From 967b6abf504fb26f6285f1ada892c946cbe9a4c2 Mon Sep 17 00:00:00 2001
From: Wael AbuSeada <waabusea@microsoft.com>
Date: Tue, 12 May 2026 06:34:27 -0600
Subject: [PATCH 1/2] Add insecure AL codeunit for Copilot review smoke test

---
 .github/copilot-smoke/BadCodeunit.al | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 .github/copilot-smoke/BadCodeunit.al

diff --git a/.github/copilot-smoke/BadCodeunit.al b/.github/copilot-smoke/BadCodeunit.al
new file mode 100644
index 0000000000..0adbf54399
--- /dev/null
+++ b/.github/copilot-smoke/BadCodeunit.al
@@ -0,0 +1,23 @@
+codeunit 80990 "Copilot Smoke Test"
+{
+    procedure SendCustomerData(CustomerNo: Code[20])
+    var
+        Client: HttpClient;
+        RequestHeaders: HttpHeaders;
+        Content: HttpContent;
+        Response: HttpResponseMessage;
+        Token: Text;
+        Endpoint: Text;
+        BodyText: Text;
+    begin
+        Token := 'ghp_1234567890abcdefghijklmnopqrstuv';
+        Endpoint := 'http://api.contoso.internal/customers';
+        BodyText := '{"customerNo":"' + CustomerNo + '"}';
+
+        Content.WriteFrom(BodyText);
+        Content.GetHeaders(RequestHeaders);
+        RequestHeaders.Add('Authorization', Token);
+
+        Client.Post(Endpoint, Content, Response);
+    end;
+}

From 3cb3921d743f99ae5cb0e5d74b6702280fdcc533 Mon Sep 17 00:00:00 2001
From: Wael AbuSeada <waabusea@microsoft.com>
Date: Tue, 12 May 2026 07:43:03 -0600
Subject: [PATCH 2/2] Add second insecure AL codeunit for Copilot smoke test

---
 .github/copilot-smoke/BadCodeunit2.al | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 .github/copilot-smoke/BadCodeunit2.al

diff --git a/.github/copilot-smoke/BadCodeunit2.al b/.github/copilot-smoke/BadCodeunit2.al
new file mode 100644
index 0000000000..cf4f888c01
--- /dev/null
+++ b/.github/copilot-smoke/BadCodeunit2.al
@@ -0,0 +1,23 @@
+codeunit 80991 "Copilot Smoke Test 2"
+{
+    procedure NotifyWebhook(UserEmail: Text)
+    var
+        Client: HttpClient;
+        Headers: HttpHeaders;
+        Content: HttpContent;
+        Response: HttpResponseMessage;
+        ApiKey: Text;
+        WebhookUrl: Text;
+        Payload: Text;
+    begin
+        ApiKey := 'HardcodedApiKey123!';
+        WebhookUrl := 'http://webhook.contoso.local/notify';
+
+        Payload := '{"email":"' + UserEmail + '","source":"bcapps-smoke"}';
+        Content.WriteFrom(Payload);
+        Content.GetHeaders(Headers);
+        Headers.Add('x-api-key', ApiKey);
+
+        Client.Post(WebhookUrl, Content, Response);
+    end;
+}