Unchecked Input For Loop Condition while running checkmarx on angular 13 project

Question

While running the checkmarx on angular 13 project the report results a 'Unchecked Input For loop Condition' medium issue. Even after limiting the object length the issue is not resolved. Below is the piece of code:

deepCopy(obj) {
 if (null === obj || "object" !== typeof obj) 
 {return obj};
 if (obj instanceof Array) {
     const copy = [];
     const maxlength=50;
     let len = obj.length;
     if (len > maxlength) {
       len = maxlength
     }
     for (let i = 0; i < len; i++) {
         copy[i] = this.deepCopy(obj[i]);
     }
     return copy;
   
 }

Here the object is passed to this method defined in the service from component as:

     modelChanges(event, type, child) {
    this.value = this._sharedService.deepCopy(this.value);
    this.value[type][child] = event;
  }

Checkmarx report says:

Method <div class="jumbotron " style="margin-top: 0.5rem; " [ngStyle]="styleTab"> at line 1 of src/app/pop/popcreate/popc-define/popc-define.component.html gets user input from element $event . This element’s value flows through the code without being validated, and is eventually used in a loop condition in deepCopy at line 25 of src/app/shared/shared.service.ts. This constitutes an Unchecked Input for Loop Condition

Any suggestions related to this?

Answer 1

This result is a false positive. Since the loop is clearly limited, there's no vulnerability here. You should probably mark the result as "not exploitable" and get on with life.