lintai docs

Appearance

Rule Reference

SEC375lintai-ai-securitystableclaude_settingswarn

Claude settings: wildcard Glob permissions

Claude settings permissions allow `Glob(*)` in a shared committed config

Provider
lintai-ai-security
Surface
claude_settings
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership
claudemembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks shared Claude settings permissions for explicit wildcard `Glob(*)` grants.

Deterministic signal basis

ClaudeSettingsSignals exact string detection for `Glob(*)` inside permissions.allow on parsed Claude settings JSON.

Malicious corpus
claude-settings-glob-wildcard
Benign corpus
claude-settings-glob-specific-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC362Claude settings: wildcard Bash permissionsClaude settings permissions allow `Bash(*)` in a shared committed configclaude_settingsstable
SEC364Claude settings: bypassPermissions default modeClaude settings set `permissions.defaultMode` to `bypassPermissions` in a shared committed configclaude_settingsstable
SEC367Claude settings: wildcard WebFetch permissionsClaude settings permissions allow `WebFetch(*)` in a shared committed configclaude_settingsstable
SEC369Claude settings: wildcard Write permissionsClaude settings permissions allow `Write(*)` in a shared committed configclaude_settingsstable
SEC372Claude settings: wildcard Read permissionsClaude settings permissions allow `Read(*)` in a shared committed configclaude_settingsstable
SEC373Claude settings: wildcard Edit permissionsClaude settings permissions allow `Edit(*)` in a shared committed configclaude_settingsstable

Why It Matters

SEC375 flags committed Claude settings files when permissions.allow contains the exact wildcard discovery grant Glob(*).

This is useful because:

  • Glob(*) grants broad file-discovery capability instead of a reviewed scoped pattern set
  • shared Claude settings often become team-wide defaults by copy/paste
  • broad file-discovery access is harder to defend in code review when a workflow only needs narrow, documented discovery scopes

Trigger Shape

  • artifact kind is committed Claude settings
  • permissions.allow contains the exact string Glob(*)
  • file is not under a fixture-like path

Clean Cases

  • scoped patterns like Glob(./docs/**)
  • fixture/test/example copies
  • unrelated markdown or non-Claude config files

Example Trigger

json
{
  "permissions": {
    "allow": ["Glob(*)", "Read(*)"]
  }
}

Safer Example

json
{
  "permissions": {
    "allow": ["Glob(./docs/**)", "Read(./docs/**)"]
  }
}

How To Fix

  • replace Glob(*) with specific reviewed glob scopes
  • remove broad file-discovery access from the shared Claude settings file if it is not required