fox-it · pyrco · Feb 7, 2023 · Feb 6, 2023
diff --git a/dissect/eventlog/__init__.py b/dissect/eventlog/__init__.py
@@ -1,9 +1,13 @@
 from dissect.eventlog.evt import Evt
 from dissect.eventlog.evtx import Evtx
-from dissect.eventlog.exceptions import Error, BxmlException, MalformedElfChnkException, UnknownSignatureException
+from dissect.eventlog.exceptions import (
+    BxmlException,
+    Error,
+    MalformedElfChnkException,
+    UnknownSignatureException,
+)
 from dissect.eventlog.wevt import CRIM
 
-
 __all__ = [
     "CRIM",
     "Evt",

diff --git a/dissect/eventlog/bxml.py b/dissect/eventlog/bxml.py
@@ -2,16 +2,17 @@
 
 
 import binascii
-from typing import Any, BinaryIO, Dict, List, Tuple
 import uuid
 from datetime import datetime
-from io import BytesIO
 from enum import IntEnum
+from io import BytesIO
+from typing import Any, BinaryIO, Dict, List, Tuple
 
 from dissect.cstruct.cstruct import cstruct
+from dissect.util.ts import wintimestamp
+
 from dissect.eventlog.exceptions import BxmlException
 from dissect.eventlog.utils import KeyValueCollection
-from dissect.util.ts import wintimestamp
 
 
 class BxmlToken(IntEnum):

diff --git a/dissect/eventlog/wevt.py b/dissect/eventlog/wevt.py
@@ -1,11 +1,11 @@
-from dissect.eventlog.exceptions import UnknownSignatureException
 from io import BufferedReader
 from uuid import UUID
 
-import dissect.eventlog.wevt_object as wevt_objects
-
 from dissect.cstruct import cstruct
 
+import dissect.eventlog.wevt_object as wevt_objects
+from dissect.eventlog.exceptions import UnknownSignatureException
+
 header_dev = """
 struct Event_Descriptor {
     char      ProviderId[16];

diff --git a/dissect/eventlog/wevt_object.py b/dissect/eventlog/wevt_object.py
@@ -1,8 +1,10 @@
+from io import BytesIO
 from typing import List
-from dissect.eventlog.bxml import Bxml, Template, WevtNameReader, parse_bxml, BxmlType
-from dissect.cstruct import cstruct
 from uuid import UUID
-from io import BytesIO
+
+from dissect.cstruct import cstruct
+
+from dissect.eventlog.bxml import Bxml, BxmlType, Template, WevtNameReader, parse_bxml
 
 wevt_object_def = """
 struct DATA_ITEM {

diff --git a/tests/_utils.py b/tests/_utils.py
@@ -1,6 +1,7 @@
 from dissect.cstruct import cstruct
-from dissect.eventlog.wevt_object import wevt_object_def
+
 from dissect.eventlog.wevt import header_dev
+from dissect.eventlog.wevt_object import wevt_object_def
 
 definitions = cstruct()
 definitions.load(header_dev + wevt_object_def)

diff --git a/tests/conftest.py b/tests/conftest.py
@@ -1,4 +1,5 @@
 import os
+
 import pytest
 
 

diff --git a/tests/test_binxml.py b/tests/test_binxml.py
@@ -1,9 +1,10 @@
-from dissect.eventlog.exceptions import BxmlException
 from io import BytesIO
-from dissect.eventlog.bxml import BxmlToken, Bxml
+from unittest.mock import Mock, patch
+
 import pytest
 
-from unittest.mock import Mock, patch
+from dissect.eventlog.bxml import Bxml, BxmlToken
+from dissect.eventlog.exceptions import BxmlException
 
 
 @pytest.mark.parametrize(

diff --git a/tests/test_crim.py b/tests/test_crim.py
@@ -1,9 +1,10 @@
-from dissect.eventlog.exceptions import UnknownSignatureException
-from dissect.eventlog.wevt import CRIM
 from unittest.mock import patch
 
 import pytest
 
+from dissect.eventlog.exceptions import UnknownSignatureException
+from dissect.eventlog.wevt import CRIM
+
 CRIM_HEADER = (
     b"\x43\x52\x49\x4D\xF8\x1B\x07\x00\x05\x00\x01\x00\x01\x00\x00\x00"
     b"\xB7\xE6\xF3\x2F\x90\xCB\x00\x47\x96\x21\x44\x3F\x38\x97\x34\xED"

diff --git a/tests/test_evtx.py b/tests/test_evtx.py
@@ -1,6 +1,5 @@
 from dissect.eventlog.evtx import Evtx
 
-
 # $rawData = [System.Text.Encoding]::Unicode.GetBytes("Test Binary Data")
 
 # New-EventLog -Source TestAppX -LogName TestLogX

diff --git a/tests/test_wevt.py b/tests/test_wevt.py
@@ -1,7 +1,8 @@
-from dissect.eventlog.exceptions import UnknownSignatureException
 from unittest.mock import MagicMock, mock_open, patch
 
 import pytest
+
+from dissect.eventlog.exceptions import UnknownSignatureException
 from dissect.eventlog.wevt import MAPS_WEVT_TYPE, TTBL_WEVT_TYPE, WEVT, WEVT_TYPE
 
 WEVT_HEADER = (

diff --git a/tests/test_wevt_type.py b/tests/test_wevt_type.py
@@ -1,16 +1,18 @@
-from dissect.eventlog.exceptions import UnknownSignatureException
-from dissect.eventlog.wevt import WEVT_TYPE, TTBL_WEVT_TYPE, MAPS_WEVT_TYPE
-from dissect.eventlog.wevt_object import WevtObject
 from unittest.mock import Mock, patch
+
 import pytest
 
+from dissect.eventlog.exceptions import UnknownSignatureException
+from dissect.eventlog.wevt import MAPS_WEVT_TYPE, TTBL_WEVT_TYPE, WEVT_TYPE
+from dissect.eventlog.wevt_object import WevtObject
+
 from ._utils import (
-    TTBL_HEADER,
-    CHAN_HEADER,
     CHAN_DATA,
+    CHAN_HEADER,
     TEMP_HEADER,
-    create_header,
+    TTBL_HEADER,
     create_data_item,
+    create_header,
     create_header_type,
 )
 

diff --git a/tests/test_wevtobj.py b/tests/test_wevtobj.py
@@ -1,12 +1,11 @@
-import pytest
+from unittest.mock import call, patch
 
-from unittest.mock import patch, call
+import pytest
 
 from dissect.eventlog import wevt_object
 
 from ._utils import TEMP_HEADER, create_data_item, create_header_type
 
-
 signatures = ["CHAN", "OPCO", "LEVL", "KEYW"]
 
 

diff --git a/tox.ini b/tox.ini
@@ -39,6 +39,7 @@ deps =
     black==23.1.0
     flake8
     flake8-black
+    flake8-isort
     vermin
 commands =
     flake8 dissect tests setup.py