[BUG] Heredoc pipe bypass still present in v2.1.141 (#48518 still not fixed)
Resolved 💬 7 comments Opened May 14, 2026 by Tarek98 Closed Jun 20, 2026
This is a continuation of issue #48518, which was locked but still reproduces as mentioned by @spawnia on v2.1.104 and potentially higher .
The fix introduced in v2.1.73 only fixed the CPU loop/freeze symptom, but the underlying permission bypass remains. When a heredoc marker (<<EOF or <<'EOF') is the first token after the command name, the permission system fails to evaluate pipe targets. An ask-listed command silently auto-allows when it appears after |.
Reproduction
Permissions:
{
"permissions": {
"allow": ["Bash(cat:*)", "Bash(sort:*)", "Bash(head:*)", "Bash(echo:*)"],
"ask": ["Bash(pandoc:*)", "Bash(curl:*)"]
}
}
Auto-allowed (bug — ask rule on pipe target skipped):
cat <<'EOF' | pandoc --to=plain # heredoc first arg ✗
This issue was previously verified as reproducing on v2.1.104 by @spawnia in #48518, but the issue was locked by a bot before it could be reopened.
This issue has 7 comments on GitHub. Read the full discussion on GitHub ↗