Class SanitizeInstr

java.lang.Object

org.ek9lang.compiler.ir.instructions.IRInstr

org.ek9lang.compiler.ir.instructions.SanitizeInstr

All Implemented Interfaces:

INode

public final class SanitizeInstr
extends IRInstr

IR instruction for sanitizing string values to prevent injection attacks.

Creates a NEW sanitized string from the source operand and stores it in the destination. Format: SANITIZE destination = source

The sanitization ALWAYS creates a new object - either:

• A sanitized copy if the source contained potentially dangerous content
• A clean copy of the source if no sanitization was needed

This ensures consistent copy semantics for the 'sanitized' parameter modifier.

Memory management pattern (generated by IR generation):

SANITIZE _temp_sanitized_0 = sourceVar   ; Create new sanitized string
RETAIN _temp_sanitized_0                  ; Increment reference count
SCOPE_REGISTER _temp_sanitized_0 scope_N  ; Register for automatic cleanup
CALL method(_temp_sanitized_0)            ; Use the sanitized copy

JVM backend: Ignores RETAIN/SCOPE_REGISTER (GC handles memory). LLVM backend: Uses RETAIN/SCOPE_REGISTER for ARC memory management.

Method Summary

Modifier and Type	Method	Description
String	getDestination()	Get the destination variable name where the sanitized result is stored.
String	getSource()	Get the source variable name being sanitized.
static SanitizeInstr	sanitize(String destination, String source)	Create instruction to sanitize a string and store in destination (no debug info).
static SanitizeInstr	sanitize(String destination, String source, DebugInfo debugInfo)	Create instruction to sanitize a string and store in destination.

Methods inherited from class IRInstr

accept, addOperand, addOperands, equals, getDebugInfo, getEscapeMetaData, getOpcode, getOperands, getResult, hasEscapeMetaData, hashCode, hasResult, isControlFlow, isLabel, isMemoryManagement, isMethodCall, setEscapeMetaData, toString

Methods inherited from class Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Details

sanitize

public static SanitizeInstr sanitize(String destination,
 String source,
 DebugInfo debugInfo)

Create instruction to sanitize a string and store in destination.

Pattern: SANITIZE destination = source

ALWAYS creates a new object. The destination receives either:

• A sanitized copy if source contained dangerous content
• A clean copy of source if no sanitization was needed

Parameters:

destination - The variable to store the sanitized result

source - The variable containing the string to sanitize

debugInfo - Debug information for source mapping (can be null)

Returns:

SANITIZE instruction

sanitize

public static SanitizeInstr sanitize(String destination,
 String source)

Create instruction to sanitize a string and store in destination (no debug info).

Parameters:

destination - The variable to store the sanitized result

source - The variable containing the string to sanitize

Returns:

SANITIZE instruction

getDestination

public String getDestination()

Get the destination variable name where the sanitized result is stored. This is also available via getResult().

getSource

public String getSource()

Get the source variable name being sanitized.