lib/contrast/agent/protect/rule/cmd_injection.rb in contrast-agent-6.8.0 vs lib/contrast/agent/protect/rule/cmd_injection.rb in contrast-agent-6.9.0

@@ -19,27 +19,28 @@
         # The Ruby implementation of the Protect Command Injection rule.
         class CmdInjection < Contrast::Agent::Protect::Rule::CmdiBaseRule
           include Contrast::Components::Logger::InstanceMethods
           include Contrast::Agent::Reporting::InputType
           NAME = 'cmd-injection'
-
           APPLICABLE_USER_INPUTS = [
             BODY, COOKIE_VALUE, HEADER, PARAMETER_NAME,
             PARAMETER_VALUE, JSON_VALUE, MULTIPART_VALUE,
             MULTIPART_FIELD_NAME, XML_VALUE, DWR_VALUE
           ].cs__freeze
-          SUB_RULES = [
-            Contrast::Agent::Protect::Rule::CmdiBackdoors.new,
-            Contrast::Agent::Protect::Rule::CmdiChainedCommand.new,
-            Contrast::Agent::Protect::Rule::CmdiDangerousPath.new
-          ].cs__freeze
 
           def rule_name
             NAME
           end
 
+          # Array of sub_rules:
+          #
+          # @return [Array]
           def sub_rules
-            SUB_RULES
+            @_sub_rules ||= [
+              Contrast::Agent::Protect::Rule::CmdiBackdoors.new,
+              Contrast::Agent::Protect::Rule::CmdiChainedCommand.new,
+              Contrast::Agent::Protect::Rule::CmdiDangerousPath.new
+            ].cs__freeze
           end
 
           def applicable_user_inputs
             APPLICABLE_USER_INPUTS
           end