#### Виправте за допомогою `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }

Але в нашому коді ми насправді використовуємо `secrets.compare_digest()`.

			},
			ok:  false,
			out: "+pkg syscall, type RawSockaddrInet6 struct\n",
		},
	}
	for _, tt := range tests {
		buf := new(strings.Builder)
		gotOK := compareAPI(buf, tt.features, tt.required, tt.exception)
		if gotOK != tt.ok {
			t.Errorf("%s: ok = %v; want %v", tt.name, gotOK, tt.ok)
		}
		if got := buf.String(); got != tt.out {

    /**
     * Return the IP address of this address as a 32 bit integer.
     */

    @Override
    public int hashCode() {
        return this.addr.hashCode();
    }

    /**
     * Compare two addresses for equality. Two <code>UniAddress</code>s are equal
     * if they are both <code>UniAddress</code>' and refer to the same IP address.
     */
    @Override
    public boolean equals(final Object obj) {

				}
				return
			}
			if err != nil {
				t.Fatalf("GetContentChecksum failed for %s: %v", tt.name, err)
			}

			if gotChksm == nil {
				t.Fatalf("Got nil checksum for %s", tt.name)
			}
			// Compare the full checksum structs
			if !chksm.Equal(gotChksm) {
				t.Errorf("Checksum mismatch for %s: expected %+v, got %+v", tt.name, chksm, gotChksm)
			}
			// Verify the checksum type
			expectedType := chksm.Type

 * "The .NET Developer's Guide to Windows Security" (which is also
 * available online).
 * <p>
 * Direct ACEs are evaluated first in order. The SID of the user performing
 * the operation and the desired access bits are compared to the SID
 * and access mask of each ACE. If the SID matches, the allow/deny flags
 * and access mask are considered. If the ACE is a "deny"
 * ACE and <i>any</i> of the desired access bits match bits in the access

import jcifs.internal.util.SMBUtil;
import jcifs.util.Hexdump;

/**
 * SMB1 Open AndX request message.
 *
 * This command is used to open or create a file for access over
 * the network with enhanced capabilities compared to the basic Open command.
 */
public class SmbComOpenAndX extends AndXServerMessageBlock {

    // flags (not the same as flags constructor argument)
    static final int FLAGS_RETURN_ADDITIONAL_INFO = 0x01;

    }

    /**
     * Checks if a model version is greater than or equal to a target version.
     *
     * @param modelVersion the model version to check
     * @param targetVersion the target version to compare against
     * @return true if modelVersion >= targetVersion
     */
    public static boolean isVersionGreaterOrEqual(String modelVersion, String targetVersion) {
        if (modelVersion == null || targetVersion == null) {

#### 「專業」的攻擊 { #a-professional-attack }

當然，攻擊者不會手動嘗試這一切，他們會寫程式來做，可能每秒進行上千或上百萬次測試，一次只多猜中一個正確字母。

但這樣做，幾分鐘或幾小時內，他們就能在我們應用程式「協助」下，僅靠回應時間就猜出正確的使用者名稱與密碼。

#### 用 `secrets.compare_digest()` 修正 { #fix-it-with-secrets-compare-digest }

但在我們的程式碼中實際使用的是 `secrets.compare_digest()`。

簡而言之，將 `stanleyjobsox` 與 `stanleyjobson` 比較所花的時間，會與將 `johndoe` 與 `stanleyjobson` 比較所花的時間相同；密碼也一樣。

如此一來，在應用程式程式碼中使用 `secrets.compare_digest()`，就能安全地防禦這整類的安全攻擊。

                        }
                    });
                    // Remove duplicates (equal adjacent elements) - a new, un@Incubating type will be here twice, as 2 errors are reported; use stringified JSON to compare
                    // Filtering an array is NOT in place
                    result.acceptedApiChanges = result.acceptedApiChanges.filter((item, pos, ary) => (!pos || (JSON.stringify(item) != JSON.stringify(ary[pos - 1]))));

    <T> void set(@Nonnull Key<T> key, @Nullable T value);

    /**
     * Associates the specified session data with the given key if the key is currently mapped to the given value. This
     * method provides an atomic compare-and-update of some key's value.
     *
     * @param key the key under which to store the session data, must not be {@code null}
     * @param oldValue the expected data currently associated with the key, may be {@code null}