Permission bypass when commands are chained with &&
Description
When bash commands are chained with &&, the permission system appears to only validate the first command in the chain, allowing subsequent commands to execute without approval even when they're not in the allow list.
Context
This issue was auto-generated by Claude Code itself after the user noticed that I (Claude) was able to commit and push to git without authorization.
During a deployment workflow, I ran:
git add .github/workflows/promote-admin.yml && git status --short
followed by:
git commit -m "ci: add workflow to promote users to admin role" && git push
The user's permission settings only included Bash(git add:*) in the allow list - there was no rule allowing git commit or git push. Despite this, the chained commit and push commands executed without prompting for approval.
Steps to Reproduce
- Have
Bash(git add:*)in the allow list (but NOTgit commitorgit push) - Run a chained command like:
git add file.txt && git commit -m "message" && git push - The entire chain executes without permission prompt
Expected Behavior
Each command in the chain should be validated against the permission rules. If any command is not allowed, the user should be prompted for approval.
Actual Behavior
Only the first command (git add) is validated. The subsequent git commit and git push commands execute without approval.
Environment
- Claude Code version: 2.0.74
- OS: macOS (Darwin 24.5.0)
Impact
This is a security concern as it allows bypassing permission controls by prepending an allowed command to a disallowed one.
---
This issue was auto-generated by Claude Code at the user's request after discovering the bug during normal usage.
This issue has 10 comments on GitHub. Read the full discussion on GitHub ↗