lintai docs

Appearance

Rule Reference

SEC307lintai-ai-securitypreviewjsonwarn

Config: sensitive env forwarding

Configuration forwards sensitive environment variable references

Provider
lintai-ai-security
Surface
json
Scope
per_file
Tier
preview
Severity
warn
Confidence
high
Detection
heuristic
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership
mcpmembership

Lifecycle

Preview Lifecycle Contract

State

preview_blocked

Promotion blocker

Depends on sensitive env-name heuristics in forwarded references.

Promotion requirements

Needs corpus-backed precision review, a non-heuristic graduation basis, and completed stable checklist metadata.

Canonical note

Heuristic preview rule; not a stable contract and may evolve as false-positive tuning improves.

Nearby Signals

Related Rules

SEC306JSON config: hidden override instructionsJSON configuration description contains override-style hidden instructionsjsonpreview
SEC308Config: suspicious remote endpointConfiguration points at a suspicious remote endpointjsonpreview
SEC336MCP client config: broad envFileRepo-local MCP client config loads a broad dotenv-style envFilejsonpreview
SEC301MCP config: shell trampolineMCP configuration shells out through sh -c or bash -cjsonstable
SEC302Config: insecure HTTP endpointConfiguration contains an insecure http:// endpointjsonstable
SEC303MCP config: credential env passthroughMCP configuration passes through credential environment variablesjsonstable

Why It Matters

Forwarding secret-looking environment references through config broadens where sensitive data can flow and makes the config itself an implicit secret-routing policy.

What Triggers

SEC307 applies to parsed JSON config and triggers when a value forwards a sensitive-looking env reference that is not already covered by the stronger credential-key passthrough rule.

Example that triggers:

json
{"env":{"FORWARDER":"$ANOTHER_SECRET"}}

Examples that stay clean:

json
{"env":{"WORKSPACE_ROOT":"${HOME}"}}
{"env":{"OPENAI_API_KEY":"${OPENAI_API_KEY}"}}

The second example is handled by SEC303 instead.

False Positives

This rule stays Preview because it depends on sensitive env-name heuristics. It is intentionally suppressed when a stronger structural credential-env rule already explains the same line.

Remediation

Stop forwarding sensitive env references through committed config and resolve the secret only inside the service boundary that truly needs it.