From a203090d78570573863e4f69a08407a6c88578cd Mon Sep 17 00:00:00 2001
From: kingthorin <kingthorin@users.noreply.github.com>
Date: Mon, 22 Jul 2024 09:20:41 -0400
Subject: [PATCH] add caution note

Also make "license" vs "licence" consistent in help.

Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>
---
 CHANGELOG.md                                           |  3 ++-
 README.md                                              | 10 ++++++----
 .../resources/help/contents/communityScripts.html      |  6 ++++--
 targeted/SQLMapCommandGenerator.js                     |  2 +-
 targeted/curl_command_generator.js                     |  2 +-
 targeted/json_csrf_poc_generator.js                    |  2 +-
 targeted/request_to_xml.js                             |  2 +-
 7 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 73421bd3..8b54ddd8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## [Unreleased]
-
+### Changed
+- Add cautionary note to help and readme.
 
 ## [19] - 2024-07-01
 ### Added
diff --git a/README.md b/README.md
index 5198bda2..31a48b23 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,12 @@
-community-scripts
-=================
+# Community Scripts
 
 A collection of ZAP scripts provided by the community, i.e. you lot :)
 
 The easiest way to use this repo in ZAP is to install the 'Community Scripts' add-on from the ZAP Marketplace.
 
+> [!CAUTION]
+> While we do review all scripts to ensure they don't do anything obviously malicious, you should still review them and use them with caution.
+
 If you might want to contribute to the repo then you can also clone it to a local directory and then add that to ZAP using the Options / Scripts screen.
 
 Please upload your scripts via pull requests!
@@ -20,11 +22,11 @@ To discuss any aspect of ZAP scripting please join the zaproxy-scripts group: ht
 
 Please ensure that scripts submitted have the correct extension for the language they are written in.
 
-All scripts in the repo are released under the Apache v2.0 licence.
+All scripts in the repo are released under the Apache v2.0 license.
 
 You may obtain a copy of the License at  http://www.apache.org/licenses/LICENSE-2.0 
 
-By submitting your scripts to this repo you are releasing them under the Apache v2.0 licence, however you may optionally also release them under more lenient licenses via comments in the scripts.
+By submitting your scripts to this repo you are releasing them under the Apache v2.0 license, however you may optionally also release them under more lenient licenses via comments in the scripts.
 
 ## Building
 
diff --git a/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help/contents/communityScripts.html b/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help/contents/communityScripts.html
index d3257402..35aebb0b 100644
--- a/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help/contents/communityScripts.html
+++ b/src/main/javahelp/org/zaproxy/zap/extension/communityScripts/resources/help/contents/communityScripts.html
@@ -11,6 +11,8 @@ <H1>Community Scripts</H1>
 A collection of ZAP scripts provided by the community held in 
 <a href="https://github.com/zaproxy/community-scripts">https://github.com/zaproxy/community-scripts</a>
 <br><br>
+<strong>CAUTION</strong> - While we do review all scripts to ensure they don't do anything obviously malicious, you should still review them and use them with caution.
+<br><br>
 Please upload your scripts via pull requests!
 <br><br>
 For more information on ZAP scripts see:
@@ -24,11 +26,11 @@ <H1>Community Scripts</H1>
 <br><br>
 Please ensure that scripts submitted have the correct extension for the language they are written in.
 <br><br>
-All scripts in the repo are released under the Apache v2.0 licence.
+All scripts in the repo are released under the Apache v2.0 license.
 <br><br>
 You may obtain a copy of the License at <a href="https://www.apache.org/licenses/LICENSE-2.0">https://www.apache.org/licenses/LICENSE-2.0</a>  
 <br><br>
-By submitting your scripts to this repo you are releasing them under the Apache v2.0 licence, however you may optionally also release them under more lenient licenses via comments in the scripts.
+By submitting your scripts to this repo you are releasing them under the Apache v2.0 license, however you may optionally also release them under more lenient licenses via comments in the scripts.
 
 </BODY>
 </HTML>
diff --git a/targeted/SQLMapCommandGenerator.js b/targeted/SQLMapCommandGenerator.js
index 18091f1d..e18132a1 100644
--- a/targeted/SQLMapCommandGenerator.js
+++ b/targeted/SQLMapCommandGenerator.js
@@ -1,5 +1,5 @@
 //it will generate and copy sqlmap command based on the request
-//released under the Apache v2.0 licence.
+//released under the Apache v2.0 license.
 //You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
 //author: @juliosmelo
 
diff --git a/targeted/curl_command_generator.js b/targeted/curl_command_generator.js
index 071dbc5c..3947ba8e 100644
--- a/targeted/curl_command_generator.js
+++ b/targeted/curl_command_generator.js
@@ -1,5 +1,5 @@
 //it will generate and copy curl command based on the request
-//released under the Apache v2.0 licence.
+//released under the Apache v2.0 license.
 //You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
 //author:@haseebeqx
 
diff --git a/targeted/json_csrf_poc_generator.js b/targeted/json_csrf_poc_generator.js
index b4f21a3d..3b45183e 100644
--- a/targeted/json_csrf_poc_generator.js
+++ b/targeted/json_csrf_poc_generator.js
@@ -1,7 +1,7 @@
 //csrf poc generater supporting json csrf
 //also supports multipart/form-data.
 //it will copy the results to clipboard and print them to the zap script console
-// released under the Apache v2.0 licence.
+// released under the Apache v2.0 license.
 //You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
 //Author : @haseebeqx
 
diff --git a/targeted/request_to_xml.js b/targeted/request_to_xml.js
index 0e65a87e..6792b386 100644
--- a/targeted/request_to_xml.js
+++ b/targeted/request_to_xml.js
@@ -5,7 +5,7 @@
 // it may be helpful in finding XXE or other vulnerabilities.
 // this script is intended to  act as an assistant
 // you can  add anything like [!ENTITY] to test in detail
-// released under the Apache v2.0 licence.
+// released under the Apache v2.0 license.
 // You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
 // Author : @haseebeqx (GitHub, Twitter)
 // tested on: ZAP 2.7.0