contrast-agent 6.6.5 → 6.7.0

data/lib/contrast/components/agent.rb

@@ -4,7 +4,10 @@
 require 'rubygems/version'
 require 'contrast/agent/rule_set'
 require 'contrast/components/logger'
+require 'contrast/components/security_logger'
 require 'contrast/components/heap_dump'
+require 'contrast/components/service'
+require 'contrast/components/ruby_component'
 
 module Contrast
   module Components
@@ -21,9 +24,10 @@ module Contrast
           @_enable = hsh[:enable]
           @_start_bundled_service = hsh[:start_bundled_service]
           @_omit_body = hsh[:omit_body]
-          @_service = Contrast::Config::ServiceConfiguration.new(hsh[:service])
+          @_service = Contrast::Components::Service::Interface.new(hsh[:service])
           @_logger = Contrast::Components::Logger::Interface.new(hsh[:logger])
-          @_ruby = Contrast::Config::RubyConfiguration.new(hsh[:ruby])
+          @_security_logger = Contrast::Components::SecurityLogger::Interface.new(hsh[:security_logger])
+          @_ruby = Contrast::Components::Ruby::Interface.new(hsh[:ruby])
           @_heap_dump = Contrast::Components::HeapDump::Interface.new(hsh[:heap_dump])
         end
 
@@ -35,7 +39,7 @@ module Contrast
         def service
           return @_service unless @_service.nil?
 
-          @_service = Contrast::Config::ServiceConfiguration.new
+          @_service = Contrast::Components::Service::Interface.new
         end
 
         def logger
@@ -44,10 +48,16 @@ module Contrast
           @_logger = Contrast::Components::Logger::Interface.new
         end
 
+        def security_logger
+          return @_security_logger unless @_security_logger.nil?
+
+          @_security_logger = Contrast::Components::SecurityLogger::Interface.new
+        end
+
         def ruby
           return @_ruby unless @_ruby.nil?
 
-          @_ruby = Contrast::Config::RubyConfiguration.new
+          @_ruby = Contrast::Components::Ruby::Interface.new
         end
 
         def heap_dump
@@ -57,7 +67,7 @@ module Contrast
         end
 
         def enabled?
-          @_enable = !false?(::Contrast::CONFIG.root.enable) if @_enable.nil?
+          @_enable = !false?(::Contrast::CONFIG.enable) if @_enable.nil?
           @_enable
         end
 
@@ -87,12 +97,6 @@ module Contrast
           !false?(ruby.propagate_yield)
         end
 
-        def interpolation_enabled?
-          return @_interpolation_enabled unless @_interpolation_enabled.nil?
-
-          @_interpolation_enabled = !false?(::Contrast::CONFIG.root.agent.ruby.interpolate)
-        end
-
         def omit_body?
           @_omit_body
         end
@@ -108,7 +112,7 @@ module Contrast
         def skip_instrumentation? loaded_module_name
           return true unless loaded_module_name
 
-          loaded_module_name.start_with?(*::Contrast::CONFIG.root.agent.ruby.uninstrument_namespace)
+          loaded_module_name.start_with?(*::Contrast::CONFIG.agent.ruby.uninstrument_namespace)
         end
 
         # Insert ourselves into the application, keeping our middleware at the outermost layer of the onion

data/lib/contrast/components/api.rb

@@ -66,7 +66,7 @@ module Contrast
 
         def api_url
           @_api_url ||= begin
-            tmp = Contrast::CONFIG.root.api.url
+            tmp = Contrast::CONFIG.api.url
             tmp += '/Contrast' unless tmp.end_with?('/Contrast')
             tmp
           end
@@ -75,7 +75,7 @@ module Contrast
         def proxy_enable
           return @_proxy_enable unless @_proxy_enable.nil?
 
-          @_proxy_enable = true?(::Contrast::CONFIG.root.api.proxy.enable)
+          @_proxy_enable = true?(::Contrast::CONFIG.api.proxy.enable)
         end
 
         def proxy_url
@@ -85,39 +85,39 @@ module Contrast
         def request_audit_enable
           return @_request_audit_enable unless @_request_audit_enable.nil?
 
-          @_request_audit_enable = true?(::Contrast::CONFIG.root.api.request_audit.enable)
+          @_request_audit_enable = true?(::Contrast::CONFIG.api.request_audit.enable)
         end
 
         def request_audit_requests
           return @_request_audit_requests unless @_request_audit_requests.nil?
 
-          @_request_audit_requests = true?(::Contrast::CONFIG.root.api.request_audit.requests)
+          @_request_audit_requests = true?(::Contrast::CONFIG.api.request_audit.requests)
         end
 
         def request_audit_responses
           return @_request_audit_responses unless @_request_audit_responses.nil?
 
-          @_request_audit_responses = true?(::Contrast::CONFIG.root.api.request_audit.responses)
+          @_request_audit_responses = true?(::Contrast::CONFIG.api.request_audit.responses)
         end
 
         def request_audit_path
-          @_request_audit_path ||= ::Contrast::CONFIG.root.api.request_audit.path.to_s
+          @_request_audit_path ||= ::Contrast::CONFIG.api.request_audit.path.to_s
         end
 
         def certification_enable
-          @_certification_enable ||= certification_truly_enabled?(::Contrast::CONFIG.root.api.certificate)
+          @_certification_enable ||= certification_truly_enabled?(::Contrast::CONFIG.api.certificate)
         end
 
         def certification_ca_file
-          @_certification_ca_file ||= ::Contrast::CONFIG.root.api.certificate.ca_file
+          @_certification_ca_file ||= ::Contrast::CONFIG.api.certificate.ca_file
         end
 
         def certification_cert_file
-          @_certification_cert_file ||= ::Contrast::CONFIG.root.api.certificate.cert_file
+          @_certification_cert_file ||= ::Contrast::CONFIG.api.certificate.cert_file
         end
 
         def certification_key_file
-          @_certification_key_file ||= ::Contrast::CONFIG.root.api.certificate.key_file
+          @_certification_key_file ||= ::Contrast::CONFIG.api.certificate.key_file
         end
 
         private

data/lib/contrast/components/app_context.rb

@@ -83,7 +83,7 @@ module Contrast
 
         def server_type
           @_server_type ||= begin
-            tmp = ::Contrast::CONFIG.root.server.type
+            tmp = ::Contrast::CONFIG.server.type
             tmp = Contrast::Agent.framework_manager.server_type unless Contrast::Utils::StringUtils.present?(tmp)
             tmp
           end
@@ -118,7 +118,7 @@ module Contrast
 
         def server_name
           @_server_name ||= begin
-            tmp = ::Contrast::CONFIG.root.server.name # rubocop:disable Security/Module/Name
+            tmp = ::Contrast::CONFIG.server.name # rubocop:disable Security/Module/Name
             tmp = Socket.gethostname unless Contrast::Utils::StringUtils.present?(tmp)
             tmp = Contrast::Utils::StringUtils.force_utf8(tmp)
             Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_SERVER_NAME)
@@ -129,7 +129,7 @@ module Contrast
 
         def server_path
           @_server_path ||= begin
-            tmp = ::Contrast::CONFIG.root.server.path
+            tmp = ::Contrast::CONFIG.server.path
             tmp = Dir.pwd unless Contrast::Utils::StringUtils.present?(tmp)
             Contrast::Utils::StringUtils.truncate(tmp, DEFAULT_SERVER_PATH)
           rescue StandardError

data/lib/contrast/components/app_context_extend.rb

@@ -71,7 +71,7 @@ module Contrast
       end
 
       def disabled_agent_rake_tasks
-        ::Contrast::CONFIG.root.agent.ruby.disabled_agent_rake_tasks
+        ::Contrast::CONFIG.agent.ruby.disabled_agent_rake_tasks
       end
     end
   end

data/lib/contrast/components/assess.rb

@@ -3,7 +3,7 @@
 
 require 'contrast/components/base'
 require 'contrast/components/config'
-require 'contrast/components/settings'
+require 'contrast/components/assess_rules'
 
 module Contrast
   module Components
@@ -12,9 +12,85 @@ module Contrast
       # for access of the values contained in its
       # parent_configuration_spec.yaml.
       # Specifically, this allows for querying the state of the Assess product.
-      class Interface
+      class Interface # rubocop:disable Metrics/ClassLength
         include Contrast::Components::ComponentBase
 
+        # @return [String, nil]
+        attr_accessor :tags
+        # @return [Boolean, nil]
+        attr_accessor :enable
+        # @return [Array, nil]
+        attr_writer :enable_scan_response, :enable_dynamic_sources, :sampling, :rules, :stacktraces
+
+        DEFAULT_STACKTRACES = 'ALL'
+        DEFAULT_MAX_SOURCE_EVENTS = 50_000
+        DEFAULT_MAX_PROPAGATION_EVENTS = 50_000
+        DEFAULT_MAX_RULE_REPORTED = 100
+        DEFAULT_MAX_RULE_TIME_THRESHOLD = 300_000
+
+        # rubocop:disable Naming/MemoizedInstanceVariableName
+        def initialize hsh = {}
+          return unless hsh
+
+          @enable = hsh[:enable]
+          @tags = hsh[:tags]
+          @enable_scan_response = hsh[:enable_scan_response]
+          @enable_dynamic_sources = hsh[:enable_dynamic_sources]
+          @enable_original_object = hsh[:enable_original_object]
+          @sampling = Contrast::Components::Sampling::Interface.new(hsh[:sampling])
+          @rules = Contrast::Components::AssessRules::Interface.new(hsh[:rules])
+          @stacktraces = hsh[:stacktraces]
+          @max_context_source_events = hsh[:max_context_source_events]
+          @max_propagation_events = hsh[:max_propagation_events]
+          @max_rule_reported = hsh[:max_rule_reported]
+          @time_limit_threshold = hsh[:time_limit_threshold]
+        end
+
+        # @return [Boolean, true]
+        def enable_scan_response
+          @enable_scan_response.nil? ? true : @enable_scan_response
+        end
+
+        # @return [Boolean, true]
+        def enable_dynamic_sources
+          @enable_dynamic_sources.nil? ? true : @enable_dynamic_sources
+        end
+
+        # @return [Boolean, true]
+        def enable_original_object
+          @enable_original_object.nil? ? true : @enable_original_object
+        end
+
+        # @return [Contrast::Components::Sampling::Interface]
+        def sampling
+          @sampling ||= Contrast::Components::Sampling::Interface.new
+        end
+
+        # @return [Contrast::Components::AssessRules::Interface]
+        def rules
+          @rules ||= Contrast::Components::AssessRules::Interface.new
+        end
+
+        def stacktraces
+          @stacktraces ||= DEFAULT_STACKTRACES
+        end
+
+        def max_rule_reported
+          @max_rule_reported ||= DEFAULT_MAX_RULE_REPORTED
+        end
+
+        def time_limit_threshold
+          @time_limit_threshold ||= DEFAULT_MAX_RULE_TIME_THRESHOLD
+        end
+
+        def max_propagation_events
+          @max_propagation_events ||= DEFAULT_MAX_PROPAGATION_EVENTS
+        end
+
+        def max_context_source_events
+          @max_context_source_events ||= DEFAULT_MAX_SOURCE_EVENTS
+        end
+
         def enabled?
           # config overrides if forcibly set
           return false if forcibly_disabled?
@@ -28,7 +104,8 @@ module Contrast
         end
 
         def forcibly_disabled?
-          @_forcibly_disabled = false?(::Contrast::CONFIG.root.assess.enable) if @_forcibly_disabled.nil?
+          @_forcibly_disabled = false?(enable) if @_forcibly_disabled.nil?
+
           @_forcibly_disabled
         end
 
@@ -40,9 +117,9 @@ module Contrast
         # faster comparisons when we use it. Anything not one of the known values of
         # 'NONE',  'SOME', or 'ALL' is treated as 'ALL'
         #
-        # @return [Symbol] the normalized value of ::Contrast::CONFIG.root.assess.stacktraces
+        # @return [Symbol] the normalized value of ::Contrast::CONFIG.assess.stacktraces
         def capture_stacktrace_value
-          @_capture_stacktrace_value ||= case ::Contrast::CONFIG.root.assess.stacktraces.upcase
+          @_capture_stacktrace_value ||= case stacktraces&.upcase
                                          when 'NONE'
                                            :NONE
                                          when 'SOME'
@@ -53,7 +130,7 @@ module Contrast
         end
 
         # Consider capture_stacktrace_value along with the node type
-        # to dertmine whether stacktraces should be captured.
+        # to determine whether stacktraces should be captured.
         #
         # capture_stacktrace_value -> (:ALL, :NONE, :SOME)
         # node types (SourceNode, PolicyNode, TriggerNode, PropagationNode)
@@ -72,42 +149,34 @@ module Contrast
         end
 
         def scan_response?
-          @_scan_response = !false?(::Contrast::CONFIG.root.assess.enable_scan_response) if @_scan_response.nil?
+          @_scan_response = !false?(enable_scan_response) if @_scan_response.nil?
+
           @_scan_response
         end
 
         def require_scan?
-          @_require_scan = !false?(::Contrast::CONFIG.root.agent.ruby.require_scan) if @_require_scan.nil?
+          @_require_scan = !false?(::Contrast::CONFIG.agent.ruby.require_scan) if @_require_scan.nil?
           @_require_scan
         end
 
         def require_dynamic_sources?
           return @_require_dynamic_sources unless @_require_dynamic_sources.nil?
 
-          @_require_dynamic_sources = !false?(::Contrast::CONFIG.root.assess.enable_dynamic_sources)
+          @_require_dynamic_sources = !false?(enable_dynamic_sources)
         end
 
         def non_request_tracking?
-          @_non_request_tracking = true?(::Contrast::CONFIG.root.agent.ruby.non_request_tracking) if
+          @_non_request_tracking = true?(::Contrast::CONFIG.agent.ruby.non_request_tracking) if
             @_non_request_tracking.nil?
           @_non_request_tracking
         end
 
-        def tags
-          ::Contrast::CONFIG.root.assess&.tags
-        end
-
         def disabled_rules
-          # TODO: RUBY-903
-          ::Contrast::CONFIG.root.assess&.rules&.disabled_rules ||
-              ::Contrast::SETTINGS.assess_state.disabled_assess_rules ||
-              []
+          rules&.disabled_rules || ::Contrast::SETTINGS.assess_state.disabled_assess_rules || []
         end
 
         def track_original_object?
-          if @_track_original_object.nil?
-            @_track_original_object = !false?(::Contrast::CONFIG.root.assess.enable_original_object)
-          end
+          @_track_original_object = !false?(enable_original_object) if @_track_original_object.nil?
 
           @_track_original_object
         end
@@ -118,26 +187,11 @@ module Contrast
           ::Contrast::SETTINGS.assess_state.session_id
         end
 
-        def max_source_events
-          ::Contrast::CONFIG.root.assess.max_context_source_events
-        end
-
-        def max_propagation_events
-          ::Contrast::CONFIG.root.assess.max_propagation_events
-        end
-
-        def time_limit_threshold
-          ::Contrast::CONFIG.root.assess.time_limit_threshold
-        end
-
-        def max_rule_reported
-          ::Contrast::CONFIG.root.assess.max_rule_reported
-        end
-
+        # rubocop:enable Naming/MemoizedInstanceVariableName
         private
 
         def forcibly_enabled?
-          @_forcibly_enabled = true?(::Contrast::CONFIG.root.assess.enable) if @_forcibly_enabled.nil?
+          @_forcibly_enabled = true?(::Contrast::CONFIG.assess.enable) if @_forcibly_enabled.nil?
           @_forcibly_enabled
         end
       end

data/lib/contrast/components/assess_rules.rb

@@ -0,0 +1,36 @@
+# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
+# frozen_string_literal: true
+
+require 'contrast/config/base_configuration'
+
+module Contrast
+  module Components
+    # Common Configuration settings. Those in this section pertain to the
+    # disabled assess rule functionality of the Agent.
+    module AssessRules
+      class Interface # :nodoc:
+        include Contrast::Config::BaseConfiguration
+
+        SPEC_KEY = :disabled_rules.cs__freeze
+        # @return [Array, nil] list of disabled assess rules
+        attr_accessor :disabled_rules
+
+        def initialize hsh = {}
+          return unless hsh
+
+          @disabled_rules = cast_disabled_rules(hsh)
+        end
+
+        private
+
+        def cast_disabled_rules hsh
+          return unless hsh
+          return unless hsh.key?(SPEC_KEY)
+          return hsh[SPEC_KEY] if hsh[SPEC_KEY].cs__is_a?(Array)
+
+          hsh[SPEC_KEY].split(',').map(&:strip) if hsh[SPEC_KEY].cs__is_a?(String)
+        end
+      end
+    end
+  end
+end

data/lib/contrast/components/config.rb

@@ -34,6 +34,9 @@ module Contrast
         API_KEY = "Invalid configuration. Missing a required connection value 'api_key' is not set."
         API_SERVICE_KEY = "Invalid configuration. Missing a required connection value 'service_tag' is not set."
         API_USERNAME = "Invalid configuration. Missing a required connection value 'user_name' is not set."
+
+        attr_reader :config
+
         def initialize
           build
         end
@@ -62,9 +65,44 @@ module Contrast
         end
         alias_method :rebuild, :build
 
-        # @return [Contrast::Config::RootConfiguration]
-        def root
-          @config.root
+        # @return [Contrast::Components::Api::Interface]
+        def api
+          @config.api
+        end
+
+        # @return [Contrast::Components::Agent::Interface]
+        def agent
+          @config.agent
+        end
+
+        # @return [Contrast::Components::AppContext::Interface]
+        def application
+          @config.application
+        end
+
+        # @return [Contrast::Config::ServerConfiguration]
+        def server
+          @config.server
+        end
+
+        # @return [Contrast::Components::Assess::Interface]
+        def assess
+          @config.assess
+        end
+
+        # @return [Contrast::Components::Inventory::Interface]
+        def inventory
+          @config.inventory
+        end
+
+        # @return [Contrast::Components::Protect::Interface]
+        def protect
+          @config.protect
+        end
+
+        # @return [Contrast::Components::Service::Interface]
+        def service
+          @config.service
         end
 
         def valid?
@@ -72,6 +110,10 @@ module Contrast
           @_valid
         end
 
+        def enable
+          @config.enable
+        end
+
         def invalid?
           !valid?
         end
@@ -85,12 +127,12 @@ module Contrast
         #
         # @return [String,nil] the value of the session id set in the configuration, or nil if unset
         def session_id
-          root.application.session_id
+          application.session_id
         end
 
         # @return [String,nil] the value of the session metadata set in the configuration, or nil if unset
         def session_metadata
-          root.application.session_metadata
+          application.session_metadata
         end
 
         private
@@ -138,7 +180,7 @@ module Contrast
             next unless env_key.to_s.start_with?(CONTRAST_ENV_MARKER)
 
             config_item = Contrast::Utils::EnvConfigurationItem.new(env_key, env_value)
-            assign_value_to_path_array(root, config_item.dot_path_array, config_item.value)
+            assign_value_to_path_array(self, config_item.dot_path_array, config_item.value)
           end
         end
 
@@ -148,7 +190,7 @@ module Contrast
         #
         # @return [String, nil]
         def api_url
-          root.api.url
+          api.url
         end
 
         # Typically, the following values would be accessed through Contrast::Components::AppContext
@@ -157,7 +199,7 @@ module Contrast
         #
         # @return [String, nil]
         def api_key
-          root.api.api_key
+          api.api_key
         end
 
         # Typically, the following values would be accessed through Contrast::Components::AppContext
@@ -166,7 +208,7 @@ module Contrast
         #
         # @return [String, nil]
         def api_service_key
-          root.api.service_key
+          api.service_key
         end
 
         # Typically, the following values would be accessed through Contrast::Components::AppContext
@@ -175,7 +217,7 @@ module Contrast
         #
         # @return [String, nil]
         def api_username
-          root.api.user_name
+          api.user_name
         end
 
         # Typically, the following values would be accessed through Contrast::Components::AppContext
@@ -184,7 +226,7 @@ module Contrast
         #
         # @return [String, nil]
         def bypass
-          root.agent.service.bypass
+          agent.service.bypass
         end
 
         # Typically, the following values would be accessed through Contrast::Components::AppContext
@@ -193,7 +235,7 @@ module Contrast
         #
         # @return [String, nil]
         def logger_path
-          root.agent.logger.path
+          agent.logger.path
         end
 
         # Assign the value from an ENV variable to the Contrast::Config::RootConfiguration object, when

data/lib/contrast/components/contrast_service.rb

@@ -29,7 +29,7 @@ module Contrast
 
           # Requirement says "must be true" but that
           # should be "must not be false" -- oops.
-          @_use_bundled_service ||= !false?(::Contrast::CONFIG.root.agent.start_bundled_service?) &&
+          @_use_bundled_service ||= !false?(::Contrast::CONFIG.agent.start_bundled_service?) &&
               # Either a valid host or a valid socket
               # Path validity is the service's problem
               (LOCALHOST.match?(host) || !!socket_path)
@@ -38,7 +38,7 @@ module Contrast
         def use_agent_communication?
           return @_use_agent_communication unless @_use_agent_communication.nil?
 
-          @_use_agent_communication = true?(::Contrast::CONFIG.root.agent.service.bypass)
+          @_use_agent_communication = true?(::Contrast::CONFIG.agent.service.bypass)
         end
 
         # If we're using the agent directly and not using protect, then there is no need to start the service. Because
@@ -52,16 +52,16 @@ module Contrast
 
         def host
           @_host ||=
-            (::Contrast::CONFIG.root.agent.service.host || Contrast::Config::ServiceConfiguration::DEFAULT_HOST).to_s
+            (::Contrast::CONFIG.agent.service.host || Contrast::Components::Service::Interface::DEFAULT_HOST).to_s
         end
 
         def port
           @_port ||=
-            (::Contrast::CONFIG.root.agent.service.port || Contrast::Config::ServiceConfiguration::DEFAULT_PORT).to_i
+            (::Contrast::CONFIG.agent.service.port || Contrast::Components::Service::Interface::DEFAULT_PORT).to_i
         end
 
         def socket_path
-          @_socket_path ||= ::Contrast::CONFIG.root.agent.service.socket
+          @_socket_path ||= ::Contrast::CONFIG.agent.service.socket
         end
 
         def use_tcp?
@@ -69,17 +69,17 @@ module Contrast
         end
 
         def logger_path
-          @_logger_path ||= ::Contrast::CONFIG.root.agent.service.logger.path || DEFAULT_SERVICE_LOG
+          @_logger_path ||= ::Contrast::CONFIG.agent.service.logger.path || DEFAULT_SERVICE_LOG
         end
 
         def logger_level
-          @_logger_level ||= ::Contrast::CONFIG.root.agent.service.logger.level || DEFAULT_SERVICE_LEVEL
+          @_logger_level ||= ::Contrast::CONFIG.agent.service.logger.level || DEFAULT_SERVICE_LEVEL
         end
 
         private
 
         def disabled?
-          @_disabled = false?(::Contrast::CONFIG.root.agent.start_bundled_service) if @_disabled.nil?
+          @_disabled = false?(::Contrast::CONFIG.agent.start_bundled_service) if @_disabled.nil?
           @_disabled
         end
       end

data/lib/contrast/components/heap_dump.rb

@@ -71,7 +71,7 @@ module Contrast
 
         def heap_dump_control
           @_heap_dump_control ||= begin
-            config = ::Contrast::CONFIG.root&.agent&.heap_dump
+            config = ::Contrast::CONFIG&.agent&.heap_dump
             {
                 enabled: true?(config&.enable),
                 path: File.absolute_path(config&.path),

data/lib/contrast/components/protect.rb

@@ -31,7 +31,7 @@ module Contrast
         end
 
         # Name is kept the same - rules to correspond to config,
-        # mapping. - root.protect.rules
+        # mapping. - protect.rules
         #
         # @return [Contrast::Config::ProtectRulesConfiguration]
         def rules
@@ -55,7 +55,7 @@ module Contrast
         end
 
         def rule_config
-          ::Contrast::CONFIG.root.protect.rules
+          ::Contrast::CONFIG.protect.rules
         end
 
         # Returns Protect array of all initialized
@@ -69,7 +69,7 @@ module Contrast
 
         def rule_mode rule_id
           str = rule_id.tr('-', '_')
-          ::Contrast::CONFIG.root.protect.rules[str]&.applicable_mode ||
+          ::Contrast::CONFIG.protect.rules[str]&.applicable_mode ||
               ::Contrast::SETTINGS.application_state.modes_by_id[rule_id] ||
               Contrast::Api::Settings::ProtectionRule::Mode::NO_ACTION
         end
@@ -98,7 +98,7 @@ module Contrast
         def forcibly_disabled?
           return @_forcibly_disabled unless @_forcibly_disabled.nil?
 
-          @_forcibly_disabled = false?(::Contrast::CONFIG.root.protect.enable)
+          @_forcibly_disabled = false?(::Contrast::CONFIG.protect.enable)
         end
 
         private
@@ -106,7 +106,7 @@ module Contrast
         def forcibly_enabled?
           return @_forcibly_enabled unless @_forcibly_enabled.nil?
 
-          @_forcibly_enabled ||= true?(::Contrast::CONFIG.root.protect.enable)
+          @_forcibly_enabled ||= true?(::Contrast::CONFIG.protect.enable)
         end
       end
     end