Possible false-positive in tainted value analysis

I’m using Developer Edition Version 8.9.2 (build 46101) to scan a python project, and it’s flagging logging of tainted value pulled from an HTTP header, but the value has (I believe) been sanitized. (See code boxed in red in attached image)

Is there any control in this version that can suppress this? Or, is this a known issue that is perhaps fixed in a later version?

Hey there.

I’ve moved your post to the section on reporting false-positives.

I would recommend reading this post, and providing a reproducer (not a screenshot of code)