Code Room
Code reviewHardcr-g547
Subject Security command injectionLevel Senior–Staff~22 minCommon in Security interviewsIndustries Software development, IT services

Question

Review this Node.js endpoint that pings a host for a diagnostics tool.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjavascript
const { exec } = require('child_process');const express = require('express');const app = express(); app.get('/diag/ping', (req, res) => {  const host = req.query.host;  exec(`ping -c 4 ${host}`, (err, stdout, stderr) => {    if (err) {      return res.status(500).send(stderr);    }    res.type('text/plain').send(stdout);  });});
Run or narrate your approach, then ask the coach.