[Linter] Warn user about capabilities stored inside public arrays or dictionaries
Closed this issue · 1 comments
franklywatson commented
Description
Ensure capabilities cannot be accessed by unauthorized parties. For example, capabilities should not be accessible through a public field, including public dictionaries or arrays. Exposing a capability in such a way allows anyone to borrow it and perform all actions that the capability allows.
Acceptance criteria
- Linter issues a warning when capabilities are stored in public arrays or dictionaries
- Link to the guidance on what risks this poses