<?xml version="1.0" encoding="UTF-8"?> <FindBugsFilter> <Match> <!-- allow SHA-1, because transient SubjectNameIDs should have the same pattern as bPKs --> <Class name="at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.Pvp2AssertionBuilder"/> <Method name="buildAssertion" /> <Bug pattern="WEAK_MESSAGE_DIGEST_SHA1" /> </Match> <Match> <!-- allow logging of SAML2 request parameters --> <Class name="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AbstractPvp2XProtocol"/> <Bug pattern="CRLF_INJECTION_LOGS" /> </Match> </FindBugsFilter>