sdk/python/Databases/PyPyMongo

PyPyMongo

PyMongo is the official MongoDB driver for Python. Collection methods accept filter dicts; NoSQL injection occurs when filter dicts are built from user-supplied JSON that lets attackers inject $where, $regex, or operator keys.

5 sinks

Taint flow0 sources → 5 sinks

Sinks — dangerous call

.find()Queries documents

.find_one()Returns first matching document

.update_one()Updates a single document

.delete_one()Deletes a single document

.aggregate()Runs an aggregation pipeline

Sinks

— dangerous functions taint must not reach

.find()Sink

Signature

Collection.find(filter: Mapping = None, projection: Mapping = None, ...) -> Cursor

Queries documents. NoSQL injection sink if filter is built from user input.

tracks:0

.find_one()Sink

Signature

Collection.find_one(filter: Mapping = None, ...) -> dict | None

Returns first matching document. Same NoSQL injection risk.

tracks:0

.update_one()Sink

Signature

Collection.update_one(filter: Mapping, update: Mapping, ...) -> UpdateResult

Updates a single document. Injection sink on filter and update args.

tracks:0, 1

.delete_one()Sink

Signature

Collection.delete_one(filter: Mapping, ...) -> DeleteResult

Deletes a single document. NoSQL injection sink.

tracks:0

.aggregate()Sink

Signature

Collection.aggregate(pipeline: Sequence[Mapping], ...) -> CommandCursor

Runs an aggregation pipeline. Each stage can be injection-sensitive.

tracks:0

Fully-Qualified Names

FQN	Field
pymongo	fqns[0]
pymongo.collection.Collection	fqns[1]
pymongo.MongoClient	fqns[2]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py

from codepathfinder.go_rule import PyPyMongo

← PreviousPyPsycopg2

Next →PyPymysql