Python - 1.6

Extension ID


What’s new?

See Python 1.6 - Release Notes .


This extension provides support for Python. If your application contains Python source code (both .py and .jy extensions are supported) and you want to view these object types and their links with other objects, then you should install this extension.

Files analyzed

Icons File Extension Note
Python .py, Python files - standard extension.
Jython .jy By convention, Python files to be run in a Java implementation of the Python interpreter.
- YAML (YAML Ain’t Markup Language) *.yml, *.yaml, Files related to the YAML language, commonly used for configuration purposes. Necessary to interpret Amazon Web Services deployment code.

Supported Python versions

The following table displays the supported versions matrix:

Version Support
3.x ✔️
2.x ✔️

Framework support

Web Service Frameworks Client-side requests Server-side operations
Aiohttp ( ) ✔️ ✔️
Bottle: N/A ✔️
CherryPy ( ) N/A ✔️
Django: N/A ✔️
Falcon ( ) N/A ✔️
FastAPI ( ) N/A ✔️
Flask ( ) N/A ✔️
http.client ( ) ✔️ N/A
httplib ( ) ✔️ N/A
httplib2 ( ) ✔️ N/A
Nameko: N/A ✔️
Pyramid ( ) N/A ✔️
Requests ( ) ✔️ N/A
Sanic: N/A ✔️
Tornado: ✔️
urllib ( ) ✔️ N/A
urllib2 ( ) ✔️ N/A
urllib3 ( ) ✔️ N/A
web2py ( ) ✔️

Function Point, Quality and Sizing support

This extension provides the following support:

  • Function Points (transactions): a green tick indicates that OMG Function Point counting and Transaction Risk Index are supported
  • Quality and Sizing: a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points (transactions) Quality and Sizing Security
✔️ ✔️ ✔️


CAST Imaging Core release Supported
8.3.x ✔️

Dependencies with other extensions

Some CAST extensions require the presence of other CAST extensions in order to function correctly. The Python extension requires that the following other CAST extensions are also installed:

Download and installation instructions

The extension will be automatically downloaded and installed in CAST Imaging Console. You can manage the extension using the Application - Extensions interface.

Source code discovery

A discoverer is provided with the extension to automatically detect Python code: a Python project will be discovered for the package’s root folder when at least one .py or .jy (jython) file is detected in the root folder or any sub-folders. For every Python project located, one Universal Technology Analysis Unit will be created:

Analysis - Automatic skipping of unit-test code and external libraries

The analyzer skips files that are recognized as forming part of testing code, i.e., in principle, code not pertaining to production code. The reason to avoid inclusion of testing code is that many Quality Rule violations are overrepresented in test code, either because code tends to be of poorer quality (certainly not critical) or prevalence of particular testing patterns. Accounting for test code would negatively impact the total score of the project.

Similarly we skip folders that contain external python libraries. Currently we only skip the canonical folders site-packages and dist-packages (the latter being used in certain Linux distributions). Not only analyzing external libraries is discouraged, but it can interfere with correct interpretation of supported libraries and frameworks, and have a serious impact in memory consumption and overall analysis performance.

The heuristics used by the analyzer are based on detecting (unit-test) library imports, and file and path naming conventions as summarized in the table below:

Type Value HeaderLines MinimumCount
FilePath /test_*.py
FilePath /*
FilePath /
FilePath /test/*.py
FilePath /tests/*.py
FileContent import unittest 12
FileContent from unittest import 12
FileContent from import 12
FileContent self.assert 2
FilePath /site-packages/
FilePath /dist-packages/
FilePath /Python*/Lib/
FilePath /Python*/Scripts/
FilePath /Python*/Include/
FilePath /Python*/Bin/
  • The ** symbol represents any arbitrary path string, whereas * represents any string without directory slashes.
  • The heuristics above should also similarly valid for .jy (jython) files.
  • FilePath match is case-insensitive

What results can you expect?

Once the analysis/snapshot generation has completed, you can view the results in the normal manner:

Python Class and method example

iOS Front-end connected to a Python Flask Back-end.



Icon Description
Python Project
Python External Library
Python Module
Python Class
Python Static Initializer
Python Method
Python Script
Python GET (urllib, urllib2, httplib, httplib2, aiohttp) service
Python GET service request
Python (Flask, aiohttp)Web Service GET operation
Python Web Service Get Operation
Python POST (urllib, urllib2, httplib, httplib2, aiohttp) service
Python POST service request
Python (Flask, aiohttp) Web Service POST operation
Python Web Service Post Operation
Python PUT (urllib, urllib2, httplib, httplib2, aiohttp) service
Python PUT service request
Python (Flask, aiohttp) Web Service PUT operation
Python Web Service Post Operation
Python DELETE (urllib, urllib2, httplib, httplib2, aiohttp) service
Python DELETE service request
Python (Flask, aiohttp) Web Service DELETE operation
Python Web Service Delete Operation
Python Web Service Any Operation
Python Query
Python ORM Mapping
Python File Query
RabbitMQ Python QueueCall
ActiveMQ Python QueueCall
IBM MQ Python QueueCall
RabbitMQ Python QueueReceive
ActiveMQ Python QueueReceive
IBM MQ Python QueueReceive
Python Call To Java Program
Python Call To Generic Program

Amazon Web Services

Icon Description
Python Call to AWS Lambda Function
Python Call to Unknown AWS Lambda Function
Python AWS Lambda GET Operation
Python AWS Lambda POST Operation
Python AWS Lambda PUT Operation
Python AWS Lambda DELETE Operation
Python AWS Lambda ANY Operation
Python AWS SQS Publisher
Python AWS SNS Publisher
Python AWS SQS Receiver
Python AWS SNS Receiver
Python AWS SQS Unknown Publisher
Python AWS SNS Unknown Publisher
Python AWS SQS Unknown Receiver
Python AWS SNS Unknown Receiver
Python S3 Bucket
Python Unknown S3 Bucket
Python DynamoDB Database
Python DynamoDB Table
Python Unknown DynamoDB Table
Python Email
Python SMS

Python callable artifact

Python ModulePython Method, and Python Static Initializer objects form part of Python (callable) artifacts.

Python static initializers

Available in ≥ 1.6.

The statements of a given class code block are represented by an *effective Python Static Initializer *object. In this object other class and method definitions are not included. Class docstrings are excluded from this object. This particular code is executed at class-definition time. To represent this in the call-graph, a link between the enclosing Python Module (or Python Method when the class is defined inside a method) and the Static Initializer object as shown in the example below:

from file2 import A
def f():
def f2():
class A:
    def m1(self):

# this is code is also executed at import-time.

The following links are created:

  • call links between methods
  • inherit link between hierarchically related classes
  • refer link from methods to class (constructor call)
  • use link between modules through import
  • call links between Python callable artifacts and Python Call objects
  • call links between Python Call objects and external programs or lambda functions

The following links are created between Python ORM Mapping objects and database table objects:

  • useSelectLink in case of SELECT operation
  • useDeleteLink in case of DELETE operation
  • useInsertLink in case of INSERT operation
  • useUpdateLink in case of UPDATE operation
  • call links in case of generic operation on S3 buckets

Structural Rules

The following structural rules are provided: 

Release Link

You can also find a global list here:||

Expected results for supported frameworks

Refer to Results for more information about the results that you can expect for each supported framework.

Known Limitations

  • Not fully supported Python Decorator function.

  • The “Avoid disabling certificate check when requesting secured urls” for ‘urllib3’ is only partially supported by detecting the call to ‘urllib3.disable_warnings’.

  • Limited Python resolution that leads to missing links:

    • No support for __all__
    • No support for variable of type class, function
  • Flask:

    • Objects for other web service operations such as PATCH are not generated.
    • The endpoint abstraction layer between functions and annotations is not considered. When using  add_url_rule the endpoint argument is taken as the calling function name.
  • Cherrypy:

    • Only support default request.dispatcher “cherrypy.dispatch.MethodDispatcher()”.
  • Java-Python interoperability via Jython is not supported. However the files with the specific extension .jy for Jython is analyzed as a regular Python file.

  • Message queues

    •  To generate queue message objects the queue name has to be initialized explicitly in the code (dynamic naming not supported).
  • SQLAlchemy:

    • Only raw queries are fully supported.
    • The ORM api for queries is not supported (no links are created towards tables).