← Back to scan
File as GitHub Issue repo: mongodb/mongo

Push this scan report to mongodb/mongo

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

Mutable default argument in `restart_node` (dict)

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
MED MINED109 [MINED109] Mutable default argument in `generate_config_header` (dict): `def generate_con… src/mongo/util/version_constants_gen.py:196
MED MINED109 [MINED109] Mutable default argument in `generate_config_header` (dict): `def generate_con… src/mongo/mongo_config_header.py:442
MED MINED109 [MINED109] Mutable default argument in `generate_config_header` (list): `def generate_con… src/mongo/mongo_config_header.py:442
MED MINED109 [MINED109] Mutable default argument in `setup` (dict): `def setup(... = []/{}/set())` — P… buildscripts/resmokelib/testing/fixture…:210
MED MINED109 [MINED109] Mutable default argument in `restart_node` (dict): `def restart_node(... = []/… buildscripts/resmokelib/testing/fixture…:1095
MED MINED109 [MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set()… buildscripts/resmokelib/testing/hooks/i…:213
MED MINED109 [MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set()… buildscripts/resmokelib/testing/hooks/c…:13
MED MINED109 [MINED109] Mutable default argument in `generate_targets` (list): `def generate_targets(.… bazel/wrapper_hook/autogenerated_target…:41
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… x509/mkcert.py:544
MED MINED109 [MINED109] Mutable default argument in `_query` (list): `def _query(... = []/{}/set())` —… buildscripts/fix_headers.py:94
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/fast_archive.py:53
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/s3_lock.py:82
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/jepsen_report.py:181
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/validate_task_gen.py:59
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/clang_tidy_vscode.py:73
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/github_merge_queue_metrics…:526
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/github_merge_queue_metrics…:494
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/github_merge_queue_metrics…:411
MED MINED109 [MINED109] Mutable default argument in `is_valid_commit` (list): `def is_valid_commit(...… buildscripts/validate_commit_message.py:73
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/sbom_linter.py:233
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/lint_markdown_links.py:1016
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/lint_markdown_links.py:737
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/generate_result_tasks.py:276
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/archive_artifacts.py:27
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/create_todo_tickets.py:45
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/mongosymb.py:402
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/mongosymb.py:101
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/mongosymb.py:424
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/evergreen_expansions2bash.…:105
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/compare_evergreen_versions…:284
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/compare_evergreen_versions…:244
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/compare_evergreen_versions…:727
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/compare_evergreen_versions…:250
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/compare_evergreen_versions…:186
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… buildscripts/compare_evergreen_versions…:165
MED SEC015 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. … jstests/concurrency/fsm_workloads/query…:75
MED SEC015 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. … jstests/concurrency/fsm_workloads/query…:63
MED SEC134 [SEC134] AI scaffold leftover — Lorem ipsum / example.com / John Doe in code: Lorem ipsum… jstests/concurrency/fsm_workloads/crud/…:28
MED SEC087 [SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; … jstests/core/administrative/auth1.js:21
MED SEC087 [SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; … jstests/concurrency/fsm_workloads/compa…:87
MED SEC087 [SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; … jstests/concurrency/fsm_workloads/clean…:29
MED ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. jstests/auth/logout_reconnect.js:38
MED ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. jstests/aggregation/sources/group/group…:19
MED ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. jstests/aggregation/exec/agg_drop_index…:28
MED SEC123 [SEC123] Production stack trace / debug output exposed: Debug mode left on in production … evergreen/resmoke_tests_execute_bazel.sh:167
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… evergreen/spawnhost/extract_artifacts.py:23
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… evergreen/macos_notary.py:38
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… buildscripts/resmokelib/setup_multivers…:100
MED SEC037 [SEC037] Uncontrolled Recursion — stack/depth exhaustion: Parsing arbitrary-depth user in… buildscripts/apply_clang_tidy_fixes.py:83
MED SEC136 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all excepti… bazel/resmoke/download_historic_runtime…:33
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… buildscripts/archive_artifacts.py:45
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… bazel/wrapper_hook/generate_common_bes_…:43
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… bazel/resmoke/derive_suite_selectors.py:97
MED SEC007 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. bazel/resmoke/derive_suite_selectors.py:77
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … buildscripts/sbom/config.py:136
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … buildscripts/local_rbe_container_url.py:80
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … bazel/platforms/remote_execution_contai…:46
MED SEC119 [SEC119] World-writable / world-readable file permissions: World-writable files let any l… bazel/mongot_extension_signing_key/gpg_…:74
MED SEC119 [SEC119] World-writable / world-readable file permissions: World-writable files let any l… bazel/install_rules/install_rules.py:15
MED SEC119 [SEC119] World-writable / world-readable file permissions: World-writable files let any l… bazel/gpg_signer.py:79
MED COMP001 [COMP001] High cognitive complexity: Function `_rg_s3_url_for` has cognitive complexity 1… bazel/auto_header/ensure_fd.py:116
MED AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks…
MED DKR007 Docker build context has no .dockerignore .dockerignore
MED DKR018 Database dump or local database file is included in Docker build context .dockerignore
MED DKR001 Docker final stage has no non-root USER src/third_party/zstandard/zstd/contrib/…:10
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/third_party/t…:12
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/third_party/r…:1
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/third_party/r…:1
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/third_party/r…:1
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/third_party/r…:1
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/third_party/r…:1
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/third_party/r…:1
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/third_party/r…:1
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/third_party/r…:1
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/third_party/r…:1
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/third_party/r…:1
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/examples/cpp/…:28
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/examples/cpp/…:28
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/examples/cpp/…:28
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/examples/cpp/…:28
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/examples/cpp/…:28
MED DKR001 Docker final stage has no non-root USER src/third_party/grpc/dist/examples/cpp/…:28
MED DKR001 Docker final stage has no non-root USER buildscripts/antithesis/base_images/wor…:1
MED DKR001 Docker final stage has no non-root USER buildscripts/antithesis/base_images/mon…:1
MED DKR001 Docker final stage has no non-root USER bazel/remote_execution_container/ubuntu…:15
MED DKR001 Docker final stage has no non-root USER bazel/remote_execution_container/ubuntu…:15
MED DKR001 Docker final stage has no non-root USER bazel/remote_execution_container/ubuntu…:15
MED DKR001 Docker final stage has no non-root USER bazel/remote_execution_container/ubuntu…:15
MED DKR001 Docker final stage has no non-root USER bazel/remote_execution_container/suse/d…:15
MED DKR001 Docker final stage has no non-root USER bazel/remote_execution_container/rhel93…:15
MED DKR001 Docker final stage has no non-root USER bazel/remote_execution_container/rhel89…:15
MED DKR001 Docker final stage has no non-root USER bazel/remote_execution_container/rhel10…:12
MED DKR001 Docker final stage has no non-root USER bazel/remote_execution_container/debian…:15
MED DKR001 Docker final stage has no non-root USER bazel/remote_execution_container/debian…:12
MED DKR001 Docker final stage has no non-root USER bazel/remote_execution_container/amazon…:15
MED DKR001 Docker final stage has no non-root USER bazel/remote_execution_container/amazon…:15
MED AIC001 Parallel implementation file sits beside a canonical file jstests/core/query/find_and_modify/find…:1
MED AIC001 Parallel implementation file sits beside a canonical file jstests/core/capped/capped_update.js:1
MED AIC001 Parallel implementation file sits beside a canonical file jstests/concurrency/fsm_workloads/query…:1
MED WEB003 Public web service has no security.txt .well-known/security.txt
MED AIC004 Suspicious implementation file appears unreferenced jstests/sharding/query/update/update_sh…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/sharding/migration_blocking_ope…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/noPassthrough/timeseries/write/…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/noPassthrough/timeseries/update…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/noPassthrough/timeseries/update…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/noPassthrough/timeseries/timese…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/noPassthrough/query/interrupted…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/noPassthrough/query/accumulator…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/noPassthrough/index_builds/hybr…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/noPassthrough/ddl/clear_jumbo_f…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/core/timeseries/write/timeserie…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/core/timeseries/query/timeserie…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/core/timeseries/query/timeserie…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/core/query/query_settings/query…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/core/query/internal_apply_oplog…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/core/query/find_and_modify/find…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/core/query/find_and_modify/find…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/core/query/find_and_modify/find…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/core/query/batch_write/batch_wr…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/concurrency/fsm_workloads/times…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/concurrency/fsm_workloads/rando…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/concurrency/fsm_workloads/query…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/change_streams/oplog_rewrite/ch…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/change_streams/oplog_rewrite/ch…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/change_streams/oplog_rewrite/ch…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/change_streams/oplog_rewrite/ch…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/change_streams/oplog_rewrite/ch…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/change_streams/oplog_rewrite/ch…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/change_streams/oplog_rewrite/ch…:1
MED AIC004 Suspicious implementation file appears unreferenced jstests/change_streams/oplog_rewrite/ch…:1
MED AGT015 Remote install command pipes network code directly to a shell buildscripts/mongo_rg_builds/build_rg_m…:73
MED AGT015 Remote install command pipes network code directly to a shell buildscripts/mongo_rg_builds/build_rg_m…:16
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. buildscripts/cost_model/database_instan…:71
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. buildscripts/bazel_rules_mongo/engflow_…:117
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. bazel/install_rules/pretty_printer_test…:20
MED CORE_NO_CI No CI/CD configuration found
LOW AIC003 Duplicated implementation block across source files buildscripts/resmokelib/testing/hooks/s…:308
LOW AIC003 Duplicated implementation block across source files buildscripts/resmokelib/testing/hooks/s…:74
LOW AIC003 Duplicated implementation block across source files buildscripts/resmokelib/testing/hooks/s…:72
LOW AIC003 Duplicated implementation block across source files buildscripts/resmokelib/testing/hooks/r…:204
LOW AIC003 Duplicated implementation block across source files buildscripts/resmokelib/testing/hooks/r…:174
LOW AIC003 Duplicated implementation block across source files buildscripts/resmokelib/testing/hooks/r…:44
LOW AIC003 Duplicated implementation block across source files buildscripts/resmokelib/testing/hooks/r…:42
LOW AIC003 Duplicated implementation block across source files buildscripts/resmokelib/testing/hooks/r…:41
LOW AIC003 Duplicated implementation block across source files buildscripts/resmokelib/testing/hooks/m…:41
LOW AIC003 Duplicated implementation block across source files buildscripts/resmokelib/testing/hooks/m…:40
LOW AIC003 Duplicated implementation block across source files buildscripts/resmokelib/testing/hooks/f…:266
LOW AIC003 Duplicated implementation block across source files buildscripts/resmokelib/testing/hooks/d…:37
LOW AIC003 Duplicated implementation block across source files buildscripts/resmokelib/testing/hooks/d…:36
LOW AIC003 Duplicated implementation block across source files buildscripts/resmokelib/testing/hooks/d…:36
LOW AIC003 Duplicated implementation block across source files buildscripts/packager_enterprise.py:206
LOW AIC003 Duplicated implementation block across source files buildscripts/idl/idl/syntax.py:264
LOW AIC003 Duplicated implementation block across source files buildscripts/evergreen_activate_result_…:8
LOW AIC003 Duplicated implementation block across source files bazel/wrapper_hook/lint.py:384
LOW AIC003 Duplicated implementation block across source files bazel/mongot_extension_signing_key/gpg_…:10
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/third_party/grpc/dist/examples/cpp/…:30
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/third_party/grpc/dist/examples/cpp/…:17
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/third_party/grpc/dist/examples/cpp/…:30
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/third_party/grpc/dist/examples/cpp/…:17
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/third_party/grpc/dist/examples/cpp/…:32
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/third_party/grpc/dist/examples/cpp/…:17
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/third_party/grpc/dist/examples/cpp/…:30
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/third_party/grpc/dist/examples/cpp/…:17
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/third_party/grpc/dist/examples/cpp/…:30
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/third_party/grpc/dist/examples/cpp/…:17
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/third_party/grpc/dist/examples/cpp/…:30
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/third_party/grpc/dist/examples/cpp/…:17
LOW DKR010 Dockerfile leaves apt package indexes in the image layer buildscripts/antithesis/base_images/wor…:29
LOW DKR010 Dockerfile leaves apt package indexes in the image layer buildscripts/antithesis/base_images/wor…:17
LOW DKR010 Dockerfile leaves apt package indexes in the image layer buildscripts/antithesis/base_images/mon…:19
LOW DKR011 Dockerfile installs recommended OS packages src/third_party/grpc/dist/examples/cpp/…:30
LOW DKR011 Dockerfile installs recommended OS packages src/third_party/grpc/dist/examples/cpp/…:17
LOW DKR011 Dockerfile installs recommended OS packages src/third_party/grpc/dist/examples/cpp/…:30
LOW DKR011 Dockerfile installs recommended OS packages src/third_party/grpc/dist/examples/cpp/…:17
LOW DKR011 Dockerfile installs recommended OS packages src/third_party/grpc/dist/examples/cpp/…:32
LOW DKR011 Dockerfile installs recommended OS packages src/third_party/grpc/dist/examples/cpp/…:17
LOW DKR011 Dockerfile installs recommended OS packages src/third_party/grpc/dist/examples/cpp/…:30
LOW DKR011 Dockerfile installs recommended OS packages src/third_party/grpc/dist/examples/cpp/…:17
LOW DKR011 Dockerfile installs recommended OS packages src/third_party/grpc/dist/examples/cpp/…:30
LOW DKR011 Dockerfile installs recommended OS packages src/third_party/grpc/dist/examples/cpp/…:17
LOW DKR011 Dockerfile installs recommended OS packages src/third_party/grpc/dist/examples/cpp/…:30
LOW DKR011 Dockerfile installs recommended OS packages src/third_party/grpc/dist/examples/cpp/…:17
LOW DKR012 Dockerfile keeps pip download cache buildscripts/antithesis/base_images/wor…:96
LOW DKR012 Dockerfile keeps pip download cache buildscripts/antithesis/base_images/wor…:42
LOW DKR012 Dockerfile keeps pip download cache .devcontainer/Dockerfile:134
LOW DKR011 Dockerfile installs recommended OS packages .devcontainer/Dockerfile:13
LOW AIC005 Duplicate top-level symbol appears in a patch-style file src/mongo/db/query/fle/server_rewrite.h:1
LOW AIC005 Duplicate top-level symbol appears in a patch-style file src/mongo/db/query/write_ops/canonical_…:1
LOW AIC005 Duplicate top-level symbol appears in a patch-style file src/mongo/bson/bson_validate_old.cpp:1
LOW AIC005 Duplicate top-level symbol appears in a patch-style file src/mongo/bson/bson_validate_old.h:1
LOW AIC005 Duplicate top-level symbol appears in a patch-style file src/mongo/dbtests/query_stage_update.cpp:1
LOW AIC005 Duplicate top-level symbol appears in a patch-style file jstests/concurrency/fsm_workloads/query…:1
LOW AIC002 Source file name looks like an AI patch artifact jstests/core/timeseries/write/timeserie…:1
LOW AIC002 Source file name looks like an AI patch artifact jstests/core/timeseries/write/timeserie…:1
LOW AIC002 Source file name looks like an AI patch artifact jstests/core/timeseries/query/timeserie…:1
LOW AIC002 Source file name looks like an AI patch artifact jstests/core/timeseries/query/timeserie…:1
LOW AIC002 Source file name looks like an AI patch artifact jstests/core/query/update/collation_upd…:1
LOW AIC002 Source file name looks like an AI patch artifact jstests/core/query/query_settings/query…:1
LOW AIC002 Source file name looks like an AI patch artifact jstests/core/query/find_and_modify/find…:1
LOW AIC002 Source file name looks like an AI patch artifact jstests/core/query/find_and_modify/find…:1
Reset to top 5 200 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `mongodb/mongo`

**Score: 77/100 (B-)**  ·  443 findings  ·  scanned 2026-06-05 18:45 UTC  ·  2,980,596 LOC

| Severity | Count |
|---|---|
| CRITICAL | 38 |
| HIGH | 103 |
| MEDIUM | 136 |
| LOW | 87 |

📊 [Full filterable report](https://repobility.com/scan/45d72c0d-64be-4ed4-87e7-e4892f4ee018/)  ·  ![scorecard](https://repobility.com/scan/45d72c0d-64be-4ed4-87e7-e4892f4ee018/report.png?v=1780685104-s2)

### Top findings

1. **MEDIUM** `MINED109` — Mutable default argument in `generate_config_header` (dict)
   `src/mongo/util/version_constants_gen.py:196` · ✓ Repobility
2. **MEDIUM** `MINED109` — Mutable default argument in `generate_config_header` (dict)
   `src/mongo/mongo_config_header.py:442` · ✓ Repobility
3. **MEDIUM** `MINED109` — Mutable default argument in `generate_config_header` (list)
   `src/mongo/mongo_config_header.py:442` · ✓ Repobility
4. **MEDIUM** `MINED109` — Mutable default argument in `setup` (dict)
   `buildscripts/resmokelib/testing/fixtures/standalone.py:210` · ✓ Repobility
5. **MEDIUM** `MINED109` — Mutable default argument in `restart_node` (dict)
   `buildscripts/resmokelib/testing/fixtures/replicaset.py:1095` · ✓ Repobility

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/45d72c0d-64be-4ed4-87e7-e4892f4ee018/_
Megaproject â high spam risk
Could not determine 'mongodb/mongo' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Open in GitHub to file this issue Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.