for i := range parts {
		if errs[i] == nil {
			if parts[i].Name == objectName {
				t.Errorf("path traversal allowed to allow writing to minioMetaBucket: %s", instanceType)
			}
		}
	}
}

// Tests validate bucket name.
func TestIsValidBucketName(t *testing.T) {
	testCases := []struct {
		bucketName string
		shouldPass bool
	}{
		// cases which should pass the test.
		// passing in valid bucket names.

	case policyCondEqual:
		return input1 == input2
	case policyCondStartsWith:
		return strings.HasPrefix(input1, input2)
	}
	return false
}

// checkPostPolicy - apply policy conditions and validate input values.
// (http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html)
func checkPostPolicy(formValues http.Header, postPolicyForm PostPolicyForm) error {

* `limit`: with a value of `10`

As they are part of the URL, they are "naturally" strings.

But when you declare them with Python types (in the example above, as `int`), they are converted to that type and validated against it.

All the same process that applied for path parameters also applies for query parameters:

* Editor support (obviously)

          <type>java.lang.String[]</type>
          <required>false</required>
          <editable>true</editable>
        </parameter>
      </parameters>

- we need to know what came from the POM, and validate those
- plugin in any default values
- check to see if anything is missing

}

func (i *instance) CLIClientsForContexts(contexts []string) ([]kube.CLIClient, error) {
	if i.remoteClients == nil {
		i.remoteClients = make(map[string]kube.CLIClient)
	}
	// Validate if "all" incoming contexts are present in the kubeconfig. Fail fast if not.
	rawConfig, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(kube.ConfigLoadingRules(*i.kubeconfig), nil).RawConfig()
	if err != nil {

	// Contains NIC interface name used for internode communication
	globalInternodeInterface     string
	globalInternodeInterfaceOnce sync.Once

	// Set last client perf extra time (get lock, and validate)
	globalLastClientPerfExtraTime int64

	// Captures all batch jobs metrics globally
	globalBatchJobsMetrics batchJobMetrics

	// Indicates if server was started as `--address ":0"`
	globalDynamicAPIPort bool

You can actually use this same technique with an HTTP `PUT` operation.

But the example here uses `PATCH` because it was created for these use cases.

///

/// note

Notice that the input model is still validated.

So, if you want to receive partial updates that can omit all the attributes, you need to have a model with all the attributes marked as optional (with default values or `None`).

                logger.debug("jwtHeader: {}", jwtHeader);
                logger.debug("jwtClaim: {}", jwtClaim);
                logger.debug("jwtSigniture: {}", jwtSigniture);
            }

            // TODO validate signiture

            final Map<String, Object> attributes = new HashMap<>();
            attributes.put("accesstoken", tr.getAccessToken());

func ParseBucketSSEConfig(r io.Reader) (*BucketSSEConfig, error) {
	var config BucketSSEConfig
	err := xml.NewDecoder(r).Decode(&config)
	if err != nil {
		return nil, err
	}

	// Validates server-side encryption config rules
	// Only one rule is allowed on AWS S3
	if len(config.Rules) != 1 {
		return nil, errors.New("only one server-side encryption rule is allowed at a time")
	}

  // tokens it is mounting volume for to do necessary authentication. Kubelet
  // will pass the tokens in VolumeContext in the CSI NodePublishVolume calls.
  // The CSI driver should parse and validate the following VolumeContext:
  // "csi.storage.k8s.io/serviceAccount.tokens": {
  //   "<audience>": {
  //     "token": <token>,
  //     "expirationTimestamp": <expiration timestamp in RFC3339>,
  //   },