Code Room
Code reviewMediumcr-g446
Subject Insecure deserializationLevel Mid–Senior~18 minCommon in ML systems interviewsIndustries Software development, Technology

Question

Review this Python endpoint that loads a user-uploaded YAML pipeline definition.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewpython
import yaml @app.route('/pipelines', methods=['POST'])@login_requireddef create_pipeline():    uploaded = request.files['spec'].read()    spec = yaml.load(uploaded, Loader=yaml.Loader)    steps = spec.get('steps', [])    commands = [s['run'] for s in steps]    pipeline_id = store.save(owner=current_user.id, steps=commands)    return {'id': pipeline_id, 'steps': len(commands)}
Run or narrate your approach, then ask the coach.