contentctl 4.4.7__py3-none-any.whl → 5.0.0__py3-none-any.whl

contentctl/objects/abstract_security_content_objects/security_content_object_abstract.py

@@ -1,52 +1,92 @@
 from __future__ import annotations
-from typing import TYPE_CHECKING, Self, Any
+
+from typing import TYPE_CHECKING, Any, Self
 
 if TYPE_CHECKING:
+    from contentctl.input.director import DirectorOutputDto
     from contentctl.objects.deployment import Deployment
     from contentctl.objects.security_content_object import SecurityContentObject
-    from contentctl.input.director import DirectorOutputDto
-    from contentctl.objects.config import CustomApp
 
-from contentctl.objects.enums import AnalyticsType
-from contentctl.objects.constants import CONTENTCTL_MAX_STANZA_LENGTH
 import abc
-import uuid
 import datetime
+import pathlib
 import pprint
+import uuid
+from functools import cached_property
+from typing import List, Optional, Tuple, Union
+
 from pydantic import (
     BaseModel,
-    field_validator,
+    ConfigDict,
     Field,
-    ValidationInfo,
     FilePath,
     HttpUrl,
     NonNegativeInt,
-    ConfigDict,
-    model_serializer
+    ValidationInfo,
+    computed_field,
+    field_validator,
+    model_serializer,
 )
-from typing import Tuple, Optional, List, Union
-import pathlib
 
+from contentctl.objects.constants import (
+    CONTENTCTL_MAX_STANZA_LENGTH,
+    DEPRECATED_TEMPLATE,
+    EXPERIMENTAL_TEMPLATE,
+)
+from contentctl.objects.enums import AnalyticsType, DetectionStatus
 
 NO_FILE_NAME = "NO_FILE_NAME"
 
 
-# TODO (#266): disable the use_enum_values configuration
 class SecurityContentObject_Abstract(BaseModel, abc.ABC):
-    model_config = ConfigDict(use_enum_values=True,validate_default=True)
-    
-    name: str = Field(...,max_length=99)
-    author: str = Field(...,max_length=255)
+    model_config = ConfigDict(validate_default=True, extra="forbid")
+    name: str = Field(..., max_length=99)
+    author: str = Field(..., max_length=255)
     date: datetime.date = Field(...)
     version: NonNegativeInt = Field(...)
-    id: uuid.UUID = Field(...) #we set a default here until all content has a uuid
-    description: str = Field(...,max_length=10000)
+    id: uuid.UUID = Field(...)  # we set a default here until all content has a uuid
+    description: str = Field(..., max_length=10000)
     file_path: Optional[FilePath] = None
     references: Optional[List[HttpUrl]] = None
 
     def model_post_init(self, __context: Any) -> None:
         self.ensureFileNameMatchesSearchName()
 
+    @computed_field
+    @cached_property
+    def status_aware_description(self) -> str:
+        """We need to be able to write out a description that includes information
+        about whether or not a detection has been deprecated or not. This is important
+        for providing information to the user as well as powering the deprecation
+        assistant dashboad(s). Make sure this information is output correctly, if
+        appropriate.
+        Otherwise, if a detection is not deprecated or experimental, just return th
+        unmodified description.
+
+        Raises:
+            NotImplementedError: This content type does not support status_aware_description.
+            This is because the object does not define a status field
+
+        Returns:
+            str: description, which may or may not be prefixed with the deprecation/experimental message
+        """
+        status = getattr(self, "status", None)
+
+        if not isinstance(status, DetectionStatus):
+            raise NotImplementedError(
+                f"Detection status is not implemented for [{self.name}] of type '{type(self).__name__}'"
+            )
+        if status == DetectionStatus.experimental:
+            return EXPERIMENTAL_TEMPLATE.format(
+                content_type=type(self).__name__, description=self.description
+            )
+        elif status == DetectionStatus.deprecated:
+            return DEPRECATED_TEMPLATE.format(
+                content_type=type(self).__name__, description=self.description
+            )
+        else:
+            return self.description
+
     @model_serializer
     def serialize_model(self):
         return {
@@ -56,15 +96,18 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
             "version": self.version,
             "id": str(self.id),
             "description": self.description,
-            "references": [str(url) for url in self.references or []]
+            "references": [str(url) for url in self.references or []],
         }
-    
-    
-    def check_conf_stanza_max_length(self, stanza_name:str, max_stanza_length:int=CONTENTCTL_MAX_STANZA_LENGTH) -> None:
+
+    def check_conf_stanza_max_length(
+        self, stanza_name: str, max_stanza_length: int = CONTENTCTL_MAX_STANZA_LENGTH
+    ) -> None:
         if len(stanza_name) > max_stanza_length:
-            raise ValueError(f"conf stanza may only be {max_stanza_length} characters, "
-                             f"but stanza was actually {len(stanza_name)} characters: '{stanza_name}' ")
-    
+            raise ValueError(
+                f"conf stanza may only be {max_stanza_length} characters, "
+                f"but stanza was actually {len(stanza_name)} characters: '{stanza_name}' "
+            )
+
     @staticmethod
     def objectListToNameList(objects: list[SecurityContentObject]) -> list[str]:
         return [object.getName() for object in objects]
@@ -76,17 +119,19 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
 
     @classmethod
     def contentNameToFileName(cls, content_name: str) -> str:
-        return content_name \
-            .replace(' ', '_') \
-            .replace('-', '_') \
-            .replace('.', '_') \
-            .replace('/', '_') \
-            .lower() + ".yml"
+        return (
+            content_name.replace(" ", "_")
+            .replace("-", "_")
+            .replace(".", "_")
+            .replace("/", "_")
+            .lower()
+            + ".yml"
+        )
 
     def ensureFileNameMatchesSearchName(self):
         file_name = self.contentNameToFileName(self.name)
 
-        if (self.file_path is not None and file_name != self.file_path.name):
+        if self.file_path is not None and file_name != self.file_path.name:
             raise ValueError(
                 f"The file name MUST be based off the content 'name' field:\n"
                 f"\t- Expected File Name: {file_name}\n"
@@ -95,7 +140,7 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
 
         return self
 
-    @field_validator('file_path')
+    @field_validator("file_path")
     @classmethod
     def file_path_valid(cls, v: Optional[pathlib.PosixPath], info: ValidationInfo):
         if not v:
@@ -112,7 +157,9 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
         return [str(url) for url in self.references or []]
 
     @classmethod
-    def mapNamesToSecurityContentObjects(cls, v: list[str], director: Union[DirectorOutputDto, None]) -> list[Self]:
+    def mapNamesToSecurityContentObjects(
+        cls, v: list[str], director: Union[DirectorOutputDto, None]
+    ) -> list[Self]:
         if director is not None:
             name_map = director.name_to_content_map
         else:
@@ -132,7 +179,9 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
 
         errors: list[str] = []
         if len(missing_objects) > 0:
-            errors.append(f"Failed to find the following '{cls.__name__}': {missing_objects}")
+            errors.append(
+                f"Failed to find the following '{cls.__name__}': {missing_objects}"
+            )
         if len(mistyped_objects) > 0:
             for mistyped_object in mistyped_objects:
                 errors.append(
@@ -144,13 +193,16 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
             error_string = "\n  - ".join(errors)
             raise ValueError(
                 f"Found {len(errors)} issues when resolving references Security Content Object "
-                f"names:\n  - {error_string}")
+                f"names:\n  - {error_string}"
+            )
 
         # Sort all objects sorted by name
         return sorted(mappedObjects, key=lambda o: o.name)
 
     @staticmethod
-    def getDeploymentFromType(typeField: Union[str, None], info: ValidationInfo) -> Deployment:
+    def getDeploymentFromType(
+        typeField: Union[str, None], info: ValidationInfo
+    ) -> Deployment:
         if typeField is None:
             raise ValueError("'type:' field is missing from YML.")
 
@@ -159,21 +211,25 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
 
         director: Optional[DirectorOutputDto] = info.context.get("output_dto", None)
         if not director:
-            raise ValueError("Cannot set deployment - DirectorOutputDto not passed to Detection Constructor in context")
+            raise ValueError(
+                "Cannot set deployment - DirectorOutputDto not passed to Detection Constructor in context"
+            )
 
         type_to_deployment_name_map = {
-            AnalyticsType.TTP.value: "ESCU Default Configuration TTP",
-            AnalyticsType.Hunting.value: "ESCU Default Configuration Hunting",
-            AnalyticsType.Correlation.value: "ESCU Default Configuration Correlation",
-            AnalyticsType.Anomaly.value: "ESCU Default Configuration Anomaly",
-            "Baseline": "ESCU Default Configuration Baseline"
+            AnalyticsType.TTP: "ESCU Default Configuration TTP",
+            AnalyticsType.Hunting: "ESCU Default Configuration Hunting",
+            AnalyticsType.Correlation: "ESCU Default Configuration Correlation",
+            AnalyticsType.Anomaly: "ESCU Default Configuration Anomaly",
+            "Baseline": "ESCU Default Configuration Baseline",
         }
         converted_type_field = type_to_deployment_name_map[typeField]
 
         # TODO: This is clunky, but is imported here to resolve some circular import errors
         from contentctl.objects.deployment import Deployment
 
-        deployments = Deployment.mapNamesToSecurityContentObjects([converted_type_field], director)
+        deployments = Deployment.mapNamesToSecurityContentObjects(
+            [converted_type_field], director
+        )
         if len(deployments) == 1:
             return deployments[0]
         elif len(deployments) == 0:
@@ -189,18 +245,19 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
 
     @staticmethod
     def get_objects_by_name(
-        names_to_find: set[str],
-        objects_to_search: list[SecurityContentObject_Abstract]
+        names_to_find: set[str], objects_to_search: list[SecurityContentObject_Abstract]
     ) -> Tuple[list[SecurityContentObject_Abstract], set[str]]:
         raise Exception("get_objects_by_name deprecated")
-        found_objects = list(filter(lambda obj: obj.name in names_to_find, objects_to_search))
+        found_objects = list(
+            filter(lambda obj: obj.name in names_to_find, objects_to_search)
+        )
         found_names = set([obj.name for obj in found_objects])
         missing_names = names_to_find - found_names
         return found_objects, missing_names
 
     @staticmethod
     def create_filename_to_content_dict(
-        all_objects: list[SecurityContentObject_Abstract]
+        all_objects: list[SecurityContentObject_Abstract],
     ) -> dict[str, SecurityContentObject_Abstract]:
         name_dict: dict[str, SecurityContentObject_Abstract] = dict()
         for object in all_objects:
@@ -208,7 +265,9 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
             # SecurityContentObject (e.g. filter macros that are created at runtime but have no
             # actual file associated)
             if object.file_path is None:
-                raise ValueError(f"SecurityContentObject is missing a file_path: {object.name}")
+                raise ValueError(
+                    f"SecurityContentObject is missing a file_path: {object.name}"
+                )
             name_dict[str(pathlib.Path(object.file_path))] = object
         return name_dict
 
@@ -225,12 +284,16 @@ class SecurityContentObject_Abstract(BaseModel, abc.ABC):
 
     def __lt__(self, other: object) -> bool:
         if not isinstance(other, SecurityContentObject_Abstract):
-            raise Exception(f"SecurityContentObject can only be compared to each other, not to {type(other)}")
+            raise Exception(
+                f"SecurityContentObject can only be compared to each other, not to {type(other)}"
+            )
         return self.name < other.name
 
     def __eq__(self, other: object) -> bool:
         if not isinstance(other, SecurityContentObject_Abstract):
-            raise Exception(f"SecurityContentObject can only be compared to each other, not to {type(other)}")
+            raise Exception(
+                f"SecurityContentObject can only be compared to each other, not to {type(other)}"
+            )
 
         if id(self) == id(other) and self.name == other.name and self.id == other.id:
             # Yes, this is the same object

contentctl/objects/alert_action.py

@@ -1,5 +1,5 @@
 from __future__ import annotations
-from pydantic import BaseModel, model_serializer
+from pydantic import BaseModel, model_serializer, ConfigDict
 from typing import Optional
 
 from contentctl.objects.deployment_email import DeploymentEmail
@@ -8,33 +8,34 @@ from contentctl.objects.deployment_rba import DeploymentRBA
 from contentctl.objects.deployment_slack import DeploymentSlack
 from contentctl.objects.deployment_phantom import DeploymentPhantom
 
+
 class AlertAction(BaseModel):
+    model_config = ConfigDict(extra="forbid")
     email: Optional[DeploymentEmail] = None
     notable: Optional[DeploymentNotable] = None
     rba: Optional[DeploymentRBA] = DeploymentRBA()
     slack: Optional[DeploymentSlack] = None
     phantom: Optional[DeploymentPhantom] = None
 
-    
     @model_serializer
     def serialize_model(self):
-        #Call serializer for parent
+        # Call serializer for parent
         model = {}
 
         if self.email is not None:
             raise Exception("Email not implemented")
 
         if self.notable is not None:
-            model['notable'] = self.notable
+            model["notable"] = self.notable
 
         if self.rba is not None and self.rba.enabled:
-            model['rba'] = {'enabled': "true"}
+            model["rba"] = {"enabled": "true"}
 
         if self.slack is not None:
             raise Exception("Slack not implemented")
-        
+
         if self.phantom is not None:
             raise Exception("Phantom not implemented")
-        
-        #return the model
-        return model
+
+        # return the model
+        return model

contentctl/objects/annotated_types.py

@@ -3,4 +3,4 @@ from typing import Annotated
 
 CVE_TYPE = Annotated[str, Field(pattern=r"^CVE-[1|2]\d{3}-\d+$")]
 MITRE_ATTACK_ID_TYPE = Annotated[str, Field(pattern=r"^T\d{4}(.\d{3})?$")]
-APPID_TYPE = Annotated[str,Field(pattern="^[a-zA-Z0-9_-]+$")]
+APPID_TYPE = Annotated[str, Field(pattern="^[a-zA-Z0-9_-]+$")]

contentctl/objects/atomic.py

@@ -1,5 +1,6 @@
 from __future__ import annotations
 from typing import TYPE_CHECKING
+
 if TYPE_CHECKING:
     from contentctl.objects.config import validate
 
@@ -11,12 +12,13 @@ import pathlib
 from enum import StrEnum, auto
 import uuid
 
-class SupportedPlatform(StrEnum):        
+
+class SupportedPlatform(StrEnum):
     windows = auto()
     linux = auto()
     macos = auto()
     containers = auto()
-    # Because the following fields contain special characters 
+    # Because the following fields contain special characters
     # (which cannot be field names) we must specifiy them manually
     google_workspace = "google-workspace"
     iaas_gcp = "iaas:gcp"
@@ -24,7 +26,6 @@ class SupportedPlatform(StrEnum):
     iaas_aws = "iaas:aws"
     azure_ad = "azure-ad"
     office_365 = "office-365"
-    
 
 
 class InputArgumentType(StrEnum):
@@ -40,28 +41,33 @@ class InputArgumentType(StrEnum):
     Path = "Path"
     Url = "Url"
 
+
 class AtomicExecutor(BaseModel):
+    model_config = ConfigDict(extra="forbid")
     name: str
-    elevation_required: Optional[bool] = False #Appears to be optional
+    elevation_required: Optional[bool] = False  # Appears to be optional
     command: Optional[str] = None
     steps: Optional[str] = None
     cleanup_command: Optional[str] = None
 
-    @model_validator(mode='after')
-    def ensure_mutually_exclusive_fields(self)->Self:
+    @model_validator(mode="after")
+    def ensure_mutually_exclusive_fields(self) -> Self:
         if self.command is not None and self.steps is not None:
-            raise ValueError("command and steps cannot both be defined in the executor section.  Exactly one must be defined.")
+            raise ValueError(
+                "command and steps cannot both be defined in the executor section.  Exactly one must be defined."
+            )
         elif self.command is None and self.steps is None:
-            raise ValueError("Neither command nor steps were defined in the executor section.  Exactly one must be defined.")
+            raise ValueError(
+                "Neither command nor steps were defined in the executor section.  Exactly one must be defined."
+            )
         return self
-    
 
 
 class InputArgument(BaseModel):
-    model_config = ConfigDict(extra='forbid')
+    model_config = ConfigDict(extra="forbid")
     description: str
     type: InputArgumentType
-    default: Union[str,int,float,None] = None
+    default: Union[str, int, float, None] = None
 
 
 class DependencyExecutorType(StrEnum):
@@ -70,43 +76,51 @@ class DependencyExecutorType(StrEnum):
     bash = auto()
     command_prompt = auto()
 
+
 class AtomicDependency(BaseModel):
-    model_config = ConfigDict(extra='forbid')
+    model_config = ConfigDict(extra="forbid")
     description: str
     prereq_command: str
     get_prereq_command: str
 
+
 class AtomicTest(BaseModel):
-    model_config = ConfigDict(extra='forbid')
+    model_config = ConfigDict(extra="forbid")
     name: str
     auto_generated_guid: UUID4
     description: str
     supported_platforms: List[SupportedPlatform]
     executor: AtomicExecutor
-    input_arguments: Optional[Dict[str,InputArgument]] = None
+    input_arguments: Optional[Dict[str, InputArgument]] = None
     dependencies: Optional[List[AtomicDependency]] = None
     dependency_executor_name: Optional[DependencyExecutorType] = None
 
     @staticmethod
     def AtomicTestWhenTestIsMissing(auto_generated_guid: UUID4) -> AtomicTest:
-        return AtomicTest(name="Missing Atomic",
-                          auto_generated_guid=auto_generated_guid,
-                          description="This is a placeholder AtomicTest. Either the auto_generated_guid is incorrect or it there was an exception while parsing its AtomicFile.",
-                          supported_platforms=[],
-                          executor=AtomicExecutor(name="Placeholder Executor (failed to find auto_generated_guid)", 
-                                                  command="Placeholder command (failed to find auto_generated_guid)"))    
-    
+        return AtomicTest(
+            name="Missing Atomic",
+            auto_generated_guid=auto_generated_guid,
+            description="This is a placeholder AtomicTest. Either the auto_generated_guid is incorrect or it there was an exception while parsing its AtomicFile.",
+            supported_platforms=[],
+            executor=AtomicExecutor(
+                name="Placeholder Executor (failed to find auto_generated_guid)",
+                command="Placeholder command (failed to find auto_generated_guid)",
+            ),
+        )
+
     @classmethod
-    def parseArtRepo(cls, repo_path:pathlib.Path)->dict[uuid.UUID, AtomicTest]:
+    def parseArtRepo(cls, repo_path: pathlib.Path) -> dict[uuid.UUID, AtomicTest]:
         test_mapping: dict[uuid.UUID, AtomicTest] = {}
-        atomics_path = repo_path/"atomics"
+        atomics_path = repo_path / "atomics"
         if not atomics_path.is_dir():
-            raise FileNotFoundError(f"WARNING: Atomic Red Team repo exists at {repo_path}, "
-                                    f"but atomics directory does NOT exist at {atomics_path}. "
-                                    "Was it deleted or renamed?")
-
-        atomic_files:List[AtomicFile] = []
-        error_messages:List[str] = []
+            raise FileNotFoundError(
+                f"WARNING: Atomic Red Team repo exists at {repo_path}, "
+                f"but atomics directory does NOT exist at {atomics_path}. "
+                "Was it deleted or renamed?"
+            )
+
+        atomic_files: List[AtomicFile] = []
+        error_messages: List[str] = []
         for obj_path in atomics_path.glob("**/T*.yaml"):
             try:
                 atomic_files.append(cls.constructAtomicFile(obj_path))
@@ -114,14 +128,16 @@ class AtomicTest(BaseModel):
                 error_messages.append(f"File [{obj_path}]\n{str(e)}")
 
         if len(error_messages) > 0:
-            exceptions_string = '\n\n'.join(error_messages)
-            print(f"WARNING: The following [{len(error_messages)}] ERRORS were generated when parsing the Atomic Red Team Repo.\n"
-                   "Please raise an issue so that they can be fixed at https://github.com/redcanaryco/atomic-red-team/issues.\n"
-                   "Note that this is only a warning and contentctl will ignore Atomics contained in these files.\n"
-                  f"However, if you have written a detection that references them, 'contentctl build --enrichments' will fail:\n\n{exceptions_string}")
-        
+            exceptions_string = "\n\n".join(error_messages)
+            print(
+                f"WARNING: The following [{len(error_messages)}] ERRORS were generated when parsing the Atomic Red Team Repo.\n"
+                "Please raise an issue so that they can be fixed at https://github.com/redcanaryco/atomic-red-team/issues.\n"
+                "Note that this is only a warning and contentctl will ignore Atomics contained in these files.\n"
+                f"However, if you have written a detection that references them, 'contentctl build --enrichments' will fail:\n\n{exceptions_string}"
+            )
+
         # Now iterate over all the files, collect all the tests, and return the dict mapping
-        redefined_guids:set[uuid.UUID] = set()
+        redefined_guids: set[uuid.UUID] = set()
         for atomic_file in atomic_files:
             for atomic_test in atomic_file.atomic_tests:
                 if atomic_test.auto_generated_guid in test_mapping:
@@ -129,23 +145,25 @@ class AtomicTest(BaseModel):
                 else:
                     test_mapping[atomic_test.auto_generated_guid] = atomic_test
         if len(redefined_guids) > 0:
-            guids_string = '\n\t'.join([str(guid) for guid in redefined_guids])
-            raise Exception(f"The following [{len(redefined_guids)}] Atomic Test"
-                            " auto_generated_guid(s) were defined more than once. "
-                            f"auto_generated_guids MUST be unique:\n\t{guids_string}")
+            guids_string = "\n\t".join([str(guid) for guid in redefined_guids])
+            raise Exception(
+                f"The following [{len(redefined_guids)}] Atomic Test"
+                " auto_generated_guid(s) were defined more than once. "
+                f"auto_generated_guids MUST be unique:\n\t{guids_string}"
+            )
 
         print(f"Successfully parsed [{len(test_mapping)}] Atomic Red Team Tests!")
         return test_mapping
-    
+
     @classmethod
-    def constructAtomicFile(cls, file_path:pathlib.Path)->AtomicFile:
-        yml_dict = YmlReader.load_file(file_path) 
+    def constructAtomicFile(cls, file_path: pathlib.Path) -> AtomicFile:
+        yml_dict = YmlReader.load_file(file_path)
         atomic_file = AtomicFile.model_validate(yml_dict)
         return atomic_file
 
 
 class AtomicFile(BaseModel):
-    model_config = ConfigDict(extra='forbid')
+    model_config = ConfigDict(extra="forbid")
     file_path: FilePath
     attack_technique: str
     display_name: str
@@ -153,18 +171,18 @@ class AtomicFile(BaseModel):
 
 
 class AtomicEnrichment(BaseModel):
-    data: dict[uuid.UUID,AtomicTest] = dataclasses.field(default_factory = dict)
+    data: dict[uuid.UUID, AtomicTest] = dataclasses.field(default_factory=dict)
     use_enrichment: bool = False
 
     @classmethod
-    def getAtomicEnrichment(cls, config:validate)->AtomicEnrichment:
+    def getAtomicEnrichment(cls, config: validate) -> AtomicEnrichment:
         enrichment = AtomicEnrichment(use_enrichment=config.enrichments)
         if config.enrichments:
             enrichment.data = AtomicTest.parseArtRepo(config.atomic_red_team_repo_path)
 
         return enrichment
 
-    def getAtomic(self, atomic_guid: uuid.UUID)->AtomicTest:
+    def getAtomic(self, atomic_guid: uuid.UUID) -> AtomicTest:
         if self.use_enrichment:
             if atomic_guid in self.data:
                 return self.data[atomic_guid]
@@ -174,10 +192,3 @@ class AtomicEnrichment(BaseModel):
             # If enrichment is not enabled, for the sake of compatability
             # return a stub test with no useful or meaningful information.
             return AtomicTest.AtomicTestWhenTestIsMissing(atomic_guid)
-
-    
-
-    
-
-        
-    

contentctl/objects/base_test.py

@@ -1,16 +1,17 @@
-from enum import Enum
+from enum import StrEnum
 from typing import Union
 from abc import ABC, abstractmethod
 
-from pydantic import BaseModel
+from pydantic import BaseModel, ConfigDict
 
 from contentctl.objects.base_test_result import BaseTestResult
 
 
-class TestType(str, Enum):
+class TestType(StrEnum):
     """
     Types of tests
     """
+
     UNIT = "unit"
     INTEGRATION = "integration"
     MANUAL = "manual"
@@ -21,6 +22,7 @@ class TestType(str, Enum):
 
 # TODO (#224): enforce distinct test names w/in detections
 class BaseTest(BaseModel, ABC):
+    model_config = ConfigDict(extra="forbid")
     """
     A test case for a detection
     """