Merge pull request #459 from kingthorin/add-caution

add caution note
zaproxy · Jul 25, 2024 · bf5135a · bf5135a
2 parents 2b74b10 + a203090
commit bf5135a
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,7 +4,8 @@ All notable changes to this add-on will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## [Unreleased]
-
+### Changed
+- Add cautionary note to help and readme.
 
 ## [19] - 2024-07-01
 ### Added

diff --git a/README.md b/README.md
@@ -1,10 +1,12 @@
-community-scripts
-=================
+# Community Scripts
 
 A collection of ZAP scripts provided by the community, i.e. you lot :)
 
 The easiest way to use this repo in ZAP is to install the 'Community Scripts' add-on from the ZAP Marketplace.
 
+> [!CAUTION]
+> While we do review all scripts to ensure they don't do anything obviously malicious, you should still review them and use them with caution.
+
 If you might want to contribute to the repo then you can also clone it to a local directory and then add that to ZAP using the Options / Scripts screen.
 
 Please upload your scripts via pull requests!
@@ -20,11 +22,11 @@ To discuss any aspect of ZAP scripting please join the zaproxy-scripts group: ht
 
 Please ensure that scripts submitted have the correct extension for the language they are written in.
 
-All scripts in the repo are released under the Apache v2.0 licence.
+All scripts in the repo are released under the Apache v2.0 license.
 
 You may obtain a copy of the License at  http://www.apache.org/licenses/LICENSE-2.0 
 
-By submitting your scripts to this repo you are releasing them under the Apache v2.0 licence, however you may optionally also release them under more lenient licenses via comments in the scripts.
+By submitting your scripts to this repo you are releasing them under the Apache v2.0 license, however you may optionally also release them under more lenient licenses via comments in the scripts.
 
 ## Building
 

diff --git a/.../org/zaproxy/zap/extension/communityScripts/resources/help/contents/communityScripts.html b/.../org/zaproxy/zap/extension/communityScripts/resources/help/contents/communityScripts.html
@@ -11,6 +11,8 @@ <H1>Community Scripts</H1>
 A collection of ZAP scripts provided by the community held in 
 <a href="https://github.com/zaproxy/community-scripts">https://github.com/zaproxy/community-scripts</a>
 <br><br>
+<strong>CAUTION</strong> - While we do review all scripts to ensure they don't do anything obviously malicious, you should still review them and use them with caution.
+<br><br>
 Please upload your scripts via pull requests!
 <br><br>
 For more information on ZAP scripts see:
@@ -24,11 +26,11 @@ <H1>Community Scripts</H1>
 <br><br>
 Please ensure that scripts submitted have the correct extension for the language they are written in.
 <br><br>
-All scripts in the repo are released under the Apache v2.0 licence.
+All scripts in the repo are released under the Apache v2.0 license.
 <br><br>
 You may obtain a copy of the License at <a href="https://www.apache.org/licenses/LICENSE-2.0">https://www.apache.org/licenses/LICENSE-2.0</a>  
 <br><br>
-By submitting your scripts to this repo you are releasing them under the Apache v2.0 licence, however you may optionally also release them under more lenient licenses via comments in the scripts.
+By submitting your scripts to this repo you are releasing them under the Apache v2.0 license, however you may optionally also release them under more lenient licenses via comments in the scripts.
 
 </BODY>
 </HTML>
diff --git a/targeted/SQLMapCommandGenerator.js b/targeted/SQLMapCommandGenerator.js
@@ -1,5 +1,5 @@
 //it will generate and copy sqlmap command based on the request
-//released under the Apache v2.0 licence.
+//released under the Apache v2.0 license.
 //You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
 //author: @juliosmelo
 

diff --git a/targeted/curl_command_generator.js b/targeted/curl_command_generator.js
@@ -1,5 +1,5 @@
 //it will generate and copy curl command based on the request
-//released under the Apache v2.0 licence.
+//released under the Apache v2.0 license.
 //You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
 //author:@haseebeqx
 

diff --git a/targeted/json_csrf_poc_generator.js b/targeted/json_csrf_poc_generator.js
@@ -1,7 +1,7 @@
 //csrf poc generater supporting json csrf
 //also supports multipart/form-data.
 //it will copy the results to clipboard and print them to the zap script console
-// released under the Apache v2.0 licence.
+// released under the Apache v2.0 license.
 //You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
 //Author : @haseebeqx
 

diff --git a/targeted/request_to_xml.js b/targeted/request_to_xml.js
@@ -5,7 +5,7 @@
 // it may be helpful in finding XXE or other vulnerabilities.
 // this script is intended to  act as an assistant
 // you can  add anything like [!ENTITY] to test in detail
-// released under the Apache v2.0 licence.
+// released under the Apache v2.0 license.
 // You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
 // Author : @haseebeqx (GitHub, Twitter)
 // tested on: ZAP 2.7.0