Hi,
if I understand correctly, you are supposing that method changeAmount()
is part of a security sensitive application under attack.
Its implementation first attempts a data validation by invoking
isUserIdAllowedOrThrowException(), then transforms validated data in a
lossy way (narrowing,
No it doesn't. It's still the same byte. However, the 0 to 255 range is
for unsigned bytes, a type that does exist in some other language like
C. In Java bytes are signed, so the same value is represented
differently. However, both 200 (unsigned) and -56 (signed) represent the
same binary
This isn't a security leak in Java (because that would mean it would be
a security leak in any language that supports narrowing). This is a
security leak in the application that does the narrowing. Developers
should be aware that narrowing can change values. And furthermore, I
don't think