[Lint] Report public capability fields
turbolent opened this issue · 1 comments
turbolent commented
Feature Request
Capabilities should not be accessible by unauthorized parties. For example, capabilities should not be accessible through a public field, including public dictionaries or arrays. Exposing a capability in such a way allows anyone to borrow it and perform all actions that the capability allows.
Detect and report public fields with a capability type; directly, or indirectly (e.g. array/dictionary of capabilities)