id-token: write

    steps:
      - name: "Checkout code"
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          persist-credentials: false

      - name: "Run analysis"
        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
        with:
          results_file: results.sarif
          results_format: sarif

// with following object names "\\../.minio.sys/config/iam/${username}/identity.json"
// #16852
func testPathTraversalExploit(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler,
	credentials auth.Credentials, t *testing.T,
) {
	if err := newTestConfig(globalMinioDefaultRegion, obj); err != nil {
		t.Fatalf("Initializing config.json failed")
	}

	objectName := `\../.minio.sys/config/hello.txt`

package org.codelibs.fess.opensearch.config.exentity;

import java.util.Map;
import java.util.Properties;

import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.NTCredentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.auth.DigestScheme;

OPA is a lightweight general-purpose policy engine that can be co-located with MinIO server, in this document we talk about how to use OPA HTTP API to authorize requests. It can be used with any type of credentials (STS based like OpenID or LDAP, regular IAM users or service accounts).

OPA is enabled through MinIO's Access Management Plugin feature.

## Get started

### 1. Start OPA in a container

```sh
podman run -it \

      # contents: read
      # actions: read

    steps:
      - name: "Checkout code"
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          persist-credentials: false

      - name: "Run analysis"
        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
        with:
          results_file: results.sarif
          results_format: sarif

class DfsResolverTest {

    private DfsResolver dfsResolver;

    @Mock
    private CIFSContext mockContext;

    @Mock
    private Configuration mockConfig;

    @Mock
    private Credentials mockCredentials;

    @Mock
    private SmbTransportPool mockTransportPool;

    @Mock
    private SmbTransportInternal mockTransport;

    @BeforeEach
    void setUp() {

 */
package org.codelibs.fess.crawler.client.smb1;

import org.codelibs.jcifs.smb1.NtlmPasswordAuthentication;

/**
 * Represents SMB1 authentication information, including server details,
 * credentials, and domain. This class is used to encapsulate the necessary
 * information for authenticating with an SMB1 server.
 *
 * <p>
 * It provides methods to set and retrieve the server address, port, username,

    }

    /**
     * Processes the CORS request by adding standard CORS headers to the response.
     * Headers include allowed origin, methods, headers, max age, and credentials setting.
     *
     * @param origin the origin of the request
     * @param request the servlet request
     * @param response the servlet response to add CORS headers to
     */
    @Override

/// tip

The *path operation* for `swagger_ui_redirect` is a helper for when you use OAuth2.

If you integrate your API with an OAuth2 provider, you will be able to authenticate and come back to the API docs with the acquired credentials. And interact with it using the real OAuth2 authentication.

Swagger UI will handle it behind the scenes for you, but it needs this "redirect" helper.

///

    //

    // GET /api/admin/general
    /**
     * Returns the current general system settings.
     * Excludes sensitive information like LDAP security credentials from the response.
     *
     * @return JSON response containing the general settings configuration
     */
    @Execute
    public JsonResponse<ApiResult> get$index() {
        final EditBody form = new EditBody();