diff --git a/python/lang/security/audit/conn_recv.py b/python/lang/security/audit/conn_recv.py
index 1a517ecde1..231dd4ffdd 100644
--- a/python/lang/security/audit/conn_recv.py
+++ b/python/lang/security/audit/conn_recv.py
@@ -12,5 +12,5 @@
 output = {}
 connection.send(output)
 
-# toodoruleid:multiprocessing.recv
+# todoruleid:multiprocessing.recv
 rx = connection.recv()
diff --git a/python/lang/security/deserialization/pickle.py b/python/lang/security/deserialization/pickle.py
index 436f34b45b..5a1e8655ec 100644
--- a/python/lang/security/deserialization/pickle.py
+++ b/python/lang/security/deserialization/pickle.py
@@ -17,9 +17,6 @@ def serialize_exploit():
 
 # Application insecurely deserializes the attacker's serialized data
 def insecure_deserialization(exploit_code):
-    # todok: avoid-pickle
-    # _pickle.loads(exploit_code)
-
     # ruleid: avoid-pickle
     _pickle.loads(exploit_code)