From f726afd0fcac60cea4f6b79d85b9c9a511bb5e56 Mon Sep 17 00:00:00 2001 From: Iwan Aucamp Date: Tue, 1 Aug 2023 20:54:41 +0200 Subject: [PATCH] docs: minor corrections and improvements (#2511) Fixed some minor errors and improve aesthetics. --- docs/developers.rst | 6 +++--- docs/security_considerations.rst | 25 +++++++++++++------------ docs/upgrade6to7.rst | 8 ++++---- 3 files changed, 20 insertions(+), 19 deletions(-) diff --git a/docs/developers.rst b/docs/developers.rst index d6cc67e2e..6f2364640 100644 --- a/docs/developers.rst +++ b/docs/developers.rst @@ -160,9 +160,9 @@ Any new functionality being added to RDFLib *must* have unit tests and should have doc tests supplied. Typically, you should add your functionality and new tests to a branch of -RDFlib and and run all tests locally and see them pass. There are currently -close to 4,000 tests with a few extra expected failures and skipped tests. -We won't allow Pull Requests that break any of the existing tests. +RDFlib and run all tests locally and see them pass. There are currently +close to 4,000 tests, with a some expected failures and skipped tests. +We won't merge pull requests unless the test suite completes successfully. Tests that you add should show how your new feature or bug fix is doing what you say it is doing: if you remove your enhancement, your new tests should fail! diff --git a/docs/security_considerations.rst b/docs/security_considerations.rst index c6edb5ddc..77925a0f5 100644 --- a/docs/security_considerations.rst +++ b/docs/security_considerations.rst @@ -15,7 +15,7 @@ processed. RDFLib also supports SPARQL, which has federated query capabilities that allow queries to query arbitrary remote endpoints. -If you are using RDFLib to process untrusted documents or queries you should +If you are using RDFLib to process untrusted documents or queries, you should take measures to restrict file and network access. Some measures that can be taken to restrict file and network access are: @@ -26,7 +26,7 @@ Some measures that can be taken to restrict file and network access are: Of these, operating system security measures are recommended. The other measures work, but they are not as effective as operating system security -measures, and even if they are used they should be used in conjunction with +measures, and even if they are used, they should be used in conjunction with operating system security measures. Operating System Security Measures @@ -40,11 +40,12 @@ Some examples of these include: * `Open Container Initiative (OCI) Containers `_ (aka Docker containers). - Most OCI runtimes provide mechanisms to restrict network and file access of - containers. For example, using Docker, you can limit your container to only - being access files explicitly mapped into the container and only access the - network through a firewall. For more information refer to the - documentation of the tool you use to manage your OCI containers: + Most OCI runtimes provide mechanisms to restrict network and file + access of containers. For example, using Docker, you can limit your + container to only being able to access files explicitly mapped into + the container and only access the network through a firewall. For more + information, refer to the documentation of the tool you use to manage + your OCI containers: * `Kubernetes `_ * `Docker `_ @@ -60,10 +61,10 @@ Some examples of these include: allowed. Applications that process untrusted input could be run as a user with these restrictions in place. -Many other measures are available, however, listing them outside the scope -of this document. +Many other measures are available, however, listing them is outside +the scope of this document. -Of the listed measures OCI containers are recommended. In most cases, OCI +Of the listed measures, OCI containers are recommended. In most cases, OCI containers are constrained by default and can't access the loopback interface and can only access files that are explicitly mapped into the container. @@ -87,7 +88,7 @@ and this function raises a ``urllib.Request`` audit event. For file access, RDFLib uses `open`, which raises an ``open`` audit event. Users of RDFLib can install audit hooks that react to these audit events and -raises an exception when an attempt is made to access files or network resources +raise an exception when an attempt is made to access files or network resources that are not explicitly allowed. RDFLib's test suite includes tests which verify that audit hooks can block @@ -103,7 +104,7 @@ RDFLib uses the `urllib.request.urlopen` for HTTP, HTTPS and other network access. This function will use a `urllib.request.OpenerDirector` installed with `urllib.request.install_opener` to open the URLs. -Users of RDFLib can install a custom URL opener that raise an exception when an +Users of RDFLib can install a custom URL opener that raises an exception when an attempt is made to access network resources that are not explicitly allowed. RDFLib's test suite includes tests which verify that custom URL openers can be diff --git a/docs/upgrade6to7.rst b/docs/upgrade6to7.rst index d58d25735..d687634d5 100644 --- a/docs/upgrade6to7.rst +++ b/docs/upgrade6to7.rst @@ -1,7 +1,7 @@ -.. _upgrade4to5: Upgrading from RDFLib version 6 to 7 +.. _upgrade6to7: Upgrading from RDFLib version 6 to 7 ============================================ -Upgrading 6 to 7 +Upgrading from version 6 to 7 ============================================ Python version @@ -13,8 +13,8 @@ New behaviour for ``publicID`` in ``parse`` methods. ---------------------------------------------------- Before version 7, the ``publicID`` argument to the -:meth:`~rdflib.graph.ConjunctiveGraph.parse` and -:meth:`~rdflib.graph.Dataset.parse` methods was used as the name for the default +:meth:`rdflib.graph.ConjunctiveGraph.parse` and +:meth:`rdflib.graph.Dataset.parse` methods was used as the name for the default graph, and triples from the default graph in a source were loaded into the graph named ``publicID``.