ci: run the fuzz target on PRs (#4378)

* ci: run the fuzz target on PRs using https://google.github.io/oss-fuzz/getting-started/continuous-integration/ It downloads the corpus OSS-Fuzz has accumulated so far (including the test cases that triggered issues in the past) and runs the fuzz target with it. It should help to catch most regressions when PRs are opened. Prompted by #4373. * dcerpc: turn print into log_runtime.warning to make it possible to turn it off with logging.disable(). (it should help to make the fuzz target less chatty among other things because it seems to be the only dissector (covered by the fuzz target) printing messages like that directly)
secdev · Jul 1, 2024 · 37d9412 · 37d9412
1 parent 8ed8647
commit 37d9412
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 1 deletion.
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
@@ -0,0 +1,39 @@
+name: CIFuzz
+
+on:
+  pull_request:
+    branches: [master]
+
+permissions:
+  contents: read
+
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    if: github.repository == 'secdev/scapy'
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
+
+    steps:
+      - name: Build Fuzzers
+        id: build
+        uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+        with:
+          oss-fuzz-project-name: 'scapy'
+          language: python
+          dry-run: false
+          allowed-broken-targets-percentage: 0
+      - name: Run Fuzzers
+        uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+        with:
+          oss-fuzz-project-name: 'scapy'
+          language: python
+          dry-run: false
+          fuzz-seconds: 300
+      - name: Upload Crash
+        uses: actions/upload-artifact@v4
+        if: failure() && steps.build.outcome == 'success'
+        with:
+          name: artifacts
+          path: ./out/artifacts
diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py
@@ -3000,7 +3000,7 @@ def dispatch_hook(cls, _pkt, _underlayer=None, *args, **kargs):
         for klass in cls._payload_class:
             if hasattr(klass, "can_handle") and klass.can_handle(_pkt, _underlayer):
                 return klass
-        print("DCE/RPC payload class not found or undefined (using Raw)")
+        log_runtime.warning("DCE/RPC payload class not found or undefined (using Raw)")
         return Raw
 
     @classmethod