Code Room
Code reviewHardcr-g567
Subject Ssrf vulnerabilityLevel Senior–Staff~30 minCommon in Security · Networking & APIs interviewsIndustries Software development, Technology

Question

Review this Go webhook-delivery worker.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewgo
func deliverWebhook(endpoint string, payload []byte) error {    parsed, err := url.Parse(endpoint)    if err != nil {        return err    }    if parsed.Hostname() == "localhost" || parsed.Hostname() == "127.0.0.1" {        return errors.New("blocked")    }    resp, err := http.Post(endpoint, "application/json", bytes.NewReader(payload))    if err != nil {        return err    }    defer resp.Body.Close()    return nil}
Run or narrate your approach, then ask the coach.