Code Room
Code reviewHard
Question
Review this Java file-serving endpoint that already normalizes and prefix-checks the path.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
File serve(String name) throws IOException { File base = new File("/srv/files"); File target = new File(base, name).getCanonicalFile(); if (!target.getPath().startsWith(base.getCanonicalPath())) { throw new SecurityException("escape"); } return target; // streamed to the client}Run or narrate your approach, then ask the coach.