lintai docs

Appearance

Rule Reference

SEC414lintai-ai-securitystableclaude_settingswarn

Claude settings: shared git tag permissions

Claude settings permissions allow `Bash(git tag:*)` in a shared committed config

Provider
lintai-ai-security
Surface
claude_settings
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership
claudemembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks shared Claude settings permissions for wildcard git tag mutation grants.

Deterministic signal basis

ClaudeSettingsSignals exact string detection for `Bash(git tag:*)` inside permissions.allow on parsed Claude settings JSON.

Malicious corpus
claude-settings-git-tag-permission
Benign corpus
claude-settings-git-tag-specific-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC362Claude settings: wildcard Bash permissionsClaude settings permissions allow `Bash(*)` in a shared committed configclaude_settingsstable
SEC364Claude settings: bypassPermissions default modeClaude settings set `permissions.defaultMode` to `bypassPermissions` in a shared committed configclaude_settingsstable
SEC367Claude settings: wildcard WebFetch permissionsClaude settings permissions allow `WebFetch(*)` in a shared committed configclaude_settingsstable
SEC369Claude settings: wildcard Write permissionsClaude settings permissions allow `Write(*)` in a shared committed configclaude_settingsstable
SEC372Claude settings: wildcard Read permissionsClaude settings permissions allow `Read(*)` in a shared committed configclaude_settingsstable
SEC373Claude settings: wildcard Edit permissionsClaude settings permissions allow `Edit(*)` in a shared committed configclaude_settingsstable

SEC414 / CLAUDE-GIT-TAG-PERMISSION

SEC414 flags shared Claude settings when permissions.allow grants the exact wildcard permission Bash(git tag:*).

Why It Matters

git tag mutates repository release markers and distribution metadata. Granting it broadly in shared AI policy makes tag mutation part of the default team execution surface, which is harder to review and easier to over-apply than a narrower, task-specific command.

Trigger Shape

The rule triggers only when all of these are true:

  • the file is a detected Claude settings surface
  • the path is not fixture-like
  • permissions.allow contains the exact string Bash(git tag:*)

Clean Cases

These stay clean:

  • more specific permissions such as Bash(git tag v1.2.3)
  • settings files that do not grant git tag at all
  • fixture-like examples under test or fixture paths

Example Trigger

json
{
  "permissions": {
    "allow": ["Bash(git tag:*)", "Read(*)"]
  }
}

Safer Example

json
{
  "permissions": {
    "allow": ["Bash(git tag v1.2.3)", "Read(*)"]
  }
}

How To Fix

Remove shared Bash(git tag:*) permissions or replace them with a narrower reviewed command pattern that keeps repository tag mutation under explicit user control.