False positive 'User-controlled bypass of sensitive method' for C# API endpoint that requires authorization

[WSkwieVolue]

Description of the false positive

In one of my controllers I have an endpoint that requires a user to the authorized.
That endpoint has a parameter - a list of files that will be uploaded to the API (List files).
In the first lines I check if the list is not null and not empty.
Later in code I use the "User.Identity.Name" which is detected as a sensitive method.
The combination of that NotEmpty validation and checking the UserName gives me a security threat warning
"User-controlled bypass of sensitive method"

I am not sure if adding a simple NotEmpty validation should create a thread security warning with high severity.
Especially since in the same controller I have methods that check the UserName in the same way but without any prior validation of input and they are "fine". The simplest way of fixing that issue would be deleting the lines with validation which is counter-productive 😃

Thanks in advance for looking into that 😄 .

Code samples or links to source code

    [Authorize(Policy = AuthorizationConstants.AdministratorsPolicy)]
    [Route("Multiple")]
    [HttpPost]
    public async Task<IActionResult> UploadMultipleStructureDocuments(List<IFormFile> files)
    {
        if (files == null || !files.Any() )
        {
            return BadRequest("No files added to request");
        }

        (..... some code)
        
        var userName = User.Identity?.Name ?? "NotAuthorizedUser";

        (..... some code)
    }

URL to the alert on GitHub code scanning (optional)