How to scan and sanitize STL files?
Is there any tools to scan and/or sanitize .stl files?
I maintain a security-critical GitHub repo. A contributor recently created a PR that includes changes to .md, .scad, and .stl files.
The changes to the markdown and OpenSCAD files can be trivially diffed and verified by eye.
The changes to the .stl file are not trivial to diff. A small, trivial change resulted in a >100,000 line diff output.
The concern is not unfounded: there has been at least one historically-known vulnerability where a maliciously-crafted .stl file could be used to trigger a heap buffer overflow. This was identified as a HIGH severity (8.8/10) bug by NIST in CVE-2022-38072
I'm wondering if there's any tools specifically designed to scan and/or safely sanitize STL files -- something like qvm-convert or Dangerzone for maliciously-crafted .pdf files.
Is there any way to scan or sanitize .stl files?
