Python
This article covers Python support and vulnerability detection for Mend SAST.
Mend SAST-supported Python file types
File Type |
|---|
.py |
.pyi |
.htm |
.html |
.jinja |
.jinja2 |
Mend SAST-supported Python frameworks
Framework |
|---|
Django |
Django Templates |
Flask |
Flask Jinja 2 |
AIOHTTP |
Bottle |
CherryPy |
FastAPI |
Masonite |
Pyramid |
web2py |
Mend SAST-supported Python vulnerability types
The Python vulnerability types detected by SAST are provided below and are organized by CWE ID within each of their identified severities.
Python high-severity vulnerability types
CWE | Vulnerability Type |
CWE-22 | Path/Directory Traversal |
CWE-73 | File Manipulation |
CWE-78 | Command Injection |
CWE-79 | Cross-Site Scripting |
CWE-89 | SQL Injection |
CWE-94 | Code Injection |
CWE-502 | Deserialization of Untrusted Data |
CWE-643 | XPath Injection |
CWE-732 | Incorrect Permission Assignment for Critical Resource |
CWE-918 | Server-Side Request Forgery |
CWE-943 | Improper Neutralization of Special Elements in Data Query Logic |
Python medium-severity vulnerability types
CWE | Vulnerability Type |
CWE-90 | LDAP Injection |
CWE-209 | Generation of Error Message Containing Sensitive Information |
CWE-295 | Improper Certificate Validation |
CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
CWE-377 | Insecure Temporary File |
CWE-400 | Uncontrolled Resource Consumption |
CWE-611 | Improper Restriction of XML External Entity Reference |
CWE-676 | Use of Potentially Dangerous Function |
CWE-798 | Use of Hard-coded Credentials |
CWE-1336 | Server-Side Template Injection |
Python low-severity vulnerability types
CWE | Vulnerability Type |
CWE-20 | Mail Relay |
CWE-20 | Memcache Injection Vulnerability |
CWE-117 | Improper Output Neutralization for Logs |
CWE-328 | Use of Weak Hash |
CWE-530 | Dangerous File Extensions |
CWE-601 | Unvalidated/Open Redirect |
CWE-916 | Use of Weak Hash -Insufficient Computational Effort |
CWE-941 | Arbitrary Server Connection |
CWE-1333 | Regex Denial of Service (ReDoS) |