assertTrue(result.contains("informationLevel=0x101"), "String should contain the correct information level.");
        assertTrue(result.contains("filename=test.txt"), "String should contain the correct filename.");
        assertTrue(result.endsWith("]"), "String should end with a closing bracket.");
    }

        assertNotNull(middle, "Middle tree should not be null");
        assertNotNull(inner, "Inner tree should not be null");
        assertSame(middleTree, middle, "Should return correct middle tree");
        assertSame(innerTree, inner, "Should return correct inner tree");
    }

    /**
     * Test for unwrap with incompatible type.
     * Verifies behavior when trying to unwrap to an incompatible type.
     */
    @Test

        }

        // Verify that the scroll method exists with correct signature
        try {
            SearchEngineUtil.class.getMethod("scroll", String.class, java.util.function.Function.class);
        } catch (NoSuchMethodException e) {
            fail("scroll method should exist with correct signature");
        }
    }

Of course, the attackers would not try all this by hand, they would write a program to do it, possibly with thousands or millions of tests per second. And they would get just one extra correct letter at a time.

But doing that, in some minutes or hours the attackers would have guessed the correct username and password, with the "help" of our application, just using the time taken to answer.

#### Fix it with `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }

    }

    public void test_constructor() {
        assertNotNull("Constructor should create instance", target);
        assertTrue("Instance should be of correct type", target instanceof SystemMonitorTarget);
        assertTrue("Instance should be a MonitorTarget", target instanceof MonitorTarget);
        assertTrue("Instance should be a TimeoutTarget", target instanceof TimeoutTarget);

Você verá a documentação automática da API para a sub-aplicação, incluindo apenas suas próprias _operações de rota_, todas sob o prefixo de sub-caminho correto `/subapi`:

<img src="/img/tutorial/sub-applications/image02.png">

    assertEquals("correct", f.apply(new Object()));
    assertEquals("correct", f.apply(null));

    Function<@Nullable Object, @Nullable String> g = Functions.constant(null);
    assertEquals(null, g.apply(2));
    assertEquals(null, g.apply(null));

    new EqualsTester()
        .addEqualityGroup(f, Functions.constant("correct"))

    @ParameterizedTest
    @ValueSource(strings = { "NONE", "NO_TIMEOUT", "NO_RETRY", "RETAIN_PAYLOAD" })
    @DisplayName("valueOf(name) returns the correct enum and toString matches name")
    void valueOfResolvesNamesAndToString(String name) {
        RequestParam rp = RequestParam.valueOf(name);
        assertNotNull(rp);

    /** The specified user already exists */
    int NT_STATUS_USER_EXISTS = 0xC0000063;
    /** The specified user does not exist */
    int NT_STATUS_NO_SUCH_USER = 0xC0000064;
    /** The specified network password is not correct */
    int NT_STATUS_WRONG_PASSWORD = 0xC000006a;
    /** Logon failure: unknown user name or bad password */
    int NT_STATUS_LOGON_FAILURE = 0xC000006d;
    /** Logon failure: user account restriction */

        outputBuffer = new byte[1024];
        response = new TransTransactNamedPipeResponse(mockConfig, outputBuffer);
    }

    @Test
    void testConstructor() {
        // Verify that the response is created with correct configuration and buffer
        assertNotNull(response);

        // Use reflection to verify the outputBuffer is set correctly
        try {