From cedfa05e93f9ad9649b514e5a8b9127fe1d44f85 Mon Sep 17 00:00:00 2001
From: witchcraze <67056980+witchcraze@users.noreply.github.com>
Date: Mon, 28 Aug 2023 21:28:01 +0900
Subject: [PATCH] fix: CPE generation for django (#2068)

Signed-off-by: witchcraze <witchcraze@gmail.com>
---
 .../pkg/cataloger/common/cpe/candidate_by_package_type.go | 5 +++++
 syft/pkg/cataloger/common/cpe/generate_test.go            | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
index bc62d3909..bc1e5fc62 100644
--- a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
+++ b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
@@ -183,6 +183,11 @@ var defaultCandidateAdditions = buildCandidateLookup(
 			candidateKey{PkgName: "pip"},
 			candidateAddition{AdditionalVendors: []string{"pypa"}},
 		},
+		{
+			pkg.PythonPkg,
+			candidateKey{PkgName: "Django"},
+			candidateAddition{AdditionalVendors: []string{"djangoproject"}},
+		},
 		// Alpine packages
 		{
 			pkg.ApkPkg,
diff --git a/syft/pkg/cataloger/common/cpe/generate_test.go b/syft/pkg/cataloger/common/cpe/generate_test.go
index 939c2d3eb..2e6b131d7 100644
--- a/syft/pkg/cataloger/common/cpe/generate_test.go
+++ b/syft/pkg/cataloger/common/cpe/generate_test.go
@@ -896,6 +896,14 @@ func TestCandidateVendor(t *testing.T) {
 			},
 			expected: []string{"apache"},
 		},
+		{
+			name: "Django",
+			p: pkg.Package{
+				Name: "Django",
+				Type: pkg.PythonPkg,
+			},
+			expected: []string{"djangoproject" /* <-- known good names | default guess --> */, "Django"},
+		},
 	}
 
 	for _, test := range tests {