Security hotspot issue in sonarqube

We are working with glue job and the unit test cases for this job.
SonarQube is showing security hotspot in one file named as - “make sure that this logger’s configuration is safe”.
logging.basicConfig(level=logging.INFO, format=‘%(message)s’)
We didn’t find anything wrong in the code. Do you have any solution for this issue?

Hey there.

From the docs:

  • With a hotspot, a security-sensitive piece of code is highlighted, but the overall application security may not be impacted. It’s up to the developer to review the code to determine whether or not a fix is needed to secure the code.

So it sounds like you need to mark the hotspot as Safe! A user who has Administrator security hotspots permission on project can perform this action.

  • Safe: A developer has reviewed the security hotspot and determined that no change is necessary (for example, because other more relevant protections are already in place).

Hi Colin,
Thanks for your reply. I will convey this to my technical lead.