Code Room
Code reviewMediumcr-g569
Subject Insecure deserialization vulnerabilityLevel Mid–Senior~22 minCommon in Security interviewsIndustries Software development, IT services

Question

Review this Ruby config-import feature.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewruby
require 'yaml' class ConfigController < ApplicationController  def import    uploaded = params[:config_file].read    config = YAML.load(uploaded)   # parse user-uploaded settings file    current_tenant.apply_settings(config)    redirect_to settings_path, notice: 'Imported'  endend
Run or narrate your approach, then ask the coach.