<?xml version="1.0" encoding="UTF-8"?>
<FindBugsFilter>
    <Match>
      <!-- Write only application status into response. Should be removed if we switch to Spring Actuator -->
      <Class name="at.asitplus.eidas.specific.connector.controller.MonitoringController" />
      <Method name="startSingleTests" />
      <Bug pattern="XSS_SERVLET" />               
    </Match>
    <Match>
      <!-- CSFR protection is implemented by pendingRequestId that is an one-time token 
           Endpoint for Metadata generation can be unrestrected by design -->
      <OR>
        <Class name="at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController" />
        <Class name="at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint" />
      </OR>
      <OR>
        <Method name="performGenericAuthenticationProcess" />
        <Method name="pvpMetadataRequest" />
      </OR>
      <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" />               
    </Match>
    <Match>
      <!-- Path to application configuration is trusted -->
      <Class name="at.asitplus.eidas.specific.connector.MsSpecificSpringBootApplicationContextInitializer" />
      <Bug pattern="PATH_TRAVERSAL_IN" />
    </Match>
  <Match>
    <!-- Builder pattern does not expose date elements -->
    <OR>
      <Class name="at.asitplus.eidas.specific.connector.health.IgniteClusterHealthIndicator" />
    </OR>
    <OR>
      <Bug pattern="EI_EXPOSE_REP2" />
    </OR>
  </Match>      
</FindBugsFilter>