schema_version = 1
detector_id = "cortex-api-key"
service = "cortex"
severity = "high"
[[positive]]
text = "CORTEX_API_KEY=Kp4Qx7Rm2Sn5Tb8Vw3Yz"
credential = "Kp4Qx7Rm2Sn5Tb8Vw3Yz"
reason = "CORTEX_API_KEY anchor with 20-char alnum body."
[[positive]]
text = "cortex_key='Vk9Bn3Lp7Qm2Rs5Tw8Vk9Bn3Lp7Qm2Rs5Tw8'"
credential = "Vk9Bn3Lp7Qm2Rs5Tw8Vk9Bn3Lp7Qm2Rs5Tw8"
reason = "Lowercase cortex_key anchor with single-quoted 32-char alnum body."
[[negative]]
text = "cortex_api_key=Kp4Qx7Rm2Sn5Tb8"
reason = "Body 16 chars, below 20 minimum."
[[evasion]]
text = "Authorization: Bearer cortex-api-key=\"Kp4Qx7Rm2Sn5Tb8Vw3YzKp4Qx7Rm2Sn5Tb8Vw3Yz\""
credential = "Kp4Qx7Rm2Sn5Tb8Vw3YzKp4Qx7Rm2Sn5Tb8Vw3Yz"
reason = "Bearer header with hyphen-separated key form and quoted value."
[perf]
fixture_bytes = 4096
max_microseconds = 25000
note = "Standard single-file budget."
[scale]
fixture_bytes = 1048576
min_findings = 1
max_seconds = 2.0
note = "1 MiB filler + planted cortex credential."
readme_claim = "900 service-specific detectors"