# General - How To - Recipes { #general-how-to-recipes }

Here are several pointers to other places in the docs, for general or frequent questions.

## Filter Data - Security { #filter-data-security }

To ensure that you don't return more data than you should, read the docs for [Tutorial - Response Model - Return Type](../tutorial/response-model.md).

permissions: {}

jobs:
  CodeQL-Build:
    permissions:
      actions: read  # for github/codeql-action/init to get workflow details
      contents: read  # for actions/checkout to fetch code
      security-events: write  # for github/codeql-action/analyze to upload SARIF results
    runs-on: ubuntu-latest

    strategy:
      fail-fast: false
      matrix:

    }

    /**
     * Returns the local security context.
     *
     * @return A <code>byte[]</code> containing the local security
     *         context. This is used by the client to negotiate local
     *         authentication.
     */
    public byte[] getContext() {
        return this.context;
    }

    /**
     * Sets the local security context. This is used by the client

     *
     * @return the sessionFlags
     */
    public int getSessionFlags() {
        return this.sessionFlags;
    }

    /**
     * Gets the security blob from the session setup response
     *
     * @return security blob
     */
    public byte[] getBlob() {
        return this.blob;
    }

 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs.smb;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;

import javax.crypto.Cipher;
import javax.crypto.ShortBufferException;

import jcifs.CIFSContext;
import jcifs.util.Crypto;
import jcifs.util.Encdec;

-dontwarn javax.annotation.**

# Animal Sniffer compileOnly dependency to ensure APIs are compatible with older versions of Java.
-dontwarn org.codehaus.mojo.animal_sniffer.*

# OkHttp platform used only on JVM and when Conscrypt and other security providers are available.
# May be used with robolectric or deliberate use of Bouncy Castle on Android
-dontwarn okhttp3.internal.platform.**
-dontwarn org.conscrypt.**

    @Test
    @DisplayName("Test encode with maximum security mode")
    void testEncodeWithMaxSecurityMode() {
        ValidateNegotiateInfoRequest request =
                new ValidateNegotiateInfoRequest(DEFAULT_CAPABILITIES, defaultClientGuid, 0xFFFF, defaultDialects);

        byte[] buffer = new byte[request.size()];
        request.encode(buffer, 0);

        // Verify max security mode value (2 bytes)

# SHA256 checksums of snapshot zip files in this directory.
# These checksums are included in the FIPS security policy
# (validation instructions sent to the lab) and MUST NOT CHANGE.
# That is, the zip files themselves must not change.
#
# It is okay to add new zip files to the list, and it is okay to
# remove zip files from the list when they are removed from
# this directory. To update this file:
#
#	go test cmd/go/internal/fips140 -update
#

                // SECURITY NOTE: Basic authentication is enabled by default for compatibility.
                // For production, consider setting spnego.allow.basic to false.
                return getProperty(SPNEGO_ALLOW_BASIC, "true");
            }
            if (SpnegoHttpFilter.Constants.ALLOW_UNSEC_BASIC.equals(name)) {
                // SECURITY WARNING: Unsecure basic authentication is enabled by default.

We highly recommend you keep OkHttp up-to-date. As with auto-updating web browsers, staying current
with HTTPS clients is an important defense against potential security problems. [We
track][tls_history] the dynamic TLS ecosystem and adjust OkHttp to improve connectivity and
security.

OkHttp uses your platform's built-in TLS implementation. On Java platforms OkHttp also supports