Python
Note: The legacy Mend SAST Application was deprecated on April 1st, 2025. For assistance with migrating to the Mend AppSec Platform, please contact your customer success manager or the success team at success@mend.io.
This article covers Python support and vulnerability detection for Mend SAST.
Mend SAST-supported Python file types
File Type |
|---|
.py |
.pyi |
.htm |
.html |
.jinja |
.jinja2 |
Mend SAST-supported Python frameworks
Framework |
|---|
Django |
Django Templates |
Flask |
Flask Jinja 2 |
AIOHTTP |
Bottle |
CherryPy |
FastAPI |
Masonite |
Pyramid |
web2py |
Mend SAST-supported Python vulnerability types
The Python vulnerability types detected by SAST are provided below and are organized by CWE ID within each of their identified severities.
Python high-severity vulnerability types
CWE | Vulnerability Type |
CWE-22 | Path/Directory Traversal |
CWE-73 | File Manipulation |
CWE-78 | Command Injection |
CWE-79 | Cross-Site Scripting |
CWE-89 | SQL Injection |
CWE-94 | Code Injection |
CWE-502 | Deserialization of Untrusted Data |
CWE-643 | XPath Injection |
CWE-732 | Incorrect Permission Assignment for Critical Resource |
CWE-918 | Server-Side Request Forgery |
CWE-943 | Improper Neutralization of Special Elements in Data Query Logic |
Python medium-severity vulnerability types
CWE | Vulnerability Type |
CWE-90 | LDAP Injection |
CWE-209 | Generation of Error Message Containing Sensitive Information |
CWE-295 | Improper Certificate Validation |
CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
CWE-377 | Insecure Temporary File |
CWE-400 | Uncontrolled Resource Consumption |
CWE-611 | Improper Restriction of XML External Entity Reference |
CWE-676 | Use of Potentially Dangerous Function |
CWE-798 | Use of Hard-coded Credentials |
CWE-1336 | Server-Side Template Injection |
Python low-severity vulnerability types
CWE | Vulnerability Type |
CWE-20 | Mail Relay |
CWE-20 | Memcache Injection Vulnerability |
CWE-117 | Improper Output Neutralization for Logs |
CWE-328 | Use of Weak Hash |
CWE-530 | Dangerous File Extensions |
CWE-601 | Unvalidated/Open Redirect |
CWE-916 | Use of Weak Hash -Insufficient Computational Effort |
CWE-941 | Arbitrary Server Connection |
CWE-1333 | Regex Denial of Service (ReDoS) |