### CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

A security issue was discovered in kube-apiserver that could allow an attacker controlled aggregated API server to redirect client traffic to any URL.  This could lead to the client performing unexpected actions as well as leaking the client's credentials to third parties. 

Então, por baixo dos panos, ele incluiria esses dados compatíveis com JSON (e.g. um `dict`) dentro de uma `JSONResponse` que é utilizada para enviar uma resposta para o cliente.

Mas você pode retornar a `JSONResponse` diretamente nas suas *operações de rota*.

Pode ser útil para retornar cabeçalhos e cookies personalizados, por exemplo.

## Retornando uma `Response`

     * @return the number of documents processed
     */
    public static long scroll(final String index, final Function<SearchHit, Boolean> callback) {
        final SearchEngineClient client = ComponentUtil.getSearchEngineClient();
        return client.<SearchHit> scrollSearch(index, searchRequestBuilder -> true, (searchResponse, hit) -> hit,
                hit -> callback.apply(hit));
    }

    /**

 * hashes via NTLM SSP with MSIE. It might also be used directly by servlet
 * containers to incorporate similar functionality.
 * <p>
 * How NTLMSSP is used in conjunction with HTTP and MSIE clients is
 * described in an <A HREF="http://www.innovation.ch/java/ntlm.html">NTLM
 * Authentication Scheme for HTTP</A>.
 * <p>
 * Also, read <a
 * href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and

# Request Body { #request-body }

When you need to send data from a client (let's say, a browser) to your API, you send it as a **request body**.

A **request** body is data sent by the client to your API. A **response** body is the data your API sends to the client.

import jcifs.internal.util.SMBUtil;
import jcifs.util.Hexdump;

/**
 * SMB1 Trans2 Find First 2 transaction request implementation.
 * Initiates directory enumeration operations in SMB1 protocol, allowing clients
 * to search for files and directories matching specified patterns and criteria.
 *
 * @author mbechler
 */
public class Trans2FindFirst2 extends SmbComTransaction {

    // flags

 * hashes via NTLM SSP with MSIE. It might also be used directly by servlet
 * containers to incorporate similar functionality.
 * <p>
 * How NTLMSSP is used in conjunction with HTTP and MSIE clients is
 * described in an <A HREF="http://www.innovation.ch/java/ntlm.html">NTLM
 * Authentication Scheme for HTTP</A>.  <p> Also, read <a
 * href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and

There are many situations in which you need to notify an error to a client that is using your API.

This client could be a browser with a frontend, a code from someone else, an IoT device, etc.

You could need to tell the client that:

* The client doesn't have enough privileges for that operation.
* The client doesn't have access to that resource.
* The item the client was trying to access doesn't exist.
* etc.

		m[name] = consoleoauth2.ProviderConfig{
			URL:                     cfg.URL.String(),
			DisplayName:             cfg.DisplayName,
			ClientID:                cfg.ClientID,
			ClientSecret:            cfg.ClientSecret,
			HMACSalt:                globalDeploymentID(),
			HMACPassphrase:          cfg.ClientID,
			Scopes:                  strings.Join(cfg.DiscoveryDoc.ScopesSupported, ","),
			Userinfo:                cfg.ClaimUserinfo,

import jcifs.internal.util.SMBUtil;
import jcifs.util.Strings;

/**
 * Represents a DFS (Distributed File System) referral entry containing server redirection information.
 * This class handles DFS referral responses that redirect clients to alternate servers for accessing
 * distributed file system resources, supporting multiple DFS versions and referral types.
 */
public class Referral implements Decodable {

    /**