Rule Reference

SEC415lintai-ai-securitystableclaude_settingswarn

Claude settings: shared git branch permissions

Claude settings permissions allow `Bash(git branch:*)` in a shared committed config

Provider: lintai-ai-security
Surface: claude_settings
Scope: per_file
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership

claudemembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks shared Claude settings permissions for wildcard git branch mutation grants.

Deterministic signal basis

ClaudeSettingsSignals exact string detection for `Bash(git branch:*)` inside permissions.allow on parsed Claude settings JSON.

Malicious corpus

claude-settings-git-branch-permission

Benign corpus

claude-settings-git-branch-specific-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC362Claude settings: wildcard Bash permissionsClaude settings permissions allow `Bash(*)` in a shared committed configclaude_settingsstable

SEC364Claude settings: bypassPermissions default modeClaude settings set `permissions.defaultMode` to `bypassPermissions` in a shared committed configclaude_settingsstable

SEC367Claude settings: wildcard WebFetch permissionsClaude settings permissions allow `WebFetch(*)` in a shared committed configclaude_settingsstable

SEC369Claude settings: wildcard Write permissionsClaude settings permissions allow `Write(*)` in a shared committed configclaude_settingsstable

SEC372Claude settings: wildcard Read permissionsClaude settings permissions allow `Read(*)` in a shared committed configclaude_settingsstable

SEC373Claude settings: wildcard Edit permissionsClaude settings permissions allow `Edit(*)` in a shared committed configclaude_settingsstable

SEC415 / CLAUDE-GIT-BRANCH-PERMISSION

SEC415 flags shared Claude settings when permissions.allow grants the exact wildcard permission Bash(git branch:*).

Why It Matters

git branch mutates repository branch structure and can redirect collaboration flow. Granting it broadly in shared AI policy makes branch mutation part of the default team execution surface, which is harder to review and easier to over-apply than a narrower, task-specific command.

Trigger Shape

The rule triggers only when all of these are true:

the file is a detected Claude settings surface
the path is not fixture-like
permissions.allow contains the exact string Bash(git branch:*)

Clean Cases

These stay clean:

more specific permissions such as Bash(git branch feature/test)
settings files that do not grant git branch at all
fixture-like examples under test or fixture paths

Example Trigger

json

{
  "permissions": {
    "allow": ["Bash(git branch:*)", "Read(*)"]
  }
}

Safer Example

json

{
  "permissions": {
    "allow": ["Bash(git branch feature/test)", "Read(*)"]
  }
}

How To Fix

Remove shared Bash(git branch:*) permissions or replace them with a narrower reviewed command pattern that keeps branch mutation under explicit user control.

Claude settings: shared git branch permissions

Preset Membership

Stable Lifecycle Contract

Related Rules

SEC415 / CLAUDE-GIT-BRANCH-PERMISSION ​

Why It Matters ​

Trigger Shape ​

Clean Cases ​

Example Trigger ​

Safer Example ​

How To Fix ​