<?xml version="1.0" encoding="UTF-8"?>
<FindBugsFilter>
  <Match>
    <!-- CSRF protection is implicit available by request token -->
    <Class name="at.asitplus.eidas.specific.modules.auth.idaustria.controller.IdAustriaAuthSignalController" />
    <Method name="performEidasAuthentication" />
    <OR>
      <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" />                       
    </OR>
  </Match>
  <!-- Logging of invalid SAML2 responses are allowed on debug level -->
  <Match>
    <Class name="at.asitplus.eidas.specific.modules.auth.idaustria.tasks.ReceiveFromIdAustriaSystemTask"/>
    <Method name="execute" />
    <OR>
      <Bug pattern="CRLF_INJECTION_LOGS" />                       
    </OR>
  </Match>
  <Match>
    <!-- Builder pattern does not expose date elements -->
    <OR>
      <Class name="at.asitplus.eidas.specific.modules.auth.idaustria.config.IdAustriaAuthRequestBuilderConfiguration" />
    </OR>
    <OR>
      <Bug pattern="EI_EXPOSE_REP" />
      <Bug pattern="EI_EXPOSE_REP2" />
    </OR>
  </Match>         
</FindBugsFilter>