Python

Supported Versions

Agents can only be installed in Linux environments. Windows is not supported.

Application Security's Python agent is compatible with the following packages:

Component Version
Python 3.4 to 3.8
Django 1.11, 2.0, 2.1, 2.2
Flask 0.11+
Pyramid 1.6+
Tornado 5.1

supported on Python 3.7+

Code Protection Features

Some of the code protection features are enabled only when specific components are used in the application. The table below lists the required components for a code protection feature to be enabled.

Feature Requires
SQL Injection
  • WSGI based web-server
  • Chaussette WSGI server 1.3+
  • mysqldb
  • psycopg2
  • pymssql
  • pymysql
  • sqlite3
Remote Command Execution
  • WSGI based web-server
  • Chaussette WSGI server 1.3+
Remote Command Execution: HTTP Params
  • WSGI based web-server
  • Chaussette WSGI server 1.3+
  • Django
  • Werkzeug
Illegal File Access
  • WSGI based web-server
  • Chaussette WSGI server 1.3+
Open Redirect
  • WSGI based web-server
  • Chaussette WSGI server 1.3+
  • Django
  • Flask
Malicious Payload
  • WSGI based web-server
  • Chaussette WSGI server 1.3+
Malicious File Upload
  • WSGI based web-server
  • Chaussette WSGI server 1.3+

Download the agent

The Python agent is available from the Download page.

Install the agent

To install the agent, follow these steps:

  1. Add the Application Security package to requirements.txt:
    trend_app_protect
  2. Run pip to install the package:
    pip install -r requirements.txt
  3. Import the trend_app_protect.start module at the top of your WSGI script:
    import trend_app_protect.start
  4. Do the following to configure the agent key and secret:
    • set the TREND_AP_KEY and TREND_AP_SECRET environment variables. The Key and Secret can be found under Group Settings > Group Credentials.
    • (optional) edit the file trend_app_protect.ini under the root of the project or under /etc (but the environment variables will still take precedence):
[trend_app_protect]
key = my-key
secret = my-secret