I wrote some of the code to do this in a branch https://github.com/python-security/pyt/compare/class_based_views, but since I'm working on other things and this feature seems cool and important I'm making this issue 👍

Let me know if you would like any help in implementing.

Description

BeanUtils is a library that is doing automatic mapping to Java object.
It can cause arm when the attack controls part of the list of properties being sets. BeanUtils does not blacklist properties like class, classloader or other objects that are likely to load arbitrary classes and possibly run code.

Code

import org.apache.commons.beanutils.BeanUtils;

public

Aura has currently an experimental cache system that cache all the input data - package/url downloads or copies from offline pypi mirror. However the cache is never cleaned up right now and must be done to do so manually.

This feature adds an automatic cleanup system that would purge old entries from the cache under specific conditions such as:

• removing entries older than X days
• removin