Lockdown Boolean configs

Configs of type Boolean must contain either a boolean or a string/symbol of 'true', 'false', 'yes', 'no', 'on', or 'off'

lib/new_relic/agent/configuration/default_source.rb

@@ -35,6 +35,15 @@ def self.===(o)
       end
 
       class DefaultSource
+        BOOLEAN_MAP = {
+          'true' => true,
+          'yes' => true,
+          'on' => true,
+          'false' => false,
+          'no' => false,
+          'off' => false
+        }.freeze
+
         attr_reader :defaults
 
         extend Forwardable
@@ -64,6 +73,10 @@ def self.allowlist_for(key)
           value_from_defaults(key, :allowlist)
         end
 
+        def self.boolean_for(key, value)
+          BOOLEAN_MAP.fetch(value.to_s, nil)
+        end
+
         def self.default_for(key)
           value_from_defaults(key, :default)
         end

lib/new_relic/agent/configuration/manager.rb

@@ -142,6 +142,9 @@ def evaluate_and_apply_transformations(key, value)
           default = enforce_allowlist(key, evaluated)
           return default if default
 
+          boolean = enforce_boolean(key, value)
+          return boolean if [true, false].include?(boolean)
+
           apply_transformations(key, evaluated)
         end
 
@@ -167,6 +170,18 @@ def enforce_allowlist(key, value)
           default
         end
 
+        def enforce_boolean(key, value)
+          type = default_source.value_from_defaults(key, :type)
+          return unless type == Boolean
+
+          bool_value = default_source.boolean_for(key, value)
+          return bool_value unless bool_value.nil?
+
+          default = default_source.default_for(key)
+          NewRelic::Agent.logger.warn "Invalid value '#{value}' for #{key}, applying default value of '#{default}'"
+          default
+        end
+
         def transform_from_default(key)
           default_source.transform_for(key)
         end