From 37d941267e4cd0755315fe089c9f4d3fb9a11849 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Mon, 1 Jul 2024 21:28:11 +0300
Subject: [PATCH] ci: run the fuzz target on PRs (#4378)

* ci: run the fuzz target on PRs

using https://google.github.io/oss-fuzz/getting-started/continuous-integration/

It downloads the corpus OSS-Fuzz has accumulated so far (including the
test cases that triggered issues in the past) and runs the fuzz target
with it. It should help to catch most regressions when PRs are opened.

Prompted by https://github.com/secdev/scapy/pull/4373.

* dcerpc: turn print into log_runtime.warning

to make it possible to turn it off with logging.disable().

(it should help to make the fuzz target less chatty among other things
because it seems to be the only dissector (covered by the fuzz target)
printing messages like that directly)
---
 .github/workflows/cifuzz.yml | 39 ++++++++++++++++++++++++++++++++++++
 scapy/layers/dcerpc.py       |  2 +-
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/cifuzz.yml

diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
new file mode 100644
index 000000000..3e173be18
--- /dev/null
+++ b/.github/workflows/cifuzz.yml
@@ -0,0 +1,39 @@
+name: CIFuzz
+
+on:
+  pull_request:
+    branches: [master]
+
+permissions:
+  contents: read
+
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    if: github.repository == 'secdev/scapy'
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
+
+    steps:
+      - name: Build Fuzzers
+        id: build
+        uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+        with:
+          oss-fuzz-project-name: 'scapy'
+          language: python
+          dry-run: false
+          allowed-broken-targets-percentage: 0
+      - name: Run Fuzzers
+        uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+        with:
+          oss-fuzz-project-name: 'scapy'
+          language: python
+          dry-run: false
+          fuzz-seconds: 300
+      - name: Upload Crash
+        uses: actions/upload-artifact@v4
+        if: failure() && steps.build.outcome == 'success'
+        with:
+          name: artifacts
+          path: ./out/artifacts
diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py
index 58dcd1534..bd3b12c03 100644
--- a/scapy/layers/dcerpc.py
+++ b/scapy/layers/dcerpc.py
@@ -3000,7 +3000,7 @@ class DceRpc4Payload(Packet):
         for klass in cls._payload_class:
             if hasattr(klass, "can_handle") and klass.can_handle(_pkt, _underlayer):
                 return klass
-        print("DCE/RPC payload class not found or undefined (using Raw)")
+        log_runtime.warning("DCE/RPC payload class not found or undefined (using Raw)")
         return Raw
 
     @classmethod