From 401a61f8e311242f1507663be2b4cfb0fe409ec3 Mon Sep 17 00:00:00 2001
From: "Maria.Golomb" <maria.golomb@nba-204-d1b-pl.local>
Date: Fri, 25 Apr 2025 16:07:10 +0200
Subject: [PATCH] FIO-10016: csp eslint settings

---
 .eslintrc.js |  8 +++++++-
 package.json |  2 ++
 yarn.lock    | 24 ++++++++++++++++++++++++
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/.eslintrc.js b/.eslintrc.js
index 52e6c54d63..b39ef0bd51 100644
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -9,9 +9,15 @@ module.exports = {
         "ecmaVersion": "latest",
         "sourceType": "module"
     },
-    "plugins": ["jsdoc"],
+    "plugins": ["jsdoc" , "security", "no-unsanitized"],
     "rules": {
       "no-prototype-builtins": "off",
       "no-unused-vars": ["error", { "argsIgnorePattern": "^_" }],
+      // CSP-focused security rules:
+      "security/detect-eval-with-expression": "warn",
+      "security/detect-unsafe-regex": "warn",
+      // Prevent unsanitized DOM injection
+      "no-unsanitized/method": "warn",
+      "no-unsanitized/property": "warn"
     }
 }
diff --git a/package.json b/package.json
index 5fa17575cb..eaab248d73 100644
--- a/package.json
+++ b/package.json
@@ -130,6 +130,8 @@
     "escape-string-regexp": "^5.0.0",
     "eslint": "^8.57.0",
     "eslint-plugin-jsdoc": "^48.2.5",
+    "eslint-plugin-no-unsanitized": "^4.1.2",
+    "eslint-plugin-security": "^3.0.1",
     "fetch-mock": "^9.11.0",
     "file-loader": "^6.2.0",
     "flatpickr": "^4.6.13",
diff --git a/yarn.lock b/yarn.lock
index 2237c48ded..366e456881 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2826,6 +2826,18 @@ eslint-plugin-jsdoc@^48.2.5:
     spdx-expression-parse "^4.0.0"
     synckit "^0.9.1"
 
+eslint-plugin-no-unsanitized@^4.1.2:
+  version "4.1.2"
+  resolved "https://registry.yarnpkg.com/eslint-plugin-no-unsanitized/-/eslint-plugin-no-unsanitized-4.1.2.tgz#a994d7633a9ed168e33a82b377ae3b9f79d16734"
+  integrity sha512-ydF3PMFKEIkP71ZbLHFvu6/FW8SvRv6VV/gECfrQkqyD5+5oCAtPz8ZHy0GRuMDtNe2jsNdPCQXX4LSbkapAVQ==
+
+eslint-plugin-security@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/eslint-plugin-security/-/eslint-plugin-security-3.0.1.tgz#bc52904f77c3b74c3942e12bdb0751831a3223d2"
+  integrity sha512-XjVGBhtDZJfyuhIxnQ/WMm385RbX3DBu7H1J7HNNhmB2tnGxMeqVSnYv79oAj992ayvIBZghsymwkYFS6cGH4Q==
+  dependencies:
+    safe-regex "^2.1.1"
+
 eslint-scope@5.1.1:
   version "5.1.1"
   resolved "https://registry.yarnpkg.com/eslint-scope/-/eslint-scope-5.1.1.tgz#e786e59a66cb92b3f6c1fb0d508aab174848f48c"
@@ -6635,6 +6647,11 @@ regex-not@^1.0.0, regex-not@^1.0.2:
     extend-shallow "^3.0.2"
     safe-regex "^1.1.0"
 
+regexp-tree@~0.1.1:
+  version "0.1.27"
+  resolved "https://registry.yarnpkg.com/regexp-tree/-/regexp-tree-0.1.27.tgz#2198f0ef54518ffa743fe74d983b56ffd631b6cd"
+  integrity sha512-iETxpjK6YoRWJG5o6hXLwvjYAoW+FEZn9os0PD/b6AP6xQwsa/Y7lCVgIixBbUPMfhu+i2LtdeAqVTgGlQarfA==
+
 regexp.prototype.flags@^1.5.3:
   version "1.5.3"
   resolved "https://registry.yarnpkg.com/regexp.prototype.flags/-/regexp.prototype.flags-1.5.3.tgz#b3ae40b1d2499b8350ab2c3fe6ef3845d3a96f42"
@@ -6915,6 +6932,13 @@ safe-regex@^1.1.0:
   dependencies:
     ret "~0.1.10"
 
+safe-regex@^2.1.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/safe-regex/-/safe-regex-2.1.1.tgz#f7128f00d056e2fe5c11e81a1324dd974aadced2"
+  integrity sha512-rx+x8AMzKb5Q5lQ95Zoi6ZbJqwCLkqi3XuJXp5P3rT8OEc6sZCJG5AE5dU3lsgRr/F4Bs31jSlVN+j5KrsGu9A==
+  dependencies:
+    regexp-tree "~0.1.1"
+
 "safer-buffer@>= 2.1.2 < 3", "safer-buffer@>= 2.1.2 < 3.0.0", safer-buffer@^2.0.2, safer-buffer@^2.1.0, safer-buffer@~2.1.0:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"