From 86e0e12ebbc8086a32a471187322ec9a86d7f4c1 Mon Sep 17 00:00:00 2001
From: mikeplotean <mike@walt.id>
Date: Tue, 14 Jan 2025 16:12:04 +0200
Subject: [PATCH] fix: ensure revocation policy decoded bitValue always
 consists of valid binary characters (0,1)

---
 .../id/walt/policies/policies/RevocationPolicy.jvm.kt | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/waltid-libraries/credentials/waltid-verification-policies/src/jvmMain/kotlin/id/walt/policies/policies/RevocationPolicy.jvm.kt b/waltid-libraries/credentials/waltid-verification-policies/src/jvmMain/kotlin/id/walt/policies/policies/RevocationPolicy.jvm.kt
index b3b8964a7..8e59be453 100644
--- a/waltid-libraries/credentials/waltid-verification-policies/src/jvmMain/kotlin/id/walt/policies/policies/RevocationPolicy.jvm.kt
+++ b/waltid-libraries/credentials/waltid-verification-policies/src/jvmMain/kotlin/id/walt/policies/policies/RevocationPolicy.jvm.kt
@@ -47,7 +47,10 @@ actual class RevocationPolicy : RevocationPolicyMp() {
             val credentialSubject = payload["vc"]!!.jsonObject["credentialSubject"]?.jsonObject!!
             val encodedList = credentialSubject["encodedList"]?.jsonPrimitive?.content ?: ""
             val bitValue = get(encodedList, statusListIndex)
-            if (StreamUtils.binToInt(bitValue!!.joinToString("")) == 0) {
+            // ensure bitValue always consists of valid binary characters (0,1)
+            require(!bitValue.isNullOrEmpty()) { "Null or empty bit value" }
+            require(isBinaryValue(bitValue)) { "Invalid bit value" }
+            if (StreamUtils.binToInt(bitValue.joinToString("")) == 0) {
                 Result.success(statusListCredentialUrl!!)
             } else {
                 Result.failure(Throwable("Credential has been revoked"))
@@ -91,4 +94,8 @@ object StreamUtils {
 }
 
 fun get(bitstring: String, idx: ULong? = null, bitSize: Int = 1) =
-    idx?.let { StreamUtils.getBitValue(GZIPInputStream(Base64Utils.decode(bitstring).inputStream()), it, bitSize) }
\ No newline at end of file
+    idx?.let { StreamUtils.getBitValue(GZIPInputStream(Base64Utils.decode(bitstring).inputStream()), it, bitSize) }
+
+fun isBinaryValue(value: List<Char>) = setOf('0', '1').let { valid ->
+    value.all { it in valid }
+}
\ No newline at end of file