lintai docs

Appearance

Rule Reference

SEC476lintai-ai-securitygovernancehardeningstableclaude_settingswarn

Claude settings: unsafe Write path permissions

Claude settings permissions allow `Write(...)` over an unsafe path in a shared committed config

Public lane
governance
Category
hardening
Provider
lintai-ai-security
Scope
per-file
Surface
claude_settings
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message only
How to read this lane

Shared authority and workflow policy review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

governancesidecar lane
claudesurface preset

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks shared Claude settings permissions for exact unsafe-path `Write(...)` grants.

Deterministic signal basis

ClaudeSettingsSignals exact permission-scope detection for `Write(...)` entries that target absolute, home-relative, parent-traversing, or drive-qualified paths inside parsed Claude settings JSON.

Malicious corpus
claude-settings-unsafe-path-permissions
Benign corpus
claude-settings-unsafe-path-specific-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC362Claude settings: wildcard Bash permissionsClaude settings permissions allow `Bash(*)` in a shared committed configgovernancehardeningclaude_settings
SEC364Claude settings: bypassPermissions default modeClaude settings set `permissions.defaultMode` to `bypassPermissions` in a shared committed configgovernancehardeningclaude_settings
SEC367Claude settings: wildcard WebFetch permissionsClaude settings permissions allow `WebFetch(*)` in a shared committed configgovernancehardeningclaude_settings
SEC369Claude settings: wildcard Write permissionsClaude settings permissions allow `Write(*)` in a shared committed configgovernancehardeningclaude_settings
SEC372Claude settings: wildcard Read permissionsClaude settings permissions allow `Read(*)` in a shared committed configgovernancehardeningclaude_settings
SEC373Claude settings: wildcard Edit permissionsClaude settings permissions allow `Edit(*)` in a shared committed configgovernancehardeningclaude_settings

SEC476 / CLAUDE-WRITE-UNSAFE-PATH

SEC476 flags shared Claude settings when permissions.allow grants Write(...) over an absolute path, home-relative path, Windows drive path, or parent-traversing path.

Why It Matters

Shared write permissions outside the repository widen the mutation boundary for every user of the committed Claude policy. Absolute or parent-traversing scopes make it easier for a workflow to modify files that are not part of the reviewed project surface.

Trigger Shape

The rule triggers only when all of these are true:

  • the file is a detected Claude settings surface
  • the path is not fixture-like
  • permissions.allow contains a Write(...) token whose scope is absolute, home-relative, drive-qualified, or parent-traversing

Clean Cases

These stay clean:

  • repository-scoped paths such as Write(./artifacts/**)
  • permissions that do not grant Write(...)
  • fixture-like examples under test or fixture paths

Example Trigger

json
{
  "permissions": {
    "allow": ["Write(../shared/**)", "Read(./docs/**)"]
  }
}

Safer Example

json
{
  "permissions": {
    "allow": ["Write(./artifacts/**)", "Read(./docs/**)"]
  }
}

How To Fix

Replace broad Write(...) path grants with repository-scoped allowlists, or remove shared access to absolute, home-relative, or parent-traversing paths from the committed Claude settings file.