.addEqualityGroup(ImmutableSet.of(1, 2, 1), ImmutableSet.of(2, 1, 1))
        .testEquals();
  }

  /**
   * The maximum allowed probability of falsely detecting a hash flooding attack if the input is
   * randomly generated.
   */
  private static final double HASH_FLOODING_FPP = 0.001;

  public void testReuseBuilderReducingHashTableSizeWithPowerOfTwoTotalElements() {

        assertTrue("Valid path in subdirectory should be allowed", result);
    }

    @Test
    public void test_isValidUploadPath_pathTraversal_simple() throws Exception {
        // Test simple path traversal attack
        File baseDir = new File(tempDir.toFile(), "images");
        baseDir.mkdirs();
        File maliciousFile = new File(baseDir, "../../../etc/passwd");

  /**
   * @throws IllegalArgumentException if another entry in the bucket has the same key
   * @throws BucketOverflowException if this bucket has too many entries, which may indicate a hash
   *     flooding attack
   */
  private static void checkNoConflictInValueBucket(
      Object value, Entry<?, ?> entry, @Nullable ImmutableMapEntry<?, ?> valueBucketHead)
      throws BucketOverflowException {
    int bucketSize = 0;

            context.invalidate();
            if (enforceIntegrity) {
                throw new CIFSException("Preauth integrity validation failed - possible downgrade attack detected");
            }
        }

        return isValid;
    }

    /**
     * Gets the current preauth hash for a session.
     *
     * @param sessionId the session identifier

### Human Effort Denial of Service

Using automated tools and AI to submit PRs or comments that we have to carefully review and handle would be the equivalent of a [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) on our human effort.

 *
 * ```java
 * String attack = "http://example.com/static/images/../../../../../etc/passwd";
 * System.out.println(new URL(attack).getPath());
 * System.out.println(new URI(attack).getPath());
 * System.out.println(HttpUrl.parse(attack).encodedPath());
 * ```
 *
 * By canonicalizing the input paths, they are complicit in directory traversal attacks. Code that
 * checks only the path prefix may suffer!
 *

#### Secure Erasure and Locking

The MinIO server requires an available KMS to en/decrypt SSE-S3 encrypted objects. Therefore it is possible to erase or lock some or all encrypted objects. For example in case of a detected attack or other emergency situations the following actions can be taken:

  @VisibleForTesting transient @Nullable Object @Nullable [] elements;

  /**
   * Keeps track of metadata like the number of hash table bits and modifications of this data
   * structure (to make it possible to throw ConcurrentModificationException in the iterator). Note
   * that we choose not to make this volatile, so we do less of a "best effort" to track such
   * errors, for better performance.
   */
  private transient int metadata;

  @VisibleForTesting transient @Nullable Object @Nullable [] elements;

  /**
   * Keeps track of metadata like the number of hash table bits and modifications of this data
   * structure (to make it possible to throw ConcurrentModificationException in the iterator). Note
   * that we choose not to make this volatile, so we do less of a "best effort" to track such
   * errors, for better performance.
   */
  private transient int metadata;

    # Return some error
    ...
```

Porém, ao utilizar o `secrets.compare_digest()`, isso estará seguro contra um tipo de ataque chamado "timing attacks".

### Ataques de Temporização { #timing-attacks }

Mas o que é um "timing attack"?

Vamos imaginar que alguns invasores estão tentando adivinhar o usuário e a senha.

E eles enviam uma requisição com um usuário `johndoe` e uma senha `love123`.