Backslash before shell operator false positive for grep BRE regex and find -exec

Resolved 💬 4 comments Opened Mar 22, 2026 by michaelmcintyre Closed Apr 20, 2026

Bug Description

The bash command safety check flags \| (grep basic regex alternation) and \; (find -exec terminator) as "Command contains a backslash before a shell operator," even though these are standard, well-understood shell/command idioms inside quoted strings or as required find syntax.

Reproduction

Run this command via Claude Code's Bash tool:

find /some/path -name "*.erb" -type f -exec grep -l "special_offer\|claim_offer" {} \;

Expected: Command runs without a permission prompt (or matches an existing Bash(find:*) permission).

Actual: Permission prompt appears with the warning:

Command contains a backslash before a shell operator (;, |, &, <, >) which can hide command structure

Why these are false positives

  1. \| inside double-quoted grep pattern — This is grep BRE (Basic Regular Expression) alternation syntax. The backslash is consumed by grep, not by the shell. Inside double quotes, | is not a shell operator anyway.
  1. \; as find -exec terminator — This is required syntax. find -exec needs a literal ; argument, and the backslash prevents the shell from interpreting it as a command separator. This is documented in man find and is the standard way to write this command.

Both patterns appear in virtually every shell tutorial, man page, and Stack Overflow answer. They are not obfuscation.

Note

Issue #6660 reported the \| regex case specifically and was closed as "not planned." The v2.1.72 release notes mention improved find -exec handling via tree-sitter parsing. However, the false positive persists on v2.1.81, suggesting either incomplete coverage or a regression.

Environment

  • Claude Code version: 2.1.81
  • OS: macOS Darwin 23.6.0 arm64
  • Terminal: iTerm2 / zsh

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗