From d3a6b6a6fd6f28687c123a4650c32e76d3cd344c Mon Sep 17 00:00:00 2001
From: Marios Levogiannis <mlevogiannis@noc.grnet.gr>
Date: Mon, 16 Jan 2023 18:13:44 +0200
Subject: [PATCH] Fix tags not being populated in audit log when multiMatch is
 enabled

Fixes #2754.
---
 src/rule_with_actions.cc                 | 3 +++
 test/test-cases/regression/auditlog.json | 8 ++++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/rule_with_actions.cc b/src/rule_with_actions.cc
index 39c1c1c8cf..3bd7d7c83a 100644
--- a/src/rule_with_actions.cc
+++ b/src/rule_with_actions.cc
@@ -229,6 +229,9 @@ void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction *
         if (m_msg) {
             m_msg->evaluate(this, trans, ruleMessage);
         }
+        for (actions::Tag *a : m_actionsTag) {
+            a->evaluate(this, trans, ruleMessage);
+        }
     }
 
 }
diff --git a/test/test-cases/regression/auditlog.json b/test/test-cases/regression/auditlog.json
index 715a4767d3..dd0de8159c 100644
--- a/test/test-cases/regression/auditlog.json
+++ b/test/test-cases/regression/auditlog.json
@@ -253,14 +253,14 @@
       "body": ""
     },
     "expected": {
-      "audit_log": "\\[msg \"testmsg\"\\]",
+      "audit_log": "\\[msg \"testmsg\"\\] \\[data \"testdata\"\\] \\[severity \"7\"\\] \\[ver \"\"\\] \\[maturity \"0\"\\] \\[accuracy \"0\"\\] \\[tag \"testtag1\"\\] \\[tag \"testtag2\"\\]",
       "error_log": "",
       "http_code": 403
     },
     "rules": [
       "SecRuleEngine On",
       "SecDefaultAction \"phase:1,nolog,auditlog,deny,status:403\"",
-      "SecRule ARGS \"@contains test2\" \"id:1557,phase:1,multiMatch,block,log,t:none,t:urlDecode,t:lowercase,msg:'testmsg'\"",
+      "SecRule ARGS \"@contains test2\" \"id:1557,phase:1,multiMatch,block,log,t:none,t:urlDecode,t:lowercase,msg:'testmsg',logdata:'testdata',severity:'DEBUG',tag:'testtag1',tag:'testtag2'\"",
       "SecAuditEngine RelevantOnly",
       "SecAuditLogParts ABCFHZ",
       "SecAuditLog /tmp/test/modsec_audit_multimatch_1.log",
@@ -302,14 +302,14 @@
       "body": ""
     },
     "expected": {
-      "audit_log": "\\[msg \"tstmsg\"\\]",
+      "audit_log": "\\[msg \"testmsg\"\\] \\[data \"testdata\"\\] \\[severity \"7\"\\] \\[ver \"\"\\] \\[maturity \"0\"\\] \\[accuracy \"0\"\\] \\[tag \"testtag1\"\\] \\[tag \"testtag2\"\\]",
       "error_log": "",
       "http_code": 403
     },
     "rules": [
       "SecRuleEngine On",
       "SecDefaultAction \"phase:1,nolog,auditlog,deny,status:403\"",
-      "SecRule ARGS \"@streq tEst2\" \"id:1558,phase:1,multiMatch,block,log,t:none,t:trim,t:lowercase,msg:'tstmsg'\"",
+      "SecRule ARGS \"@streq tEst2\" \"id:1558,phase:1,multiMatch,block,log,t:none,t:trim,t:lowercase,msg:'testmsg',logdata:'testdata',severity:'DEBUG',tag:'testtag1',tag:'testtag2'\"",
       "SecAuditEngine RelevantOnly",
       "SecAuditLogParts ABCFHZ",
       "SecAuditLog /tmp/test/modsec_audit_multimatch_2.log",