Offensive Security
Pwning your test engineers and their test cases with PIP dependency confusion
TLDR: Look for “ — extra-index-url” in your repositories. If you find any internal PIP dependencies installed with that parameter that are not already on PyPI, you’re probably vulnerable to high risk dependency confusion. I highly recommend looking for PIP dependency confusion vulnerabilities, especially in internal test systems. These test systems