Skip to main content
Skip table of contents

Python

Note: The legacy Mend SAST Application was deprecated on April 1st, 2025. For assistance with migrating to the Mend AppSec Platform, please contact your customer success manager or the success team at success@mend.io.

This article covers Python support and vulnerability detection for Mend SAST.

Mend SAST-supported Python file types

File Type

.py

.pyi

.htm

.html

.jinja

.jinja2

Mend SAST-supported Python frameworks

Framework

Django

Django Templates

Flask

Flask Jinja 2

AIOHTTP

Bottle

CherryPy

FastAPI

Masonite

Pyramid

web2py

Mend SAST-supported Python vulnerability types

The Python vulnerability types detected by SAST are provided below and are organized by CWE ID within each of their identified severities.

Python high-severity vulnerability types

CWE

Vulnerability Type

CWE-22

Path/Directory Traversal

CWE-73

File Manipulation

CWE-78

Command Injection

CWE-79

Cross-Site Scripting

CWE-89

SQL Injection

CWE-94

Code Injection

CWE-502

Deserialization of Untrusted Data

CWE-643

XPath Injection

CWE-732

Incorrect Permission Assignment for Critical Resource

CWE-918

Server-Side Request Forgery

CWE-943

Improper Neutralization of Special Elements in Data Query Logic

Python medium-severity vulnerability types

CWE

Vulnerability Type

CWE-90

LDAP Injection

CWE-209

Generation of Error Message Containing Sensitive Information

CWE-295

Improper Certificate Validation

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

CWE-377

Insecure Temporary File

CWE-400

Uncontrolled Resource Consumption

CWE-611

Improper Restriction of XML External Entity Reference

CWE-676

Use of Potentially Dangerous Function

CWE-798

Use of Hard-coded Credentials

CWE-1336

Server-Side Template Injection

Python low-severity vulnerability types

CWE

Vulnerability Type

CWE-20

Mail Relay

CWE-20

Memcache Injection Vulnerability

CWE-117

Improper Output Neutralization for Logs

CWE-328

Use of Weak Hash

CWE-530

Dangerous File Extensions

CWE-601

Unvalidated/Open Redirect

CWE-916

Use of Weak Hash -Insufficient Computational Effort

CWE-941

Arbitrary Server Connection

CWE-1333

Regex Denial of Service (ReDoS)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.