseDir = new File(tempDir.toFile(), "images");
        baseDir.mkdirs();
        File maliciousFile = new File(baseDir, "../../../etc/passwd");

        Boolean result = invokeIsValidUploadPath(maliciousFile, baseDir);
        assertFalse("Path traversal with ../ should be blocked", result);
    }

    @Test

  /**
   * Returns an unmodifiable iterable over the nodes in a tree structure, using pre-order traversal.
   * That is, each node's subtrees are traversed after the node itself is returned.
   *
   * <p>No guarantees are made about the behavior of the traversal when nodes change while iteration
   * is in progress or when the iterators generated by {@link #children} are advanced.
   *

            }
            expectedBaseDir = null; // Skip path traversal check for resource files
        } else {
            throwValidationError(messages -> messages.addErrorsDesignFileIsUnsupportedType("designFileName"), this::asListHtml);
            return null;
        }

        // Validate path to prevent path traversal attacks

	case err, ok := <-h.traverseAndHealDoneCh:
		if !ok {
			return
		}
		h.mutex.Lock()
		h.endTime = UTCNow()
		// Heal traversal is complete.
		if err == nil {
			// heal traversal succeeded.
			h.currentStatus.Summary = healFinishedStatus
		} else {
			// heal traversal had an error.
			h.currentStatus.Summary = healStoppedStatus
			h.currentStatus.FailureDetail = err.Error()
		}
		h.mutex.Unlock()

    /**
     * Validates that a given path is safe and does not attempt path traversal attacks.
     * <p>
     * This method checks if the resolved absolute path starts with the allowed base directory,
     * preventing access to files outside the intended directory through path traversal
     * techniques like "../../../etc/passwd".
     * </p>
     * <p>
     * Example usage:
     * </p>

   * list the nodes reachable from a given node or nodes. See the <a
   * href="https://github.com/google/guava/wiki/GraphsExplained#Graph-traversal">"Graph traversal"
   * section of the Guava User's Guide</a> for more information.
   *
   * <p>The {@link Set} returned is a "snapshot" based on the current topology of {@code graph},

- **I/O Operations** (`org.codelibs.core.io`) - File handling, resource management, stream utilities, and traversal utilities for efficient resource processing
- **Reflection** (`org.codelibs.core.lang`) - Class loading, method/field access, type introspection utilities, and generics support

            Files.createDirectories(filePath.getParent());
            final Path realParent = filePath.getParent().toRealPath();
            if (!realParent.startsWith(realBase)) {
                logger.warn("Symlink traversal detected: url={}, realParent={}, realBase={}", url, realParent, realBase);
                return;
            }
            final byte[] bytes = content.getBytes(StandardCharsets.UTF_8);