schema_version = 1
detector_id = "bitquery-api-key"
service = "bitquery"
severity = "high"
[[positive]]
text = "BITQUERY_API_KEY=7b3e5d8c1a9f4e2b6c8d3a5e9f1b7c4d"
credential = "7b3e5d8c1a9f4e2b6c8d3a5e9f1b7c4d"
reason = "Bitquery API key env-var (32 hex)."
[[positive]]
text = "bitquery_apikey: '4c9a8f6e3b7d1a2c5e8f0b9d6a3c4e1f'"
credential = "4c9a8f6e3b7d1a2c5e8f0b9d6a3c4e1f"
reason = "Lowercase bitquery_apikey YAML form."
[[negative]]
text = "BITQUERY_API_KEY=short"
reason = "Body below 32 hex chars."
[[evasion]]
text = "BITQUERY_TOKEN=\"7b3e5d8c1a9f4e2b6c8d3a5e9f1b7c4d\""
credential = "7b3e5d8c1a9f4e2b6c8d3a5e9f1b7c4d"
reason = "Quoted BITQUERY_TOKEN variant."
[perf]
fixture_bytes = 4096
max_microseconds = 25000
note = "Standard single-file budget."
[scale]
fixture_bytes = 1048576
min_findings = 1
max_seconds = 2.0
note = "1 MiB filler + planted Bitquery key."
readme_claim = "900 service-specific detectors"