Code Room
CodingMediumcod-g1115
Subject SecurityLevel Mid–Senior~25 minCommon in Security interviewsIndustries Software development

Question

Sanitize an untrusted upload path so it cannot escape a base directory. Given a base directory like '/srv/uploads' and an untrusted relative path (which may contain '..', '.', leading slashes, or empty segments), resolve it WITHOUT touching the filesystem: split on '/', drop '.' and empty segments, and for each '..' pop the last accumulated segment (never popping above the base). Return the joined absolute path as base + '/' + the safe remainder. If the remainder is empty, return the base unchanged.

Implement
safe_join(base: str, untrusted: str) → str
Examples
in["/srv/uploads","a/b/c.txt"]out"/srv/uploads/a/b/c.txt"
What a strong answer looks like

State your approach and its time/space complexity out loud before you optimize. Handle the edge cases (empty input, duplicates, overflow), and say why you chose this over the brute force. Green tests are the floor, not the grade.

Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.

Run or narrate your approach, then ask the coach.