Code Room
Code reviewMediumcr-g440
Subject XxeLevel Mid–Senior~20 minCommon in Code quality & review interviewsIndustries Software development

Question

Review this Python endpoint that parses a user-uploaded XML config, with external entities already disabled.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewpython
from lxml import etree @app.route('/import', methods=['POST'])def import_config():    xml_bytes = request.get_data()    parser = etree.XMLParser(resolve_entities=False, no_network=True)    try:        root = etree.fromstring(xml_bytes, parser=parser)    except etree.XMLSyntaxError:        return {'error': 'invalid xml'}, 400    config = {el.tag: el.text for el in root}    save_config(config)    return {'imported': len(config)}
Run or narrate your approach, then ask the coach.