Code Room
Code reviewHardcr-g040
Subject Insecure deserializationLevel Senior–Staff~30 minCommon in Distributed systems interviewsIndustries Software development

Question

Review this Java endpoint that accepts a serialized 'preferences' blob.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjava
@PostMapping("/prefs/import")public ResponseEntity<String> importPrefs(@RequestBody byte[] body) throws Exception {    try (ObjectInputStream ois =             new ObjectInputStream(new ByteArrayInputStream(body))) {        UserPrefs prefs = (UserPrefs) ois.readObject();        prefsService.apply(prefs);        return ResponseEntity.ok("imported");    }}
Run or narrate your approach, then ask the coach.