Resolve import issue with pip 20+

[dcbroad3]

Description

pip changed internal folder structure in version 20, and the PipSession class is no longer available at pip._internal.download, resulting in the pip-inspector.py script failing on systems with pip 20+. The resulting error is:

Traceback (most recent call last):
  File ".\pip-inspector.py", line 36, in <module>
    from pip._internal.download import PipSession
ModuleNotFoundError: No module named 'pip._internal.download'

Solution

This PR updates the reference to PipSession to the new pip 20+ location, for systems where the pip version is 20+. For pip versions lower than 20, the old behavior remains the same.

Recommendations

This script should likely be refactored at some point to remove these internal references, per recommendations in this issue. An alternative to this PR is to declare an empty PipSession class for pip 20+:

class PipSession: {}

The above actually works as well, as parse_requirements does not appear to actually require a session to be defined, at least in pip 20+.

[JakeMathews]

Thanks for the contribution! We will look at getting this into Detect.

This script should likely be refactored at some point to remove these internal references, per recommendations in this issue.

Unfortunately the data we need access to is only accessible via internal APIs. Perhaps in Pip 20+ there are additional public APIs that we can now leverage. That will take some time to investigate.

[blackduck-copilot]

Black Duck Security Report

Branch master has no Black Duck results, and could not be compared to #107. Analyze branch master to get a change comparison.

Added Components

Clean: 1

Removed Components

High Risk: 6
Clean: 322

Click here to see full report