How to scan and sanitize STL files?
Is there any tools to scan and/or sanitize .stl
files?
I maintain a security-critical GitHub repo. A contributor recently created a PR that includes changes to .md
, .scad
, and .stl
files.
The changes to the markdown and OpenSCAD files can be trivially diff
ed and verified by eye.
The changes to the .stl
file are not trivial to diff. A small, trivial change resulted in a >100,000 line diff
output.
The concern is not unfounded: there has been at least one historically-known vulnerability where a maliciously-crafted .stl
file could be used to trigger a heap buffer overflow. This was identified as a HIGH severity (8.8/10) bug by NIST in CVE-2022-38072
I'm wondering if there's any tools specifically designed to scan and/or safely sanitize STL files -- something like qvm-convert or Dangerzone for maliciously-crafted .pdf
files.
Is there any way to scan or sanitize .stl
files?