Code Room
Code reviewHardcr-g255
Subject SsrfLevel Senior–Staff~35 minCommon in Code quality & review interviewsIndustries Software development

Question

Review this Java internal-API proxy with a host allowlist.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjava
public String proxy(String rawUrl) throws Exception {    URL u = new URL(rawUrl);    if (!u.getHost().endsWith("trusted.internal.example.com")) {        throw new SecurityException("host not allowed");    }    HttpURLConnection c = (HttpURLConnection) u.openConnection();    c.setInstanceFollowRedirects(true);    return new String(c.getInputStream().readAllBytes());}
Run or narrate your approach, then ask the coach.