Code Room
Code reviewMediumcr-g027
Subject Path traversalLevel Mid–Senior~20 minCommon in Code quality & review interviewsIndustries Software development

Question

Review this Node.js (Express) file-download route.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjs
const BASE = '/var/app/user_uploads'; app.get('/files/:name', (req, res) => {  const name = req.params.name;  if (name.includes('..')) {    return res.status(400).send('nope');  }  const full = path.join(BASE, name);  fs.createReadStream(full)    .on('error', () => res.status(404).end())    .pipe(res);});
Run or narrate your approach, then ask the coach.