From bc618ba0f18a5b23deb219bf091cd74b596604dc Mon Sep 17 00:00:00 2001
From: Michael Born <michael@ortussolutions.com>
Date: Wed, 9 Dec 2020 09:59:28 -0500
Subject: [PATCH] Fix: Ensure non-configured rules default to empty array

If a developer declines to set a value for
`moduleSettings.cbSecurity.rules`, they get an error:

```
Element SETTINGS.RULES is undefined in ARGUMENTS.
```

IMHO, this is a failure on Coldbox's part to properly merge the
dev-defined coldbox `moduleSettings.cbSecurity` struct with cbSecurity's
own `settings` struct. Regardless, I'd expect the `rules` array to
default to an empty array _[as documented](https://coldbox-security.ortusbooks.com/getting-started/first-chapter)_.
---
 models/util/RulesLoader.cfc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/models/util/RulesLoader.cfc b/models/util/RulesLoader.cfc
index 6bfffc6..73ecdb9 100644
--- a/models/util/RulesLoader.cfc
+++ b/models/util/RulesLoader.cfc
@@ -63,6 +63,7 @@ component accessors="true" singleton {
 	 */
 	function rulesSourceChecks( required settings ){
 		param arguments.settings.rulesSource = "";
+		param arguments.settings.rules = [];
 
 		// Auto detect rules source
 		if ( isSimpleValue( arguments.settings.rules ) ) {