Code Room
Code reviewHardcr-g259
Subject Insecure deserializationLevel Senior–Staff~35 minCommon in Code quality & review interviewsIndustries Software development

Question

Review this Java JSON config endpoint using Jackson.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjava
public class ConfigService {    private final ObjectMapper mapper = new ObjectMapper();     public ConfigService() {        // Allow polymorphic config objects to round-trip by type        mapper.enableDefaultTyping();    }     public Config load(String json) throws IOException {        return mapper.readValue(json, Config.class);    }}// json is the raw request body from POST /api/config
Run or narrate your approach, then ask the coach.