Code Room
Code reviewHardcr-g568
Subject Insecure deserialization vulnerabilityLevel Senior–Staff~25 minCommon in Security interviewsIndustries Software development

Question

Review this Python session/cache loader.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewpython
import pickle, base64from flask import request @app.route('/restore-state')def restore_state():    blob = request.cookies.get('app_state')    if not blob:        return 'no state', 400    raw = base64.b64decode(blob)    state = pickle.loads(raw)   # rebuild the user's UI state    return render_state(state)
Run or narrate your approach, then ask the coach.