Wildcards "%" and "_" can be used on partial searches

[pcarana]

When a partial search is made using the only wildcard allowed "*", I still can use other wildcards to get more information in the response. Here are some cases assuming that the minimum of characters allowed for the search is 5:
"/domains?name=%%a%*" will search for all the domains that have the char 'a' in their names.
"/domains?name=__e_*" will search for all the domains that the 3rd char of its name is the char 'e' followed by at least another char.

The use of this wildcards is valid when I have a MySQL or Oracle DB (just to say a few databases) as my data repository. To avoid this behavior I propose this update on the server code "mx.nic.rdap.server.RdapSearchRequest" line 80:

default:
	searchReq.type = RequestSearchType.PARTIAL_SEARCH;
	// Escape special characters to avoid its use as wildcards
	if (searchReq.getParameterValue().contains("*")) {
		searchReq.setParameterValue(searchReq.getParameterValue().replaceAll("(\\%|\\_)", "\\\\$1"));
	}
	break;

The purpose of the code is to escape the wildcards if the search is to be made using the sentence "LIKE" in the implementation, which I think is the most probable case.

[pcarana]

The purpose of the code is to escape the wildcards if the search is to be made using the sentence "LIKE" in the implementation, which I think is the most probable case.

This issue left me thinking: the server shouldn't be responsible to escape this characters, this should be a task of the implementation. The implementation should identify which are special characters in order to take action (escape them, ignore them,...).

Closing the issue and reporting at rdap-sql-provider...