Angular_Improper_Type_Pipe_Usage 在 checkmarx 扫描中
Angular_Improper_Type_Pipe_Usage in checkmarx scan
我们正在使用一种名为 checkmarx 的工具来扫描代码漏洞。我在 checkmarx 扫描中收到以下 Angular 代码的 Angular_Improper_Type_Pipe_Usage 警告。
代码:
<div>{{pctValue| percent:'1.2'}}</div>
Checkmarx 警告:
Angular_Improper_Type_Pipe_Usage - Medium
我该如何解决?我认为这是使用管道的标准方式。
来自Checkmarx官方文档:
Angular pipes are intended to convert, transform or process values passed into them. However, if the values passed to these pipes are not validated, an exception might be thrown by the pipe; if it is not handled, the application will cease to respond until the page is refreshed. If piping of a bad value occurs on a form where the value is being set, and as a result that form becomes unusable, this issue may become persistent - significantly disrupting application usability.
基本上,他们希望您确保传递给管道的值明确属于正确的预期类型。在这种情况下,您应该确保 pctValue 确实是一个数字。
我们正在使用一种名为 checkmarx 的工具来扫描代码漏洞。我在 checkmarx 扫描中收到以下 Angular 代码的 Angular_Improper_Type_Pipe_Usage 警告。
代码:
<div>{{pctValue| percent:'1.2'}}</div>
Checkmarx 警告:
Angular_Improper_Type_Pipe_Usage - Medium
我该如何解决?我认为这是使用管道的标准方式。
来自Checkmarx官方文档:
Angular pipes are intended to convert, transform or process values passed into them. However, if the values passed to these pipes are not validated, an exception might be thrown by the pipe; if it is not handled, the application will cease to respond until the page is refreshed. If piping of a bad value occurs on a form where the value is being set, and as a result that form becomes unusable, this issue may become persistent - significantly disrupting application usability.
基本上,他们希望您确保传递给管道的值明确属于正确的预期类型。在这种情况下,您应该确保 pctValue 确实是一个数字。