<?xml version="1.0" encoding="UTF-8"?>
<FindBugsFilter>
    <Match>
      <!-- Do not check code generated by Apache CXF framework -->
      <Class name="~szrservices.SZRException"/>
    </Match>
    <Match>
      <!-- Logging of SAML2 responses in case of errors or for debugging is allowed -->
      <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet" />
      <Method name="getPendingRequestId" />
      <Bug pattern="CRLF_INJECTION_LOGS" />               
    </Match>
    <Match>
      <!-- CSFR protection is implemented by pendingRequestId that is an one-time token -->
      <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet" />
      <Method name="restoreEidasAuthProcess" />
      <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" />               
    </Match>
    <Match>
      <!-- File path is only loaded from configuration -->
      <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry" />
      <Method name="initialize" />
      <Bug pattern="PATH_TRAVERSAL_IN" />               
    </Match>
    <Match>
      <!-- Redirect URL is only loaded from configuration -->
      <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask" />
      <Method name="execute" />
      <Bug pattern="UNVALIDATED_REDIRECT" />               
    </Match>  
</FindBugsFilter>