Merge pull request #6 from mobb-dev/add-tests

Add workflow for handling Mobb fixes from CodeQL reports and create example for XSS vulnerability

Author: antonychiu2

.github/workflows/test-mobb-pr.yml

@@ -0,0 +1,28 @@
+name: Mobb fix from CodeQL reports
+on:
+  workflow_run:
+    workflows: ["CodeQL"] # This workflow is triggered when the name specified here is triggered. In CodeQL Default Code Scanning Setup, this name is "CodeQL", if you are using CodeQL Advanced Setup, you may need to change this if you have a different workflow name.
+    types:
+      - completed
+jobs:
+  handle_codeql_scan:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    permissions:
+      pull-requests: write
+      security-events: write
+      statuses: write
+      contents: write
+      issues: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.workflow_run.head_sha }}
+      - uses: ./
+        with:
+          mobb-api-token: ${{ secrets.MOBB_API_TOKEN }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          # Optional: specify organization and project
+          # organization-id: "your-org-id"
+          # mobb-project-name: "Your Project Name"

xss-example.js

@@ -0,0 +1,5 @@
+var urlParams = new URLSearchParams(window.location.search);
+var name = urlParams.get('name');
+
+var unsafe_div = window.document.getElementById("vulnerable-div");
+unsafe_div.innerHTML = "Hello " + name;