schema_version = 1
detector_id = "stackblitz-credentials"
service = "stackblitz"
severity = "high"
[[positive]]
text = "sb_stTzGx1SNLO8c33WrRghshvrRC1NFXIu"
credential = "sb_stTzGx1SNLO8c33WrRghshvrRC1NFXIu"
reason = "Canonical anchor + synthesized body satisfying detector's primary regex."
[[positive]]
text = "sb_stTzGx1SNLO8c33WrRghshvrRC1NFXIu=\"sb_stTzGx1SNLO8c33WrRghshvrRC1NFXIu\""
credential = "sb_stTzGx1SNLO8c33WrRghshvrRC1NFXIu"
reason = "Quoted-value variant of the canonical positive."
[[negative]]
text = "YOUR_API_KEY_HERE_PLACEHOLDER_VALUE"
reason = "Placeholder-keyword body — suppression gate matches PLACEHOLDER prefix."
[[negative]]
text = "sb_stEXAMPLEEXAMPLENFXIu"
reason = "EXAMPLE token marker inside the body — suppression gate strips it."
[[negative]]
text = "SB_PACKETS_PER_FRAME_HIGH_SPEED_GBPS"
reason = "Dogfood 2026-05-29: uppercase SB_ C macro (Linux USB descriptors). Case-sensitive (?-i)sb_ must not match it. 14 such FPs on a stock /usr/include scan."
[[negative]]
text = "sb_cdc_network_terminal_descriptor"
reason = "Dogfood 2026-05-29: lowercase snake_case C identifier. The no-underscore body class must not match it; real sb_ tokens are base62. 61 such FPs on /usr/include."
[[negative]]
text = "sb_endpoint_descriptor_no_audio"
reason = "Dogfood 2026-05-29: another snake_case USB identifier that fired before the underscore-free body fix."
[[evasion]]
text = "Authorization: Bearer token=\"sb_stTzGx1SNLO8c33WrRghshvrRC1NFXIu\""
credential = "sb_stTzGx1SNLO8c33WrRghshvrRC1NFXIu"
reason = "Adversarial envelope — credential must still surface under this detector."
[perf]
fixture_bytes = 4096
max_microseconds = 25000
note = "Standard single-file budget."
[scale]
fixture_bytes = 1048576
min_findings = 1
max_seconds = 2.0
note = "1 MiB filler + planted credential."
readme_claim = "900 service-specific detectors"