Why this matters
The bug. Repository lookups for unknown ids commonly return null (older APIs) or Optional.empty() (Spring Data). Either way, .getName() on the result without a null/empty check raises NullPointerException — and in user-facing code, that becomes a 500.
The fix. Migrate the API to return Optional<User> and force the caller to handle absence with orElseThrow. The compiler then prevents the bug.
Bigger picture. Java's billion-dollar mistake. Kotlin and modern Java idioms make absence explicit at the type level — accept the borderline-religious refactor, future-you will thank present-you.
Review heuristic
Search the diff for ! non-null assertions, unwrap() calls, and as Type casts. Each is an assertion the author is making to the compiler. Each needs to be either justified in a comment or replaced with a real null check.
External reference: CWE-476: NULL Pointer Dereference.