The correct place is:

* In the key `content`, that has as value another JSON object (`dict`) that contains:
    * A key with the media type, e.g. `application/json`, that contains as value another JSON object, that contains:
        * A key `schema`, that has as the value the JSON Schema from the model, here's the correct place.

        request = new Smb2SessionSetupRequest(mockContext, TEST_SECURITY_MODE, TEST_CAPABILITIES, TEST_PREVIOUS_SESSION_ID, TEST_TOKEN);
    }

    @Test
    @DisplayName("Should create request with correct parameters")
    void testConstructorSetsCorrectParameters() throws Exception {
        // Given & When
        int securityMode = 0x03;
        int capabilities = 0x0F;
        long previousSessionId = 0xFEDCBA9876543210L;

        mockPolicyHandle = mock(SamrPolicyHandle.class);
        testServer = "testServer";
        testAccess = 0x02000000; // SAM_SERVER_CONNECT access right
    }

    @Test
    @DisplayName("Should construct with correct parameters")
    void constructorShouldInitializeFieldsCorrectly() {
        // When
        MsrpcSamrConnect2 msrpcSamrConnect2 = new MsrpcSamrConnect2(testServer, testAccess, mockPolicyHandle);

        // Then

    private String testPipeName = "\\PIPE\\testpipe";

    @BeforeEach
    void setUp() {
        MockitoAnnotations.openMocks(this);
    }

    @Test
    @DisplayName("Constructor should initialize with correct values")
    void testConstructor() {
        // Act
        transWaitNamedPipe = new TransWaitNamedPipe(mockConfig, testPipeName);

        // Assert
        assertNotNull(transWaitNamedPipe);

        String result = purgeDocJob.execute();

        // Assert deleteByQuery was called
        assertTrue(deleteByQueryCalled);

        // Assert correct index was used
        assertEquals("fess.update", deleteIndex);

        // Assert query builder is correct
        assertNotNull(deleteQuery);
        assertTrue(deleteQuery instanceof RangeQueryBuilder);

    @Test
    @DisplayName("Should create correct response")
    void testCreateResponse() {
        // When
        Smb2ChangeNotifyResponse response = request.createResponse(mockContext, request);

        // Then
        assertNotNull(response);
        assertTrue(response instanceof Smb2ChangeNotifyResponse);
    }

    @Test
    @DisplayName("Should calculate correct size")
    void testSize() {
        // When

        }

        // Verify that the scroll method exists with correct signature
        try {
            SearchEngineUtil.class.getMethod("scroll", String.class, java.util.function.Function.class);
        } catch (NoSuchMethodException e) {
            fail("scroll method should exist with correct signature");
        }
    }

    @Test

 * Tests the batch limit configuration for various SMB commands.
 */
public class SmbConnectionTest {

    /**
     * Test that getBatchLimit returns correct values for different commands
     */
    @Test
    @DisplayName("getBatchLimit returns correct values for different SMB commands")
    public void testBatchLimitForDifferentCommands() throws CIFSException {
        Properties props = new Properties();

class AddressTest extends BaseTest {

    @Mock
    private CIFSContext mockContext;

    @Mock
    private Address mockAddress;

    @Test
    @DisplayName("Address interface should define correct method signatures")
    void testInterfaceContract() {
        // Given
        Address address = mockAddress;

        // When & Then - verify interface methods exist and can be called
        assertDoesNotThrow(() -> {

Of course, the attackers would not try all this by hand, they would write a program to do it, possibly with thousands or millions of tests per second. And they would get just one extra correct letter at a time.

But doing that, in some minutes or hours the attackers would have guessed the correct username and password, with the "help" of our application, just using the time taken to answer.

#### Fix it with `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }