Spelling: e.g. (#2239)

* spelling: i.e.
* spelling: e.g.
* clarify that `etc` is a string
* spelling: etc.
* Whitespace fixes for etc.

Signed-off-by: Josh Soref <[email protected]>

addOns/alertReport/src/main/java/org/zaproxy/zap/extension/alertReport/AlertReportExportPDF.java

@@ -59,7 +59,7 @@ private enum TextJustification {
      * @author [email protected]
      */
     private static class Formatting {
-        private final PDFont font; // also contains the font formatting info (bold, italics, etc)
+        private final PDFont font; // also contains the font formatting info (bold, italics, etc.)
         private final int fontSize;
         private final TextJustification textJustification;
 

addOns/ascanrules/CHANGELOG.md

@@ -46,7 +46,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 - Issue 1365: Additional Path Traversal detection.
 - Correct alert's evidence/attack of Parameter Tampering (Issue 3524).
-- Fix Path Traversal false positives when etc is a substring (Issue 3735).
+- Fix Path Traversal false positives when `etc` is a substring (Issue 3735).
 - Code changes for Java 9 (Issue 2602).
 - TestSQLInjection Modifications to improve handling of injected math expressions and reflected params (Issue 3139).
 

addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/TestSQLInjection.java

@@ -1329,7 +1329,7 @@ && matchBodyPattern(msg1, errorPattern, sb)) {
             // check 2a: boolean based logic, where the original query returned *no* data. Here we
             // append " OR 1=1" in an attempt to extract *more* data
             // and then verify the results by attempting to reproduce the original results by
-            // appending an " AND 1=2" condition (ie "open up first, then restrict to verify")
+            // appending an " AND 1=2" condition (i.e. "open up first, then restrict to verify")
             // this differs from the previous logic based check since the previous check assumes
             // that the original query produced data, and tries first to restrict that data
             // (ie, it uses "restrict first, open up to verify" ).

addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages.properties

@@ -84,7 +84,7 @@ ascanrules.codeinjectionplugin.soln=Do not trust client side input, even if ther
 ascanrules.codeinjectionplugin.refs=http://cwe.mitre.org/data/definitions/94.html\nhttps://www.owasp.org/index.php/Direct_Dynamic_Code_Evaluation_('Eval_Injection')
 
 ascanrules.testdirectorybrowsing.name=Directory Browsing
-ascanrules.testdirectorybrowsing.desc=It is possible to view the directory listing.  Directory listing may reveal hidden scripts, include files , backup source files etc which can be accessed to read sensitive information.
+ascanrules.testdirectorybrowsing.desc=It is possible to view the directory listing.  Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.
 ascanrules.testdirectorybrowsing.soln=Disable directory browsing.  If this is required, make sure the listed files does not induce risks.
 ascanrules.testdirectorybrowsing.refs=http://httpd.apache.org/docs/mod/core.html#options\nhttp://alamo.satlug.org/pipermail/satlug/2002-February/000053.html\n
 

addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/LDAPInjection.java

@@ -144,7 +144,7 @@ public void init() {
             log.debug("Initialising");
         }
         // set up the match threshold percentages based on the alert threshold.
-        // allow for the use of common libraries (etc) in both pass/fail cases by skewing towards
+        // allow for the use of common libraries (etc.) in both pass/fail cases by skewing towards
         // the upper end of the range.
         switch (this.getAlertThreshold()) {
             case HIGH:

addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/ProxyDisclosureScanner.java

@@ -473,7 +473,8 @@ public void scan() {
                                         + " with MAX-FORWARDS: "
                                         + Integer.toString(maxForwards));
 
-                    // if we're on the right iteration (Max-Forwards=0, ie first proxy, and a HTTPS
+                    // if we're on the right iteration (Max-Forwards=0, i.e. first proxy, and a
+                    // HTTPS
                     // request, then
                     // then prepare to try an additional HTTP request..
                     boolean tryHttp =

addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/RelativePathConfusionScanner.java

@@ -293,7 +293,7 @@ public void scan() {
                 }
 
                 // 3: check if there are any resources that are loaded using relative URLs in the
-                // response. (images, CSS, etc)
+                // response. (images, CSS, etc.)
                 boolean relativeReferenceFound = false;
                 String relativeReferenceEvidence = "";
 

addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/SourceCodeDisclosureFileInclusion.java

@@ -50,7 +50,7 @@ public class SourceCodeDisclosureFileInclusion extends AbstractAppParamPlugin {
         "",
         "/",
         "../",
-        "webapps/" // in the case of servlet containers like Tomcat, JBoss (etc), sometimes the
+        "webapps/" // in the case of servlet containers like Tomcat, JBoss (etc.), sometimes the
         // working directory is the application server folder
     };
 
@@ -133,7 +133,7 @@ public class SourceCodeDisclosureFileInclusion extends AbstractAppParamPlugin {
     private static final Pattern PATTERN_HTML =
             Pattern.compile(
                     "<html"); // helps eliminate some common false positives in the case of 403s,
-    // 302s, etc
+    // 302s, etc.
 
     /** returns the plugin id */
     @Override

addOns/ascanrulesAlpha/src/main/javahelp/org/zaproxy/zap/extension/ascanrulesAlpha/resources/help/contents/ascanalpha.html

@@ -11,7 +11,7 @@ <H1>Active Scan Rules - alpha</H1>
 
 <H2>.htaccess Information Leak</H2>
 Checks for web accessible .htaccess files which may leak sensitive information 
-(such as usernames, error handling, redirects, directory listing settings, etc).
+(such as usernames, error handling, redirects, directory listing settings, etc.).
 
 <H2>An example active scan rule which loads data from a file</H2>
 This implements an example active scan rule that loads strings from a file that the user can edit.<br>
@@ -37,7 +37,7 @@ <H2>ELMAH Information Leak</H2>
 
 <H2>.env Information Leak</H2>
 Checks for web accessible .env files which may leak sensitive information 
-(such as usernames, passwords, API or APP keys, etc).
+(such as usernames, passwords, API or APP keys, etc.).
 
 <H2>Example Active Scanner: Denial of Service</H2>
 This implements a very simple example active scan rule.<br>
@@ -118,7 +118,7 @@ <H2>Proxy Disclosure</H2>
 
 <H2>Relative Path Confusion</H2>
 Tests if the web server is configured to serve responses to ambiguous URLs in a manner that is likely to lead to confusion about the correct "relative path" for the URL. 
-If resources (CSS, images, etc) are references in the response using relative, rather than absolute URLs. In an attack, if the web browser parses the "cross-content" response in a permissive manner, or can be tricked into 
+If resources (CSS, images, etc.) are references in the response using relative, rather than absolute URLs. In an attack, if the web browser parses the "cross-content" response in a permissive manner, or can be tricked into 
 permissively parsing the "cross-content" response, using techniques such as framing, then the web browser may be fooled into interpreting HTML as CSS (or other content types), leading to an XSS vulnerability.
 
 <H2>Source Code Disclosure - File Inclusion</H2>

addOns/ascanrulesAlpha/src/main/resources/org/zaproxy/zap/extension/ascanrulesAlpha/resources/Messages.properties

@@ -121,7 +121,7 @@ ascanalpha.proxydisclosure.extrainfo.silentproxyserver= - {0}
 ascanalpha.proxydisclosure.extrainfo.traceenabled=The 'TRACE' method is enabled on one or more of the proxy servers, or on the origin server. This method leaks all information submitted from the web browser and proxies back to the user agent. This may facilitate 'Cross Site Tracing' attacks. 
 
 ascanalpha.relativepathconfusion.name=Relative Path Confusion
-ascanalpha.relativepathconfusion.desc=The web server is configured to serve responses to ambiguous URLs in a manner that is likely to lead to confusion about the correct "relative path" for the URL. Resources (CSS, images, etc) are also specified in the page response using relative, rather than absolute URLs. In an attack, if the web browser parses the "cross-content" response in a permissive manner, or can be tricked into permissively parsing the "cross-content" response, using techniques such as framing, then the web browser may be fooled into interpreting HTML as CSS (or other content types), leading to an XSS vulnerability.
+ascanalpha.relativepathconfusion.desc=The web server is configured to serve responses to ambiguous URLs in a manner that is likely to lead to confusion about the correct "relative path" for the URL. Resources (CSS, images, etc.) are also specified in the page response using relative, rather than absolute URLs. In an attack, if the web browser parses the "cross-content" response in a permissive manner, or can be tricked into permissively parsing the "cross-content" response, using techniques such as framing, then the web browser may be fooled into interpreting HTML as CSS (or other content types), leading to an XSS vulnerability.
 ascanalpha.relativepathconfusion.soln=Web servers and frameworks should be updated to be configured to not serve responses to ambiguous URLs in such a way that the relative path of such URLs could be mis-interpreted by components on either the client side, or server side.\nWithin the application, the correct use of the "<base>" HTML tag in the HTTP response will unambiguously specify the base URL for all relative URLs in the document.\nUse the "Content-Type" HTTP response header to make it harder for the attacker to force the web browser to mis-interpret the content type of the response.\nUse the "X-Content-Type-Options: nosniff" HTTP response header to prevent the web browser from "sniffing" the content type of the response.\nUse a modern DOCTYPE such as "<!doctype html>" to prevent the page from being rendered in the web browser using "Quirks Mode", since this results in the content type being ignored by the web browser.\nSpecify the "X-Frame-Options" HTTP response header to prevent Quirks Mode from being enabled in the web browser using framing attacks. 
 ascanalpha.relativepathconfusion.refs=http://www.thespanner.co.uk/2014/03/21/rpo/\nhttps://hsivonen.fi/doctype/\nhttp://www.w3schools.com/tags/tag_base.asp
 ascanalpha.relativepathconfusion.extrainfo.morethanonebasetag=More than one <base> tag was specified in the HTML <head> tag to define the location for relative URLs, which is not valid.

addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/SQLInjectionPostgresql.java

@@ -48,7 +48,7 @@
  * <p>Important Notes for the POSTGRES database (and useful in the code): - takes -- style comments
  * - allows stacked queries via JDBC driver or in PHP??? - Constants in select must be in single
  * quotes, not doubles (like Hypersonic). - supports UDFs (very interesting!!) - 5 (by default)
- * second delay select statement (not taking into account casting, etc): SELECT pg_sleep(5) -
+ * second delay select statement (not taking into account casting, etc.): SELECT pg_sleep(5) -
  * metadata select statement: TODO
  *
  * @author 70pointer
@@ -81,7 +81,7 @@ public class SQLInjectionPostgresql extends AbstractAppParamPlugin {
         SQL_ERROR_TO_DBMS.put("org.postgresql", "PostgreSQL");
         // Note: only Postgresql mappings here.
         // TODO: is this all?? we need more error messages for Postgresql for different languages.
-        // PHP, ASP, JSP(JDBC), etc
+        // PHP, ASP, JSP(JDBC), etc.
     }
 
     /**

addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/SessionFixation.java

@@ -463,7 +463,7 @@ public void scan() {
 
                         // call bingo with some extra info, indicating that the alert is
                         // not specific to Session Fixation, but has its own title and description
-                        // (etc)
+                        // (etc.)
                         // the alert here is "Session id sent insecurely", or words to that effect.
                         bingo(
                                 risk,
@@ -526,7 +526,7 @@ public void scan() {
 
                         // call bingo with some extra info, indicating that the alert is
                         // not specific to Session Fixation, but has its own title and description
-                        // (etc)
+                        // (etc.)
                         // the alert here is "Session id accessible in Javascript", or words to that
                         // effect.
                         bingo(
@@ -718,7 +718,7 @@ public void scan() {
 
                         // call bingo with some extra info, indicating that the alert is
                         // not specific to Session Fixation, but has its own title and description
-                        // (etc)
+                        // (etc.)
                         // the alert here is "Session Id Expiry Time is excessive", or words to that
                         // effect.
                         bingo(
@@ -978,7 +978,8 @@ public void scan() {
                         isPseudoUrlParameter = true;
                         // was not removed because it was a pseudo Url parameter, not a real url
                         // parameter.. (so it would not be in the url params)
-                        // in this case, we will need to "rewrite" (ie hack) the URL path to remove
+                        // in this case, we will need to "rewrite" (i.e. hack) the URL path to
+                        // remove
                         // the pseudo url parameter portion
                         // ie, we need to remove the ";jsessionid=<sessionid>" bit from the path
                         // (assuming the current field is named 'jsessionid')
@@ -1061,7 +1062,7 @@ public void scan() {
                         // it is not a session field, or
                         // it is a session field, but a session is only issued on authentication,
                         // and this is not an authentication url
-                        // the app doesn't do sessions (etc)
+                        // the app doesn't do sessions (etc.)
                         // either way, the parameter/url combo is not vulnerable, so continue with
                         // the next parameter
                         if (this.debugEnabled)
@@ -1147,7 +1148,7 @@ public void scan() {
 
                             // call bingo with some extra info, indicating that the alert is
                             // not specific to Session Fixation, but has its own title and
-                            // description (etc)
+                            // description (etc.)
                             // the alert here is "Session id exposed in url", or words to that
                             // effect.
                             bingo(
@@ -1544,7 +1545,7 @@ Set<HtmlParameter> getPseudoUrlParameters(String url) {
         String[] urlBreakdown =
                 url.split(
                         "\\?"); // do this to get rid of parameters.. we just want the path (but we
-        // can live with the scheme, host, port, etc)
+        // can live with the scheme, host, port, etc.)
 
         String[] pseudoUrlParamNames = urlBreakdown[0].split(";");
         // start with the bit *after* the first ";", ie, start with i = 1

addOns/ascanrulesBeta/src/main/java/org/zaproxy/zap/extension/ascanrulesBeta/SourceCodeDisclosureSVN.java

@@ -87,7 +87,7 @@ public class SourceCodeDisclosureSVN extends AbstractAppPlugin {
     private static final Pattern PATTERN_HTML =
             Pattern.compile(
                     "<html"); // helps eliminate some common false positives in the case of 403s,
-    // 302s, etc
+    // 302s, etc.
 
     /** returns the plugin id */
     @Override
@@ -305,7 +305,7 @@ private boolean findSourceCodeSVN(HttpMessage originalMessage) throws Exception
             return false;
         }
 
-        // Look for SVN < 1.7 metadata (ie internal SVN format < 29) containing source code
+        // Look for SVN < 1.7 metadata (i.e. internal SVN format < 29) containing source code
         // These versions all store the pristine copies in the the same format (insofar as the logic
         // here is concerned, at least)
         try {
@@ -729,7 +729,7 @@ private boolean findSourceCodeSVN(HttpMessage originalMessage) throws Exception
                     }
 
                     break; // out of the while loop
-                } // non 404, 300, etc for "wc.db", for SVN >= 1.7
+                } // non 404, 300, etc. for "wc.db", for SVN >= 1.7
                 // set up the parent directory name
                 pathminusfilename =
                         pathminusfilename.substring(

addOns/ascanrulesBeta/src/main/javahelp/org/zaproxy/zap/extension/ascanrulesBeta/resources/help/contents/ascanbeta.html

@@ -70,7 +70,7 @@ <H2>ShellShock - CVE-2014-6271</H2>
 
 <H2>Source Code Disclosure - CVE-2012-1823</H2>
 Exploit CVE-2012-1823 to disclose server-side PHP source code on a PHP-CGI based web server.<br>
-Only analyzes responses that are text based (HTML, JSON, XML, etc), in order to avoid false positives which may occur with image or other binary content.<br>
+Only analyzes responses that are text based (HTML, JSON, XML, etc.), in order to avoid false positives which may occur with image or other binary content.<br>
 JavaScript responses are only anaylzed when a LOW alert threshold is set.
 
 <H2>Source Code Disclosure - SVN</H2>

addOns/ascanrulesBeta/src/main/resources/org/zaproxy/zap/extension/ascanrulesBeta/resources/Messages.properties

@@ -8,7 +8,7 @@ ascanbeta.backupfiledisclosure.soln = Do not edit files in-situ on the web serve
 ascanbeta.backupfiledisclosure.evidence = A backup of [{0}] is available at [{1}]
 
 ascanbeta.crossdomain.name = Cross-Domain Misconfiguration
-#the refs cannot be customised for each sub-category (Adobe, Silverlight, etc)
+#the refs cannot be customised for each sub-category (Adobe, Silverlight, etc.)
 ascanbeta.crossdomain.refs = http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html\nhttp://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/CrossDomain_PolicyFile_Specification.pdf\nhttp://msdn.microsoft.com/en-US/library/cc197955%28v=vs.95%29.aspx\nhttp://msdn.microsoft.com/en-us/library/cc838250%28v=vs.95%29.aspx
 ascanbeta.crossdomain.adobe.read.name = Cross-Domain Misconfiguration - Adobe - Read
 ascanbeta.crossdomain.adobe.send.name = Cross-Domain Misconfiguration - Adobe - Send

addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/BaseCase.java

@@ -24,7 +24,7 @@
 
 /** Used to store information about a base case. */
 public class BaseCase {
-    // The URL for which the base applies to, eg if we are testing within /wibble/, then this will
+    // The URL for which the base applies to, e.g. if we are testing within /wibble/, then this will
     // be set to /wibble/
     private URL baseCaseURL;
 

addOns/bruteforce/src/main/java/com/sittinglittleduck/DirBuster/Config.java

@@ -109,7 +109,7 @@ public class Config {
      *+ Will now scan mutiple file extentions
      *+ Added information about the supplied lists
      *+ Changed links and branding
-     *+ Fixed bug with stoped start point from being scanned eg /
+     *+ Fixed bug with stoped start point from being scanned e.g. /
      *+ Added HTML parsing of found pages
      *+ Added optins to configure the HTML parsing
      *+ Imporved checking for if the server does not support HEAD requests

addOns/bugtracker/src/main/javahelp/org/zaproxy/zap/extension/bugtracker/resources/help/contents/bugtracker.html

@@ -7,11 +7,11 @@
 <BODY BGCOLOR="#ffffff">
 <H1>Bug Tracker</H1>
 <p>
-The Bug Tracker add-on can help the user raise the Alerts that they receive in the form of an issue or a bug on a Bug Tracker (like Bugzilla, Github,etc) while scanning a web-app.</p>
+The Bug Tracker add-on can help the user raise the Alerts that they receive in the form of an issue or a bug on a Bug Tracker (like Bugzilla, Github,etc.) while scanning a web-app.</p>
 
 <H2>Configuration of Bug Trackers</H2>
 <p>
-The user may configure the Bug Trackers with their important details like Username, Password, Repository URL, etc by going to <b>Options->Bug Tracker</b> and then selecting the appropriate Bug Tracker.
+The user may configure the Bug Trackers with their important details like Username, Password, Repository URL, etc. by going to <b>Options->Bug Tracker</b> and then selecting the appropriate Bug Tracker.
 </p>
 
 <H2>Raising the Issues</H2>

addOns/exportreport/src/main/java/org/zaproxy/zap/extension/exportreport/export/ReportExportPDF.java

@@ -69,7 +69,7 @@ private enum TextJustification {
      * @author [email protected]
      */
     private static class Formatting {
-        private final PDFont font; // also contains the font formatting info (bold, italics, etc)
+        private final PDFont font; // also contains the font formatting info (bold, italics, etc.)
         private final int fontSize;
         private final TextJustification textJustification;
 

addOns/exportreport/src/main/javahelp/org/zaproxy/zap/extension/exportreport/resources/help/contents/exportreport.html

@@ -146,7 +146,7 @@ <H2><U>Command Line</U></H2>
         <H4>OWASP ZAP Command Line Options</H4>
         <UL style="list-style: none;">
             <LI><B>-session</B>: Opens the given session after starting ZAP</LI>
-            <LI><B>-cmd</B>: Runs ZAP 'inline', ie without starting the UI or a daemon</LI>
+            <LI><B>-cmd</B>: Runs ZAP 'inline', i.e. without starting the UI or a daemon</LI>
         </UL>
         See the <A href="https://github.com/zaproxy/zap-core-help/wiki/HelpCmdline">Wiki</A> for more details on the natively supported command line options.