From 468848cb1ea9a0849c93ce1dea2dc4a34a4a2549 Mon Sep 17 00:00:00 2001
From: pyth0n1c <87383215+pyth0n1c@users.noreply.github.com>
Date: Mon, 23 Mar 2026 18:49:16 -0700
Subject: [PATCH] Remove extra field "description" in executor OR update
 models.py schema (#3298)

Co-authored-by: Hare Sudhan <27735081+cyberbuff@users.noreply.github.com>
---
 atomic_red_team/models.py                      | 18 ++++++++++--------
 atomic_red_team/test_data/extra_forbidden.yaml | 14 ++++++++++++++
 atomics/T1562.008/T1562.008.yaml               |  2 --
 3 files changed, 24 insertions(+), 10 deletions(-)
 create mode 100644 atomic_red_team/test_data/extra_forbidden.yaml

diff --git a/atomic_red_team/models.py b/atomic_red_team/models.py
index 2542dba6..d30a2971 100644
--- a/atomic_red_team/models.py
+++ b/atomic_red_team/models.py
@@ -121,7 +121,13 @@ Argument = Annotated[
 ]
 
 
-class Executor(BaseModel):
+class StrictModel(BaseModel):
+    model_config = ConfigDict(
+        validate_default=True, extra="forbid", validate_assignment=True
+    )
+
+
+class Executor(StrictModel):
     name: ExecutorType
     elevation_required: bool = False
 
@@ -137,17 +143,13 @@ class CommandExecutor(Executor):
     cleanup_command: Optional[str] = None
 
 
-class Dependency(BaseModel):
+class Dependency(StrictModel):
     description: constr(min_length=1)
     prereq_command: constr(min_length=1)
     get_prereq_command: Optional[str]
 
 
-class Atomic(BaseModel):
-    model_config = ConfigDict(
-        validate_default=True, extra="forbid", validate_assignment=True
-    )
-
+class Atomic(StrictModel):
     test_number: Optional[str] = None
     name: constr(min_length=1)
     description: constr(min_length=1)
@@ -235,7 +237,7 @@ class Atomic(BaseModel):
         return v
 
 
-class Technique(BaseModel):
+class Technique(StrictModel):
     attack_technique: AttackTechniqueID
     display_name: str = Field(..., min_length=5)
     atomic_tests: List[Atomic] = Field(min_length=1)
diff --git a/atomic_red_team/test_data/extra_forbidden.yaml b/atomic_red_team/test_data/extra_forbidden.yaml
new file mode 100644
index 00000000..fe15e418
--- /dev/null
+++ b/atomic_red_team/test_data/extra_forbidden.yaml
@@ -0,0 +1,14 @@
+attack_technique: W1003
+display_name: OS Credential Dumping
+atomic_tests:
+- name: Gsecdump
+  random_field: abc123
+  auto_generated_guid: 0f7c5301-6859-45ba-8b4d-1fac30fc31ed
+  description: |
+    Dump credentials from memory using Gsecdump.
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+      echo "ART"
+    name: command_prompt
diff --git a/atomics/T1562.008/T1562.008.yaml b/atomics/T1562.008/T1562.008.yaml
index 55fab309..7e4a1bbd 100644
--- a/atomics/T1562.008/T1562.008.yaml
+++ b/atomics/T1562.008/T1562.008.yaml
@@ -518,7 +518,5 @@ atomic_tests:
       aws configservice delete-configuration-recorder --configuration-recorder-name #{configuration_recorder_name} --region #{region}
       echo "*** Configuration recorder deleted ***"
     cleanup_command: aws configservice list-configuration-recorders --region us-west-2
-    description: |
-        List recorders, to confirm there are none. Confirming previous configuration recorder was stopped and deleted.
     name: sh
     elevation_required: false