In order to help you, could you share which vulnerability is raised exactly ?
The documentation should tell you how to fix it, and if it is not clear, please tell us what is not. That should allow us to help you and improve the rule description.
I believe the rule you are talking about is this one.
The description looks really complete, with many resources, I bet you will find answer to your questions here.
Then, I would suggest you to have a look at the notion of security hotspots, specifically:
Unlike Vulnerabilities, Security Hotspots aren’t necessarily issues that are open to attack. Instead, Security Hotspots highlight security-sensitive pieces of code that need to be manually reviewed.