lintai docs

Appearance

Rule Reference

SEC477lintai-ai-securitystableclaude_settingswarn

Claude settings: unsafe Edit path permissions

Claude settings permissions allow `Edit(...)` over an unsafe path in a shared committed config

Provider
lintai-ai-security
Surface
claude_settings
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership
claudemembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks shared Claude settings permissions for exact unsafe-path `Edit(...)` grants.

Deterministic signal basis

ClaudeSettingsSignals exact permission-scope detection for `Edit(...)` entries that target absolute, home-relative, parent-traversing, or drive-qualified paths inside parsed Claude settings JSON.

Malicious corpus
claude-settings-unsafe-path-permissions
Benign corpus
claude-settings-unsafe-path-specific-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC362Claude settings: wildcard Bash permissionsClaude settings permissions allow `Bash(*)` in a shared committed configclaude_settingsstable
SEC364Claude settings: bypassPermissions default modeClaude settings set `permissions.defaultMode` to `bypassPermissions` in a shared committed configclaude_settingsstable
SEC367Claude settings: wildcard WebFetch permissionsClaude settings permissions allow `WebFetch(*)` in a shared committed configclaude_settingsstable
SEC369Claude settings: wildcard Write permissionsClaude settings permissions allow `Write(*)` in a shared committed configclaude_settingsstable
SEC372Claude settings: wildcard Read permissionsClaude settings permissions allow `Read(*)` in a shared committed configclaude_settingsstable
SEC373Claude settings: wildcard Edit permissionsClaude settings permissions allow `Edit(*)` in a shared committed configclaude_settingsstable

SEC477 / CLAUDE-EDIT-UNSAFE-PATH

SEC477 flags shared Claude settings when permissions.allow grants Edit(...) over an absolute path, home-relative path, Windows drive path, or parent-traversing path.

Why It Matters

Shared edit authority outside the repository breaks the usual assumption that AI-assisted edits stay within the reviewed project tree. Absolute, home-relative, or parent-traversing path scopes make policy review much harder because the reachable write surface extends beyond the repo.

Trigger Shape

The rule triggers only when all of these are true:

  • the file is a detected Claude settings surface
  • the path is not fixture-like
  • permissions.allow contains an Edit(...) token whose scope is absolute, home-relative, drive-qualified, or parent-traversing

Clean Cases

These stay clean:

  • repository-scoped paths such as Edit(./src/**)
  • permissions that do not grant Edit(...)
  • fixture-like examples under test or fixture paths

Example Trigger

json
{
  "permissions": {
    "allow": ["Edit(~/workspace/**)", "Read(./docs/**)"]
  }
}

Safer Example

json
{
  "permissions": {
    "allow": ["Edit(./src/**)", "Read(./docs/**)"]
  }
}

How To Fix

Replace broad Edit(...) path grants with repository-scoped allowlists, or remove shared access to absolute, home-relative, or parent-traversing paths from the committed Claude settings file.