<?xml version="1.0" encoding="UTF-8"?> <FindBugsFilter> <Match> <!-- Do not check code generated by Apache CXF framework --> <Class name="~szrservices.*"/> <Class name="~at.gv.e_government.reference.namespace.persondata.*" /> <Class name="~org.w3._2000._09.xmldsig.*" /> </Match> <Match> <!-- Logging of SAML2 responses in case of errors or for debugging is allowed --> <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet" /> <Method name="getPendingRequestId" /> <Bug pattern="CRLF_INJECTION_LOGS" /> </Match> <Match> <!-- CSFR protection is implemented by pendingRequestId that is an one-time token --> <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller.IdAustriaClientAuthSignalController" /> <Method name="performAuthentication" /> <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" /> </Match> <Match> <!-- CSFR protection is implemented by pendingRequestId that is an one-time token --> <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet" /> <Method name="restoreEidasAuthProcess" /> <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" /> </Match> <Match> <!-- File path is only loaded from configuration --> <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry" /> <Method name="initialize" /> <Bug pattern="PATH_TRAVERSAL_IN" /> </Match> <Match> <!-- Redirect URL is only loaded from configuration --> <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask" /> <Method name="sendRedirect" /> <Bug pattern="UNVALIDATED_REDIRECT" /> </Match> <Match> <!-- Builder pattern does not expose date elements --> <OR> <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData" /> <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils$JwsResult"/> </OR> <OR> <Bug pattern="EI_EXPOSE_REP" /> <Bug pattern="EI_EXPOSE_REP2" /> </OR> </Match> </FindBugsFilter>