MySQL LIKE escaping in consentelement store is missing backslash escape

## Summary

The MySQL `LIKE` escaper in `consent-server/internal/consentelement/store.go` does not escape literal backslashes in user input. If a consent element name contains a backslash character, it will be misinterpreted as an escape sequence in the SQL `LIKE` pattern, potentially causing unexpected query behavior.

## Details

In `consent-server/internal/consentelement/store.go`, the MySQL escaper is built as:

```go
escaper = strings.NewReplacer("%", "\\%", "_", "\\_")
```

It is missing the backslash-to-double-backslash replacement. The correct version (matching the pattern already used in `consent-server/internal/consentpurpose/store.go`) should be:

```go
escaper = strings.NewReplacer("\\", "\\\\", "%", "\\%", "_", "\\_")
```

## Impact

Consent element names containing a literal `\` character will not be properly escaped before being used in a SQL `LIKE` query against MySQL.

## Related

- PR: https://github.com/wso2/openfgc/pull/23
- Review comment: https://github.com/wso2/openfgc/pull/23#discussion_r2945764310
- Reported by: @ThaminduDilshan

## Note

This issue pre-existed before PR #23 (present since commit [8b93ecab](https://github.com/wso2/openfgc/blob/8b93ecabc0de64de3d0e38c41b6090e920b0e8d4/consent-server/internal/consentelement/store.go#L174)) and was not introduced by that PR.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MySQL LIKE escaping in consentelement store is missing backslash escape #24

Summary

Details

Impact

Related

Note

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

MySQL LIKE escaping in consentelement store is missing backslash escape #24

Description

Summary

Details

Impact

Related

Note

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions