Code Room
Code reviewHardcr-g566
Subject Ssrf vulnerabilityLevel Senior–Staff~30 minCommon in Security interviewsIndustries Software development, Technology

Question

Review this Python image-import endpoint.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewpython
import requestsfrom flask import request, jsonify @app.route('/import-avatar', methods=['POST'])def import_avatar():    url = request.json['image_url']    if not url.startswith('http'):        return jsonify(error='invalid'), 400    resp = requests.get(url, timeout=5)    data = resp.content    key = upload_to_storage(data)    return jsonify(key=key)
Run or narrate your approach, then ask the coach.