Scan of Android network_security_config fails with multiple domain-configs

[olaf-a]

If the network_security_config file contains multiple domain-config blocks, the scan fails in the function clear_text_traffic_permitted

network_security_config.xml:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="false"/>

    <domain-config cleartextTrafficPermitted="false">
        <domain includeSubdomains="true">domainA</domain>
    </domain-config>

    <domain-config cleartextTrafficPermitted="false">
        <domain includeSubdomains="true">domainB</domain>
    </domain-config>

The scan fails with exception:

 * Error: 'list' object has no attribute 'get'  Traceback (most recent call last):
  File "mobsfenv/lib/python3.12/site-packages/mobsfscan/mobsfscan.py", line 110, in scan
    result['xml_checks'] = manifest.scan_manifest(
                           ^^^^^^^^^^^^^^^^^^^^^^^
  File "mobsfenv/lib/python3.12/site-packages/mobsfscan/manifest.py", line 77, in scan_manifest
    findings = do_checks(
               ^^^^^^^^^^
  File "mobsfenv/lib/python3.12/site-packages/mobsfscan/manifest.py", line 149, in do_checks
    nsc.network_security_checks(p)
  File "mobsfenv/lib/python3.12/site-packages/mobsfscan/manifest.py", line 284, in network_security_checks
    self.clear_text_traffic_permitted(domain_conf, typ)
  File "mobsfenv/lib/python3.12/site-packages/mobsfscan/manifest.py", line 228, in clear_text_traffic_permitted
    ctt = conf.get('@cleartextTrafficPermitted')

[olaf-a]

Link to documentation: https://developer.android.com/privacy-and-security/security-config#network-security-config

[ajinabraham]

Can you share a valid sample network config file that replicates this issue?

[olaf-a]

The shared config is valid according to the linked documentation. A real config might have some extra stuff, but this is a minimal valid config that breaks the scanning.