LGTM.com - false positive (user-provided value)

[SpraxDev]

Description of the false positive
It is not detecting that I validate that 'user-provided value'. I make a request to my database and its result is stored into the app variable. That contains an array of allowed values and is checked in line 28. I use a function to check if it is inside that array (case insensitive).

URL to the alert on the project page on LGTM.com
https://lgtm.com/projects/g/Mc-Auth-com/Mc-Auth-Web/snapshot/41ec351596d9eaf086d8530beb383734cadebce9/files/routes/oAuth2.js?sort=name&dir=ASC&mode=heatmap#x2ee0a58e9646f1d3:1

[max-schaefer]

Thank you for your report! We will look into improving our query to detect your validation logic.