lintai docs

Appearance

Rule Reference

SEC307lintai-ai-securitygovernancehardeningpreviewjsonwarn

Config: sensitive env forwarding

Configuration forwards sensitive environment variable references

Public lane
governance
Category
hardening
Provider
lintai-ai-security
Scope
per-file
Surface
json
Tier
preview
Severity
warn
Confidence
high
Detection
heuristic
Remediation
message only
How to read this lane

Shared authority and workflow policy review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

governancesidecar lane
mcpsurface preset

Lifecycle

Preview Lifecycle Contract

State

preview

Promotion blocker

Depends on sensitive env-name heuristics in forwarded references.

Promotion requirements

Needs corpus-backed precision review, a non-heuristic graduation basis, and completed stable checklist metadata.

Canonical note

Heuristic preview rule; not a stable contract and may evolve as false-positive tuning improves.

Nearby Signals

Related Rules

SEC336MCP client config: broad envFileRepo-local MCP client config loads a broad dotenv-style envFilegovernancehardeningjson
SEC303MCP config: credential env passthroughMCP configuration passes through credential environment variablesgovernancehardeningjson
SEC394MCP config: wildcard auto-approveMCP configuration auto-approves all tools with `autoApprove: ["*"]`governancehardeningjson
SEC395MCP config: autoApproveTools trueMCP configuration auto-approves all tools with `autoApproveTools: true`governancehardeningjson
SEC396MCP config: trustTools trueMCP configuration fully trusts tools with `trustTools: true`governancehardeningjson
SEC397MCP config: sandbox disabledMCP configuration disables sandboxing with `sandbox: false` or `disableSandbox: true`governancehardeningjson

Why It Matters

Forwarding secret-looking environment references through config broadens where sensitive data can flow and makes the config itself an implicit secret-routing policy.

What Triggers

SEC307 applies to parsed JSON config and triggers when a value forwards a sensitive-looking env reference that is not already covered by the stronger credential-key passthrough rule.

Example that triggers:

json
{"env":{"FORWARDER":"$ANOTHER_SECRET"}}

Examples that stay clean:

json
{"env":{"WORKSPACE_ROOT":"${HOME}"}}
{"env":{"OPENAI_API_KEY":"${OPENAI_API_KEY}"}}

The second example is handled by SEC303 instead.

False Positives

This rule stays Preview because it depends on sensitive env-name heuristics. It is intentionally suppressed when a stronger structural credential-env rule already explains the same line, and it is best treated as a hardening and secret-routing review prompt rather than proof of active compromise.

Remediation

Stop forwarding sensitive env references through committed config and resolve the secret only inside the service boundary that truly needs it.