From badfdfd316436e3002aff50ca177e0d3d5d07375 Mon Sep 17 00:00:00 2001
From: Hannah Ramadan <hannahr315@gmail.com>
Date: Wed, 11 Sep 2024 09:48:58 -0700
Subject: [PATCH] Lockdown Boolean configs

Configs of type Boolean must contain either a boolean or a string/symbol of 'true', 'false', 'yes', 'no', 'on', or 'off'
---
 .../agent/configuration/default_source.rb         | 13 +++++++++++++
 lib/new_relic/agent/configuration/manager.rb      | 15 +++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/lib/new_relic/agent/configuration/default_source.rb b/lib/new_relic/agent/configuration/default_source.rb
index 08e028e939..5f35433b24 100644
--- a/lib/new_relic/agent/configuration/default_source.rb
+++ b/lib/new_relic/agent/configuration/default_source.rb
@@ -35,6 +35,15 @@ def self.===(o)
       end
 
       class DefaultSource
+        BOOLEAN_MAP = {
+          'true' => true,
+          'yes' => true,
+          'on' => true,
+          'false' => false,
+          'no' => false,
+          'off' => false
+        }.freeze
+
         attr_reader :defaults
 
         extend Forwardable
@@ -64,6 +73,10 @@ def self.allowlist_for(key)
           value_from_defaults(key, :allowlist)
         end
 
+        def self.boolean_for(key, value)
+          BOOLEAN_MAP.fetch(value.to_s, nil)
+        end
+
         def self.default_for(key)
           value_from_defaults(key, :default)
         end
diff --git a/lib/new_relic/agent/configuration/manager.rb b/lib/new_relic/agent/configuration/manager.rb
index 40249f8a8f..43b7ed5617 100644
--- a/lib/new_relic/agent/configuration/manager.rb
+++ b/lib/new_relic/agent/configuration/manager.rb
@@ -142,6 +142,9 @@ def evaluate_and_apply_transformations(key, value)
           default = enforce_allowlist(key, evaluated)
           return default if default
 
+          boolean = enforce_boolean(key, value)
+          return boolean if [true, false].include?(boolean)
+
           apply_transformations(key, evaluated)
         end
 
@@ -167,6 +170,18 @@ def enforce_allowlist(key, value)
           default
         end
 
+        def enforce_boolean(key, value)
+          type = default_source.value_from_defaults(key, :type)
+          return unless type == Boolean
+
+          bool_value = default_source.boolean_for(key, value)
+          return bool_value unless bool_value.nil?
+
+          default = default_source.default_for(key)
+          NewRelic::Agent.logger.warn "Invalid value '#{value}' for #{key}, applying default value of '#{default}'"
+          default
+        end
+
         def transform_from_default(key)
           default_source.transform_for(key)
         end