Hello, While working on embedded Linux devices I ran into multiple cases of unsafe use of input data on the back-end. These back-ends used Python Flask framework and were made without the help of commercial (and expensive) static analysis tools. I looked around for a tool to spot these vulnerabilities, but could not find anything available for free. So, I wrote a quick script at first and then made it more generic. The tool checks functions with the route decorator, it detects the request related input data and checks if the data is passed to a function without being checked by a known filter or validator. I call the tool Python API parser and input analyzer (Papaia). I have the sources available at https://gitlab.com/melomaa/papaia Do you think this tool could be helpful for others and do you see that it would fit under the PyCQA? Best Regards, Mikko Elomaa