Merge pull request #182 from CycloneDX/sort-imports

style: sort imports

.isort.cfg

@@ -0,0 +1,17 @@
+[settings]
+## read the docs: https://pycqa.github.io/isort/docs/configuration/options.html
+## keep in sync with flake8 config - in `tox.ini` file
+known_first_party = cyclonedx
+skip_gitignore = true
+skip_glob =
+    build/*,dist/*,__pycache__,.eggs,*.egg-info*,
+    *_cache,*.cache,
+    .git/*,.tox/*,.venv/*,venv/*
+    _OLD/*,_TEST/*,
+    docs/*
+combine_as_imports = true
+default_section = THIRDPARTY
+ensure_newline_before_comments = true
+include_trailing_comma = true
+line_length = 120
+multi_line_output = 3

CONTRIBUTING.md

@@ -18,14 +18,18 @@ poetry install
 ## Code style
 
 This project uses [PEP8] Style Guide for Python Code.  
-Get it applied via:
+This project loves sorted imports.  
+Get it all applied via:
 
 ```shell
+poetry run isort .
 poetry run autopep8 --in-place -r .
 ```
 
 ## Testing
 
+Run all tests in dedicated environments, via:
+
 ```shell
 poetry run tox
 ```

cyclonedx/model/__init__.py

@@ -14,6 +14,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
+
 import hashlib
 import re
 import sys
@@ -22,8 +23,13 @@
 from enum import Enum
 from typing import Iterable, Optional, Set
 
-from ..exception.model import InvalidLocaleTypeException, InvalidUriException, NoPropertiesProvidedException, \
-    MutuallyExclusivePropertiesException, UnknownHashTypeException
+from ..exception.model import (
+    InvalidLocaleTypeException,
+    InvalidUriException,
+    MutuallyExclusivePropertiesException,
+    NoPropertiesProvidedException,
+    UnknownHashTypeException,
+)
 
 """
 Uniform set of models to represent objects within a CycloneDX software bill-of-materials.

cyclonedx/model/bom.py

@@ -16,14 +16,15 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
+
 from datetime import datetime, timezone
 from typing import Iterable, Optional, Set
-from uuid import uuid4, UUID
+from uuid import UUID, uuid4
 
-from . import ExternalReference, OrganizationalContact, OrganizationalEntity, LicenseChoice, Property, ThisTool, Tool
+from ..parser import BaseParser
+from . import ExternalReference, LicenseChoice, OrganizationalContact, OrganizationalEntity, Property, ThisTool, Tool
 from .component import Component
 from .service import Service
-from ..parser import BaseParser
 
 
 class BomMetaData:

cyclonedx/model/bom_ref.py

@@ -16,6 +16,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
+
 from typing import Optional
 from uuid import uuid4
 

cyclonedx/model/component.py

@@ -16,6 +16,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
+
 import warnings
 from enum import Enum
 from os.path import exists
@@ -24,13 +25,24 @@
 # See https://github.com/package-url/packageurl-python/issues/65
 from packageurl import PackageURL  # type: ignore
 
-from . import AttachedText, Copyright, ExternalReference, HashAlgorithm, HashType, IdentifiableAction, LicenseChoice, \
-    OrganizationalEntity, Property, sha1sum, XsUri
+from ..exception.model import NoPropertiesProvidedException
+from . import (
+    AttachedText,
+    Copyright,
+    ExternalReference,
+    HashAlgorithm,
+    HashType,
+    IdentifiableAction,
+    LicenseChoice,
+    OrganizationalEntity,
+    Property,
+    XsUri,
+    sha1sum,
+)
 from .bom_ref import BomRef
 from .issue import IssueType
 from .release_note import ReleaseNotes
 from .vulnerability import Vulnerability
-from ..exception.model import NoPropertiesProvidedException
 
 
 class Commit:

cyclonedx/model/issue.py

@@ -14,11 +14,12 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
+
 from enum import Enum
 from typing import Iterable, Optional, Set
 
-from . import XsUri
 from ..exception.model import NoPropertiesProvidedException
+from . import XsUri
 
 
 class IssueClassification(Enum):

cyclonedx/model/release_note.py

@@ -16,6 +16,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
+
 from datetime import datetime
 from typing import Iterable, Optional, Set
 

cyclonedx/model/service.py

@@ -14,9 +14,10 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
+
 from typing import Iterable, Optional, Set
 
-from . import ExternalReference, DataClassification, LicenseChoice, OrganizationalEntity, Property, XsUri
+from . import DataClassification, ExternalReference, LicenseChoice, OrganizationalEntity, Property, XsUri
 from .bom_ref import BomRef
 from .release_note import ReleaseNotes
 

cyclonedx/model/vulnerability.py

@@ -16,18 +16,23 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
+
 import re
 import warnings
 from datetime import datetime
 from decimal import Decimal
 from enum import Enum
 from typing import Iterable, Optional, Set, Tuple, Union
 
+from ..exception.model import MutuallyExclusivePropertiesException, NoPropertiesProvidedException
 from . import OrganizationalContact, OrganizationalEntity, Tool, XsUri
 from .bom_ref import BomRef
-from .impact_analysis import ImpactAnalysisAffectedStatus, ImpactAnalysisJustification, ImpactAnalysisResponse, \
-    ImpactAnalysisState
-from ..exception.model import MutuallyExclusivePropertiesException, NoPropertiesProvidedException
+from .impact_analysis import (
+    ImpactAnalysisAffectedStatus,
+    ImpactAnalysisJustification,
+    ImpactAnalysisResponse,
+    ImpactAnalysisState,
+)
 
 """
 This set of classes represents the data that is possible about known Vulnerabilities.

cyclonedx/output/json.py

@@ -16,17 +16,24 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
+
 import json
 from abc import abstractmethod
-from typing import cast, Any, Dict, List, Optional, Union
+from typing import Any, Dict, List, Optional, Union, cast
 
-from . import BaseOutput, SchemaVersion
-from .schema import BaseSchemaVersion, SchemaVersion1Dot0, SchemaVersion1Dot1, SchemaVersion1Dot2, SchemaVersion1Dot3, \
-    SchemaVersion1Dot4
-from .serializer.json import CycloneDxJSONEncoder
 from ..exception.output import FormatNotSupportedException
 from ..model.bom import Bom
 from ..model.component import Component
+from . import BaseOutput, SchemaVersion
+from .schema import (
+    BaseSchemaVersion,
+    SchemaVersion1Dot0,
+    SchemaVersion1Dot1,
+    SchemaVersion1Dot2,
+    SchemaVersion1Dot3,
+    SchemaVersion1Dot4,
+)
+from .serializer.json import CycloneDxJSONEncoder
 
 ComponentDict = Dict[str, Union[
     str,

cyclonedx/output/serializer/json.py

@@ -16,6 +16,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
+
 from datetime import datetime
 from decimal import Decimal
 from enum import Enum

cyclonedx/output/xml.py

@@ -21,17 +21,32 @@
 from typing import Optional, Set
 from xml.etree import ElementTree
 
-from . import BaseOutput, SchemaVersion
-from .schema import BaseSchemaVersion, SchemaVersion1Dot0, SchemaVersion1Dot1, SchemaVersion1Dot2, SchemaVersion1Dot3, \
-    SchemaVersion1Dot4
-from ..model import AttachedText, ExternalReference, HashType, IdentifiableAction, LicenseChoice, \
-    OrganizationalEntity, OrganizationalContact, Property, Tool
+from ..model import (
+    AttachedText,
+    ExternalReference,
+    HashType,
+    IdentifiableAction,
+    LicenseChoice,
+    OrganizationalContact,
+    OrganizationalEntity,
+    Property,
+    Tool,
+)
 from ..model.bom import Bom
 from ..model.bom_ref import BomRef
 from ..model.component import Component, Patch
 from ..model.release_note import ReleaseNotes
 from ..model.service import Service
-from ..model.vulnerability import Vulnerability, VulnerabilityRating, VulnerabilitySource, BomTargetVersionRange
+from ..model.vulnerability import BomTargetVersionRange, Vulnerability, VulnerabilityRating, VulnerabilitySource
+from . import BaseOutput, SchemaVersion
+from .schema import (
+    BaseSchemaVersion,
+    SchemaVersion1Dot0,
+    SchemaVersion1Dot1,
+    SchemaVersion1Dot2,
+    SchemaVersion1Dot3,
+    SchemaVersion1Dot4,
+)
 
 
 class Xml(BaseOutput, BaseSchemaVersion):

pyproject.toml

@@ -59,9 +59,11 @@ tox = "^3.24.3"
 coverage = "^6.2"
 mypy = ">= 0.920, < 1.00"
 autopep8 = "^1.6.0"
+isort = { version = "^5.10.0", python = ">= 3.6.1" }
 flake8 = "^4.0.1"
 flake8-annotations = {version = "^2.7.0", python = ">= 3.6.2"}
 flake8-bugbear = "^22.1.11"
+flake8-isort = { version = "^4.1.0", python = ">= 3.6.1" }
 jsonschema = { version = ">= 4.4.0", python = "> 3.6"}
 lxml = ">=4.7.0"
 xmldiff = ">=2.4"

tests/base.py

@@ -16,6 +16,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
+
 import io
 import json
 import os
@@ -34,7 +35,7 @@
 from cyclonedx.output import SchemaVersion
 
 if sys.version_info >= (3, 7):
-    from jsonschema import validate as json_validate, ValidationError
+    from jsonschema import ValidationError, validate as json_validate
 
 if sys.version_info >= (3, 8, 0):
     from importlib.metadata import version