Skip to content

S005 false positive: flags wildcard patterns inside inline code / documentation #13

Description

@hermanngeorge15

Bug

S005 (no-wildcard-permissions) flags any line containing a wildcard pattern, including inline-code mentions in documentation. Found by dogfooding: the UnityInFlow root CLAUDE.md documents the S005 rule itself in a table, and that table row gets flagged:

:141 error  Wildcard tool permission (Tool(*:*)) — use explicit tool names instead of wildcards.  (S005)

The flagged line was documentation, not a permission block:

| S005 | no-wildcard-permissions | error | No `Bash(*:*)` or "*" in tool permission blocks |

Expected

The rule should only fire on actual permission contexts (JSON permission blocks, settings snippets), not on backtick-quoted inline code or prose describing the pattern.

Suggested fix

Skip matches inside inline code spans (single backticks) and possibly fenced code blocks that are clearly documentation examples — or at minimum inside markdown table cells with inline code. Repro: run spec-linter check on any file containing the rule reference table above.

🤖 Filed via Claude Code while dogfooding v0.0.1

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions