/**
 * Security-focused test cases for Smb2NegotiateResponse input validation.
 * Tests various malformed input scenarios to ensure proper validation and
 * protection against buffer overflow, integer overflow, and other attacks.
 */
public class Smb2NegotiateResponseInputValidationTest {

    private Configuration mockConfig;
    private Smb2NegotiateResponse response;

    @BeforeEach
    public void setUp() {

import okio.ByteString
import okio.ByteString.Companion.decodeBase64
import okio.ByteString.Companion.toByteString

/**
 * Constrains which certificates are trusted. Pinning certificates defends against attacks on
 * certificate authorities. It also prevents connections through man-in-the-middle certificate
 * authorities either known or unknown to the application's user.

	"github.com/minio/pkg/v3/mimedb"
	"github.com/pkg/sftp"
	"golang.org/x/crypto/ssh"
)

// Maximum write offset for incoming SFTP blocks.
// Set to 100MiB to prevent hostile DOS attacks.
const ftpMaxWriteOffset = 100 << 20

type sftpDriver struct {
	permissions *ssh.Permissions
	endpoint    string
	remoteIP    string
}

//msgp:ignore sftpMetrics
type sftpMetrics struct{}

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import jcifs.smb.SmbException;

/**
 * Validator for SMB server responses to prevent buffer overflow and injection attacks.
 *
 * Features:
 * - Buffer bounds checking
 * - Integer overflow prevention
 * - Size validation
 * - Protocol compliance checking
 * - Malformed response detection
 */
public class ServerResponseValidator {

The *Secure Channel* splits the object content into chunks of a fixed size of `65536` bytes. The last chunk may be smaller to avoid adding additional overhead and is treated specially to prevent truncation attacks. The nonce value is 96 bits long and generated randomly per object / multi-part part. The *Secure Channel* supports plaintexts up to `65536 * 2^32 = 256 TiB`.

#### Randomness

   * representation to this hash code.
   *
   * <p><b>Security note:</b> this method uses a constant-time (not short-circuiting) implementation
   * to protect against <a href="http://en.wikipedia.org/wiki/Timing_attack">timing attacks</a>.
   */
  @Override
  public final boolean equals(@Nullable Object object) {
    if (object instanceof HashCode) {
      HashCode that = (HashCode) object;

      return true;
    }

    @Override
    public Iterator<Entry<K, V>> iterator() {
      return entrySetIterator();
    }

    // See java.util.Collections.CheckedEntrySet for details on attacks.

    @Override
    public @Nullable Object[] toArray() {
      return standardToArray();
    }

    @Override
    @SuppressWarnings("nullness") // bug in our checker's handling of toArray signatures

   * representation to this hash code.
   *
   * <p><b>Security note:</b> this method uses a constant-time (not short-circuiting) implementation
   * to protect against <a href="http://en.wikipedia.org/wiki/Timing_attack">timing attacks</a>.
   */
  @Override
  public final boolean equals(@Nullable Object object) {
    if (object instanceof HashCode) {
      HashCode that = (HashCode) object;

 *
 * ```java
 * String attack = "http://example.com/static/images/../../../../../etc/passwd";
 * System.out.println(new URL(attack).getPath());
 * System.out.println(new URI(attack).getPath());
 * System.out.println(HttpUrl.parse(attack).encodedPath());
 * ```
 *
 * By canonicalizing the input paths, they are complicit in directory traversal attacks. Code that
 * checks only the path prefix may suffer!
 *

            throw new SitemapsException("Could not parse XML Sitemaps.", e);
        }
        return handler.getSitemapSet();
    }

    /**
     * Disables external resources for the SAX parser to prevent XXE attacks.
     * @param parser the SAX parser to configure
     * @throws SAXNotRecognizedException if the parser doesn't recognize the feature
     * @throws SAXNotSupportedException if the parser doesn't support the feature
     */