schema_version = 1
detector_id = "formstack-api-credentials"
service = "formstack"
severity = "high"
[[positive]]
text = 'formstack access_token "7b3e5d8c1a9f4e2b6c8d3a5e9f1b7c4d3a5e9f1b7c4d"'
credential = "7b3e5d8c1a9f4e2b6c8d3a5e9f1b7c4d3a5e9f1b7c4d"
reason = "Access token with keyword prefix, space separator, and 40-char hex body in quotes."
[[positive]]
text = "FORMSTACK client_id 'Kp4Qx7Rm2Sn5Tb8Vw3Yz'"
credential = "Kp4Qx7Rm2Sn5Tb8Vw3Yz"
reason = "Client ID with uppercase keyword prefix, space separator, and 20-char alnum body in single quotes."
[[negative]]
text = "formstack_api_key=short"
reason = "Body too short (5 chars) and equals separator not allowed by regex."
[[evasion]]
text = '"formstack_api_key" "7b3e5d8c1a9f4e2b6c8d3a5e9f1b7c4d3a5e9f1b7c4d"'
credential = "7b3e5d8c1a9f4e2b6c8d3a5e9f1b7c4d3a5e9f1b7c4d"
reason = "Space-separated quoted values without equals sign."
[perf]
fixture_bytes = 4096
max_microseconds = 25000
note = "Standard single-file budget."
[scale]
fixture_bytes = 1048576
min_findings = 1
max_seconds = 2.0
note = "1 MiB filler + planted formstack credential."
readme_claim = "900 service-specific detectors"