<?xml version="1.0" encoding="UTF-8"?> <FindBugsFilter> <Match> <!-- CSRF protection is implicit available by request token --> <Class name="at.asitplus.eidas.specific.modules.auth.idaustria.controller.IdAustriaAuthSignalController" /> <Method name="performEidasAuthentication" /> <OR> <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" /> </OR> </Match> <!-- Logging of invalid SAML2 responses are allowed on debug level --> <Match> <Class name="at.asitplus.eidas.specific.modules.auth.idaustria.tasks.ReceiveFromIdAustriaSystemTask"/> <Method name="execute" /> <OR> <Bug pattern="CRLF_INJECTION_LOGS" /> </OR> </Match> <Match> <!-- Builder pattern does not expose date elements --> <OR> <Class name="at.asitplus.eidas.specific.modules.auth.idaustria.config.IdAustriaAuthRequestBuilderConfiguration" /> </OR> <OR> <Bug pattern="EI_EXPOSE_REP" /> <Bug pattern="EI_EXPOSE_REP2" /> </OR> </Match> </FindBugsFilter>