final String baseCanonicalPath = new File(varPath).getCanonicalPath();
                if (!canonicalPath.startsWith(baseCanonicalPath)) {
                    throw new IllegalArgumentException("File path is outside allowed directory");
                }
            }
        } catch (final IOException e) {
            throw new IllegalArgumentException("Invalid file path", e);
        }
    }

    /**

abstract class AggregateFutureState<OutputT extends @Nullable Object>
    extends AbstractFuture.TrustedFuture<OutputT> {
  /*
   * The following fields are package-private, even though we intend never to use them outside this
   * file. For discussion, see AbstractFutureState.
   */

  // Lazily initialized the first time we see an exception; not released until all the input futures
  // have completed and we have processed them all.

    subject to change. They can be modified in any way, or even removed, at any
    time. If your code is a library itself (i.e., it is used on the CLASSPATH of
    users outside your own control), you should not use beta APIs unless you
    [repackage] them. **If your code is a library, we strongly recommend using
    the [Guava Beta Checker] to ensure that you do not use any `@Beta` APIs!**

/**
 * A factory to create model builder instances when no dependency injection is available. Note: This class is
 * only meant as a utility for developers that want to employ the model builder outside of the Maven build system, Maven
 * plugins should always acquire model builder instances via dependency injection. Developers might want to subclass

    finishedCall: RealCall? = null,
    finishedAsyncCall: AsyncCall? = null,
  ) {
    assertLockNotHeld()
    val executorIsShutdown = executorService.isShutdown

    // Actions to take outside the synchronized block.
    class Effects(
      val callsToExecute: List<AsyncCall>,
      val idleCallbackToRun: Runnable?,
    )

    val effects =
      synchronized(this) {

 * high-level APIs that provide autoescaping. For example, consider <a
 * href="http://www.xom.nu/">XOM</a>.
 *
 * <p><b>Note:</b> Currently the escapers provided by this class do not escape any characters
 * outside the ASCII character range. Unlike HTML escaping the XML escapers will not escape
 * non-ASCII characters to their numeric entity replacements. These XML escapers provide the minimal

        List<Plugin> outsidePlugins = originalModel.getBuild().getPlugins();
        assertEquals(1, outsidePlugins.size());

        checkBuildPluginWithArtifactId(
                outsidePlugins,
                "plugin-all-profiles",
                "Outside ||${project.basedir}||",
                "<plugin-all-profiles-out>Outside ||${project.basedir}||</plugin-all-profiles-out>");

vulnerabilities.

We recognize issues as vulnerabilities only when they occur in scenarios that we
outline as safe; issues that have a security impact only when TensorFlow is used
in a discouraged way (e.g. running untrusted models or checkpoints, data parsing
outside of the safe formats, etc.) are not treated as vulnerabilities.

### Reporting process

        result = NtlmMessage.readSecurityBuffer(data, 0);
        assertEquals(0, result.length, "Should return empty array if offset is out of bounds but length is zero.");

        // Test with offset pointing outside array bounds (should throw ArrayIndexOutOfBoundsException)
        buffer.putShort(0, (short) 1);
        buffer.putShort(2, (short) 1);
        buffer.putInt(4, data.length + 1); // Invalid offset

            if (process == null || !process.isAlive()) {
                throw new JobNotFoundException("Process for " + sessionId + " is not running.");
            }
        }

        // Perform I/O operations outside synchronized block to avoid blocking other threads
        try {
            final OutputStream out = process.getOutputStream();
            IOUtils.write(command + "\n", out, Constants.CHARSET_UTF_8);