Code Room
Code reviewHardcr-g243
Subject SsrfLevel Senior–Staff~35 minCommon in Code quality & review interviewsIndustries Software development

Question

Review this Python webhook/avatar fetcher that already blocks internal IPs.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewpython
import ipaddress, socket, requestsfrom urllib.parse import urlparse def fetch_avatar(url):    host = urlparse(url).hostname    ip = ipaddress.ip_address(socket.gethostbyname(host))    if ip.is_private or ip.is_loopback or ip.is_link_local:        raise ValueError('blocked internal address')    resp = requests.get(url, timeout=5)    return resp.content
Run or narrate your approach, then ask the coach.