.

CERT-Polska · Oct 16, 2024 · af532dc · af532dc
1 parent 4e7fdba
commit af532dc
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/artemis/http_requests.py b/artemis/http_requests.py
@@ -81,7 +81,7 @@ def _request(
         # https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers
         # so let's check something lower to make sure our modules aren't exceeding the limit e.g.
         # when batching parameters for SQL injection check.
-        assert len(url) < 1600
+        assert len(url) < 1600, f"URL too long, has {len(url)} characters"
 
     def _internal_request() -> HTTPResponse:
         headers = copy.copy(HEADERS)

diff --git a/artemis/modules/sql_injection_detector.py b/artemis/modules/sql_injection_detector.py
@@ -167,7 +167,7 @@ def scan(self, urls: List[str], task: Task) -> List[Dict[str, Any]]:
 
         # The code below may look complicated and repetitive, but it shows how the scanning logic works.
         for current_url in urls:
-            for param_batch in more_itertools.batched(URL_PARAMS, 60):
+            for param_batch in more_itertools.batched(URL_PARAMS, 50):
                 if self.is_url_with_parameters(current_url):
                     for error_payload in sql_injection_error_payloads:
                         url_with_payload = self.change_url_params(