Code Room
Code reviewHardcr-g448
Subject Path traversalLevel Senior–Staff~24 minCommon in Code quality & review interviewsIndustries Software development

Question

Review this Java file-serving endpoint that already normalizes and prefix-checks the path.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjava
File serve(String name) throws IOException {    File base = new File("/srv/files");    File target = new File(base, name).getCanonicalFile();    if (!target.getPath().startsWith(base.getCanonicalPath())) {        throw new SecurityException("escape");    }    return target; // streamed to the client}
Run or narrate your approach, then ask the coach.