BLC 2.0 False Positives on common services with manadory query parameters

  • Resolved davidginzberg

    (@davidginzberg)


    3 months ago

    Hello,

    In testing the new cloud scanning engine introduced with BLC 2.0, I’ve run into an issue where links that contain a query parameter that cannot be omitted (such as YouTube playlists, Google calendar links, etc.)

    I know that removing query parameters is the default behavior, but without some way to allowlist certain parameters or detect when parameters are a meaningful part of a URL (such as trying the URL again with the query parameters included if the stripped URL fails) this leads to a large number of false positives.

    One good example is YouTube Playlists. Here’s one for the BLC team to listen to while debugging this issue ?? Below is an example of testing this URL using the curl command provided elsewhere in the support forum, both with and without the query parameter:

    ~: curl --header "X-Forawarded-For: 165.227.127.103" -I -A "WPMU DEV Broken Link Checker Spider" "https://www.youtube.com/playlist"
    HTTP/2 404
    content-type: text/html; charset=utf-8
    ...
    ~: curl --header "X-Forawarded-For: 165.227.127.103" -I -A "WPMU DEV Broken Link Checker Spider" "https://www.youtube.com/playlist?list=PLd4WuOjySbJyxmFpBOE71slcbqvK9K2jd"
    HTTP/2 200
    content-type: text/html; charset=utf-8
    ...

    As you can see from the example, the only difference is the presence or absence of the “list” query parameter. Omitting that will always produce a 404 error. Please provide an update or documentation to address this issue, both for known services, and for others that may be newly created and wouldn’t be on an internal allowlist.

    Thank you,
    David

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Nebu John – WPMU DEV Support

    (@wpmudevsupport14)

    Hi @davidginzberg,

    I hope this message finds you well and thank you for sharing the feedback.

    Our developers are already aware of this issue and we have an improvement task in the plugin backlog that will address this issue. However, an ETA on this cannot be provided at the moment.

    Kind Regards,
    Nebu John

    Thread Starter davidginzberg

    (@davidginzberg)

    Thanks for the update Nebu. I’ll keep an eye on this thread for further updates on this issue.

    Cheers,
    David

    Plugin Support Williams – WPMU DEV Support

    (@wpmudev-support8)

    Hi @davidginzberg

    As my colleague mentioned, we don’t have ETA on the fix. We may not also be able to notify everyone separately about it being released – we’ll try but I can’t promise that.

    However, when the fix is released it will be listed in the changelog here:

    https://www.ads-software.com/plugins/broken-link-checker/#developers

    Please keep an eye on it and I’m marking this as resolved as the issue is acknowledged as a bug and confirmed to be fixed with one of future releases.

    Kind regards,
    Adam

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.