taint-analysis

I wrote some of the code to do this in a branch https://github.com/python-security/pyt/compare/class_based_views, but since I'm working on other things and this feature seems cool and important I'm making this issue 👍

Let me know if you would like any help in implementing.

Description

BeanUtils is a library that is doing automatic mapping to Java object.
It can cause arm when the attack controls part of the list of properties being sets. BeanUtils does not blacklist properties like class, classloader or other objects that are likely to load arbitrary classes and possibly run code.

Code

import org.apache.commons.beanutils.BeanUtils;

public

Polybuild was taken by the other team and improved into a new standalone tool called blight. It has all of polybuilds features and more, we should swap to it when we get a chance.

Add raw file analyzer to data pipeline that integrates with the ClamAV for scanning input files, this would be particularly helpful during global PyPI scans.

Preliminary research however shows that most of the python ClamAV bindings are very outdated and have not been updated in some time. PyClamd (https://xael.org/pages/pyclamd-en.html) appears to be somewhat most used out there but the bitbuc