We are using a tool called checkmarx to scan code vulnerability. I am getting Angular_Improper_Type_Pipe_Usage warning for the below Angular code in checkmarx scan.
Code:
<div>{{pctValue| percent:'1.2'}}</div>
Checkmarx warning:
Angular_Improper_Type_Pipe_Usage - Medium
How can I fix it? I think this is a standard way to use pipes.
From the Checkmarx official documentation:
Angular pipes are intended to convert, transform or process values passed into them. However, if the values passed to these pipes are not validated, an exception might be thrown by the pipe; if it is not handled, the application will cease to respond until the page is refreshed. If piping of a bad value occurs on a form where the value is being set, and as a result that form becomes unusable, this issue may become persistent - significantly disrupting application usability.
Basically, they want you to ensure values passed to pipes are explicitly of the correct expected type. In this case, you should ensure that pctValue is indeed a number.