[BUG] Sandbox write allowlist does not match filenames containing .. (e.g. advisory-db..lock)

Resolved 💬 2 comments Opened May 20, 2026 by namroff Closed Jun 19, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Summary
The sandbox filesystem write allowlist fails to match paths where a filename (not a path component) contains two consecutive dots (..). The dots appear to be normalized as a parent-directory reference before glob matching, making such files permanently unmatchable regardless of the pattern used.

Expected behavior
The literal path /Users/<user>/.cargo/advisory-db..lock added to the allowlist should grant write access to that exact file. .. embedded inside a filename component should not be treated as a parent-directory reference.

What Should Happen?

All patterns — including the exact literal path — are blocked. The sandbox appears to normalize advisory-db..lock as advisory-db/../lock before matching.

Error Messages/Logs

Steps to Reproduce

Steps to reproduce
Add cargo audit (RustSec) to a Claude Code project.
cargo audit creates/updates a lock file at ~/.cargo/advisory-db..lock — note the double dot is in the filename, not a path separator.
Add any of the following to write.allowWithinDeny in .claude/settings.json:

  • /Users/<user>/.cargo/**
  • /Users/<user>/.cargo/*
  • /Users/<user>/.cargo/advisory-db..lock (exact literal path)

Run cargo audit via the Bash tool. All three patterns fail with: attempted to take an exclusive lock on a read-only path

Claude Model

Sonnet (default)

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.1.144 (vs code plugin)

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

VS Code integrated terminal

Additional Information

_No response_

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗