Error: COPY_PASTE_ERROR (CWE-398): mongo-python-driver-3.6.1/bson/__init__.py:775: original: "_ENCODERS[type(value)]" looks like the original copy. mongo-python-driver-3.6.1/bson/__init__.py:766: copy_paste_error: "_ENCODERS" in "_ENCODERS[type(value)]" looks like a copy-paste error. mongo-python-driver-3.6.1/bson/__init__.py:766: remediation: Should it say "_MARKERS" instead? # 764| func = _MARKERS[marker] # 765| # Cache this type for faster subsequent lookup. # 766|-> _ENCODERS[type(value)] = func # 767| return func(name, value, check_keys, opts) # 768| Error: COPY_PASTE_ERROR (CWE-398): mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/bson/__init__.py:775: original: "_ENCODERS[type(value)]" looks like the original copy. mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/bson/__init__.py:766: copy_paste_error: "_ENCODERS" in "_ENCODERS[type(value)]" looks like a copy-paste error. mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/bson/__init__.py:766: remediation: Should it say "_MARKERS" instead? # 764| func = _MARKERS[marker] # 765| # Cache this type for faster subsequent lookup. # 766|-> _ENCODERS[type(value)] = func # 767| return func(name, value, check_keys, opts) # 768| Error: FORWARD_NULL (CWE-476): mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/pymongo/auth.py:171: assign_undefined: Assigning: "result" = "undefined". mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/pymongo/auth.py:181: invalid_operation: Invalid operation on null-like value "result". # 179| # 180| for x, y in zip(left, right): # 181|-> result |= _xor_bytes(x, y) # 182| return result == 0 # 183| Error: DEADCODE (CWE-561): mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/pymongo/database.py:930: cond_types: Condition "read_only", taking false branch. Now the type of "read_only" cannot be any of function and plain object. mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/pymongo/database.py:937: possible_types: At condition "read_only", the type of "read_only" cannot be any of function and plain object. mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/pymongo/database.py:930: cond_cannot_single: Condition "read_only", taking false branch. Now the value of "read_only" cannot be equal to 1. mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/pymongo/database.py:937: cannot_single: At condition "read_only", the value of "read_only" cannot be equal to 1. mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/pymongo/database.py:937: truth: At condition "read_only", the truth value of "read_only" must be false. mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/pymongo/database.py:937: dead_error_condition: The condition "read_only" cannot be true. mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/pymongo/database.py:938: dead_error_line: Execution cannot reach this statement: "warnings.warn("The read_onl...". # 936| # 937| elif read_only: # 938|-> warnings.warn("The read_only option is deprecated in MongoDB " # 939| ">= 2.6, use 'roles' instead", DeprecationWarning) # 940| Error: FORWARD_NULL (CWE-476): mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/pymongo/mongo_client.py:1066: null_check: Comparing "session" to a null-like value implies that "session" might be null-like. mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/pymongo/mongo_client.py:1078: property_access: Accessing a property of null-like value "session". # 1076| if is_retrying(): # 1077| # Reset the transaction id and retry the operation. # 1078|-> session._retry_transaction_id() # 1079| return func(session, sock_info, retryable) # 1080| except ServerSelectionTimeoutError: Error: DC.WEAK_CRYPTO: mongo-python-driver-3.6.1/pymongo/_cmessagemodule.c:172: dont_call: "rand" should not be used for security related applications, as linear congruential algorithms are too easy to break. mongo-python-driver-3.6.1/pymongo/_cmessagemodule.c:172: remediation: Use a compliant random number generator, such as "/dev/random" or "/dev/urandom" on Unix-like systems, and "CryptGenRandom" on Windows. # 170| # 171| /* NOTE just using a random number as the request_id */ # 172|-> int request_id = rand(); # 173| char* collection_name = NULL; # 174| int collection_name_length; Error: DC.WEAK_CRYPTO: mongo-python-driver-3.6.1/pymongo/_cmessagemodule.c:300: dont_call: "rand" should not be used for security related applications, as linear congruential algorithms are too easy to break. mongo-python-driver-3.6.1/pymongo/_cmessagemodule.c:300: remediation: Use a compliant random number generator, such as "/dev/random" or "/dev/urandom" on Unix-like systems, and "CryptGenRandom" on Windows. # 298| struct module_state *state = GETSTATE(self); # 299| # 300|-> int request_id = rand(); # 301| char* collection_name = NULL; # 302| int collection_name_length; Error: DC.WEAK_CRYPTO: mongo-python-driver-3.6.1/pymongo/_cmessagemodule.c:416: dont_call: "rand" should not be used for security related applications, as linear congruential algorithms are too easy to break. mongo-python-driver-3.6.1/pymongo/_cmessagemodule.c:416: remediation: Use a compliant random number generator, such as "/dev/random" or "/dev/urandom" on Unix-like systems, and "CryptGenRandom" on Windows. # 414| struct module_state *state = GETSTATE(self); # 415| # 416|-> int request_id = rand(); # 417| PyObject* cluster_time = NULL; # 418| unsigned int flags; Error: DC.WEAK_CRYPTO: mongo-python-driver-3.6.1/pymongo/_cmessagemodule.c:582: dont_call: "rand" should not be used for security related applications, as linear congruential algorithms are too easy to break. mongo-python-driver-3.6.1/pymongo/_cmessagemodule.c:582: remediation: Use a compliant random number generator, such as "/dev/random" or "/dev/urandom" on Unix-like systems, and "CryptGenRandom" on Windows. # 580| static PyObject* _cbson_get_more_message(PyObject* self, PyObject* args) { # 581| /* NOTE just using a random number as the request_id */ # 582|-> int request_id = rand(); # 583| char* collection_name = NULL; # 584| int collection_name_length; Error: DC.WEAK_CRYPTO: mongo-python-driver-3.6.1/pymongo/_cmessagemodule.c:688: dont_call: "rand" should not be used for security related applications, as linear congruential algorithms are too easy to break. mongo-python-driver-3.6.1/pymongo/_cmessagemodule.c:688: remediation: Use a compliant random number generator, such as "/dev/random" or "/dev/urandom" on Unix-like systems, and "CryptGenRandom" on Windows. # 686| # 687| /* NOTE just using a random number as the request_id */ # 688|-> int request_id = rand(); # 689| int send_safe, flags = 0; # 690| int length_location, message_length; Error: DC.WEAK_CRYPTO: mongo-python-driver-3.6.1/pymongo/_cmessagemodule.c:818: dont_call: "rand" should not be used for security related applications, as linear congruential algorithms are too easy to break. mongo-python-driver-3.6.1/pymongo/_cmessagemodule.c:818: remediation: Use a compliant random number generator, such as "/dev/random" or "/dev/urandom" on Unix-like systems, and "CryptGenRandom" on Windows. # 816| /* We have enough data, send this batch. */ # 817| if (buffer_get_position(buffer) > max_message_size) { # 818|-> int new_request_id = rand(); # 819| int message_start; # 820| buffer_t new_buffer = buffer_new(); Error: DC.WEAK_CRYPTO: mongo-python-driver-3.6.1/pymongo/_cmessagemodule.c:1217: dont_call: "rand" should not be used for security related applications, as linear congruential algorithms are too easy to break. mongo-python-driver-3.6.1/pymongo/_cmessagemodule.c:1217: remediation: Use a compliant random number generator, such as "/dev/random" or "/dev/urandom" on Unix-like systems, and "CryptGenRandom" on Windows. # 1215| # 1216| # 1217|-> request_id = rand(); # 1218| position = buffer_get_position(buffer); # 1219| length = position - lst_len_loc - 1; Error: FORWARD_NULL (CWE-476): mongo-python-driver-3.6.1/pymongo/auth.py:171: assign_undefined: Assigning: "result" = "undefined". mongo-python-driver-3.6.1/pymongo/auth.py:181: invalid_operation: Invalid operation on null-like value "result". # 179| # 180| for x, y in zip(left, right): # 181|-> result |= _xor_bytes(x, y) # 182| return result == 0 # 183| Error: DEADCODE (CWE-561): mongo-python-driver-3.6.1/pymongo/database.py:930: cond_types: Condition "read_only", taking false branch. Now the type of "read_only" cannot be any of function and plain object. mongo-python-driver-3.6.1/pymongo/database.py:937: possible_types: At condition "read_only", the type of "read_only" cannot be any of function and plain object. mongo-python-driver-3.6.1/pymongo/database.py:930: cond_cannot_single: Condition "read_only", taking false branch. Now the value of "read_only" cannot be equal to 1. mongo-python-driver-3.6.1/pymongo/database.py:937: cannot_single: At condition "read_only", the value of "read_only" cannot be equal to 1. mongo-python-driver-3.6.1/pymongo/database.py:937: truth: At condition "read_only", the truth value of "read_only" must be false. mongo-python-driver-3.6.1/pymongo/database.py:937: dead_error_condition: The condition "read_only" cannot be true. mongo-python-driver-3.6.1/pymongo/database.py:938: dead_error_line: Execution cannot reach this statement: "warnings.warn("The read_onl...". # 936| # 937| elif read_only: # 938|-> warnings.warn("The read_only option is deprecated in MongoDB " # 939| ">= 2.6, use 'roles' instead", DeprecationWarning) # 940| Error: FORWARD_NULL (CWE-476): mongo-python-driver-3.6.1/pymongo/mongo_client.py:1066: null_check: Comparing "session" to a null-like value implies that "session" might be null-like. mongo-python-driver-3.6.1/pymongo/mongo_client.py:1078: property_access: Accessing a property of null-like value "session". # 1076| if is_retrying(): # 1077| # Reset the transaction id and retry the operation. # 1078|-> session._retry_transaction_id() # 1079| return func(session, sock_info, retryable) # 1080| except ServerSelectionTimeoutError: Error: UNREACHABLE (CWE-561): mongo-python-driver-3.6.1/test/test_client.py:572: unreachable: This code cannot be reached: "dbs = self.client.database_...". # 570| raise SkipTest("This test often fails due to SERVER-2329") # 571| # 572|-> dbs = self.client.database_names() # 573| self.assertNotIn("pymongo_test", dbs) # 574| self.assertNotIn("pymongo_test2", dbs) Error: IDENTIFIER_TYPO: mongo-python-driver-3.6.1/test/test_cursor.py:360: identifier_typo: Using "readConern" appears to be a typo: * Identifier "readConern" is only known to be referenced here, or in copies of this code. * Identifier "readConcern" is referenced elsewhere at least 24 times. mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/pymongo/collection.py:2074: identifier_use: Example 1: Using identifier "readConcern". mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/pymongo/message.py:287: identifier_use: Example 2: Using identifier "readConcern". mongo-python-driver-3.6.1/build/lib.linux-x86_64-3.6/pymongo/network.py:89: identifier_use: Example 3: Using identifier "readConcern" (2 total uses in this function). mongo-python-driver-3.6.1/test/test_read_concern.py:121: identifier_use: Example 4: Using identifier "readConcern". mongo-python-driver-3.6.1/test/test_session.py:860: identifier_use: Example 5: Using identifier "readConcern". mongo-python-driver-3.6.1/test/test_cursor.py:360: remediation: Should identifier "readConern" be replaced by "readConcern"? # 358| started = listener.results['started'] # 359| self.assertEqual(len(started), 1) # 360|-> self.assertNotIn("readConern", started[0].command) # 361| # 362| def test_hint(self): Error: IDENTIFIER_TYPO: mongo-python-driver-3.6.1/test/test_session.py:719: identifier_typo: Using "doesntexist" appears to be a typo: * Identifier "doesntexist" is only known to be referenced here, or in copies of this code. * Identifier "doesnotexist" is referenced elsewhere at least 2 times. mongo-python-driver-3.6.1/test/test_database.py:306: identifier_use: Example 1: Using identifier "doesnotexist". mongo-python-driver-3.6.1/test/test_database.py:325: identifier_use: Example 2: Using identifier "doesnotexist". mongo-python-driver-3.6.1/test/test_session.py:719: remediation: Should identifier "doesntexist" be replaced by "doesnotexist"? # 717| self.listener.results.clear() # 718| try: # 719|-> self.client.pymongo_test.command('doesntexist', session=sess) # 720| except: # 721| pass Error: DEADCODE (CWE-561): mongo-python-driver-3.6.1/test/utils.py:386: assignment: Assigning: "tag_sets" = "{tag_sets}". mongo-python-driver-3.6.1/test/utils.py:387: cond_types: Condition "tag_sets", taking true branch. Now the type of "tag_sets" cannot be any of undefined and null. mongo-python-driver-3.6.1/test/utils.py:388: possible_types: At condition "tag_sets", the type of "tag_sets" cannot be any of undefined and null. mongo-python-driver-3.6.1/test/utils.py:387: cond_cannot_single: Condition "tag_sets", taking true branch. Now the value of "tag_sets" cannot be equal to 0. mongo-python-driver-3.6.1/test/utils.py:388: cannot_single: At condition "tag_sets", the value of "tag_sets" cannot be equal to 0. mongo-python-driver-3.6.1/test/utils.py:388: truth: At condition "tag_sets", the truth value of "tag_sets" must be true. mongo-python-driver-3.6.1/test/utils.py:388: dead_error_condition: The condition "tag_sets" must be true. mongo-python-driver-3.6.1/test/utils.py:388: dead_error_line: Execution cannot reach the expression "pref.tag_sets" inside this statement: "tags = (tag_sets || pref.ta...". # 386| tag_sets = [tag_sets] # 387| if tag_sets: # 388|-> tags = tag_sets or pref.tag_sets # 389| pref = pref.__class__(tags) # 390|