bug(scan): docs.kics.io/latest/queries/cicd-queries/... 404 File not found

[vorburger]

https://github.com/www-learn-study/saraswati.learn.study/actions/runs/6713569038/job/18245340655

which uses Kics via https://github.com/oxsecurity/megalinter,

failed like this:

❌ Linted [REPOSITORY] files with [kics]: Found 1 error(s) - (40.1s) (expand for details)
  - Using [kics v1.7.10] https://megalinter.io/7.5.0/descriptors/repository_kics
  - MegaLinter key: [REPOSITORY_KICS]
  - Rules config: identified by [kics]
  --Error detail:
  
                     .0MO.                                    
                     OMMMx                                    
                     ;NMX;                                    
                      ...           ...              ....     
  WMMMd     cWMMM0.  KMMMO      ;xKWMMMMNOc.     ,xXMMMMMWXkc.
  WMMMd   .0MMMN:    KMMMO    :XMMMMMMMMMMMWl   xMMMMMWMMMMMMl
  WMMMd  lWMMMO.     KMMMO   xMMMMKc...'lXMk   ,MMMMx   .;dXx 
  WMMMd.0MMMX;       KMMMO  cMMMMd        '    'MMMMNl'       
  WMMMNWMMMMl        KMMMO  0MMMN               oMMMMMMMXkl.  
  WMMMMMMMMMMo       KMMMO  0MMMX                .ckKWMMMMMM0.
  WMMMMWokMMMMk      KMMMO  oMMMMc              .     .:OMMMM0
  WMMMK.  dMMMM0.    KMMMO   KMMMMx'    ,kNc   :WOc.    .NMMMX
  WMMMd    cWMMMX.   KMMMO    kMMMMMWXNMMMMMd .WMMMMWKO0NMMMMl
  WMMMd     ,NMMMN,  KMMMO     'xNMMMMMMMNx,   .l0WMMMMMMMWk, 
  xkkk:      ,kkkkx  okkkl        ;xKXKx;          ;dOKKkc    
  
  
  Scanning with Keeping Infrastructure as Code Secure v1.7.10
  
  
  
  Files scanned: 9
  Parsed files: 9
  Queries loaded: 296
  Queries failed to execute: 0
  
  ------------------------------------
  
  Unpinned Actions Full Length Commit SHA, Severity: MEDIUM, Results: 1
  Description: Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
  Platform: CICD
  Learn more about this vulnerability: https://docs.kics.io/latest/queries/cicd-queries/555ab8f9-2001-455e-a077-f2d0f41e2fb9
  
  	[1]: .github/workflows/mega-linter.yaml:75
  
  		074: 
  		075:         uses: oxsecurity/megalinter/flavors/[email protected]
  		076: 
  
  
  
  Results Summary:
  HIGH: 0
  MEDIUM: 1
  LOW: 0
  INFO: 0
  TOTAL: 1
  
  Scan duration: 39.132893576s

However https://docs.kics.io/latest/queries/cicd-queries/555ab8f9-2001-455e-a077-f2d0f41e2fb9 is 404 File not found.

Not a huge blocking issue, of course; but just wanted to let you know, in case you want to fix this.

[vorburger]

Please, follow the guideline for an issue title:

This bot comment could be more helpful if it had a link to the available scopes.

[kaplanlior]

Thanks for reporting this issue. The working URL is https://docs.kics.io/latest/queries/cicd-queries/common/555ab8f9-2001-455e-a077-f2d0f41e2fb9/

The problem seems to be a mix in the definition of cloudProvider for this query which is "common" and the path which is github (and no common)

$ git grep -l 555ab8f9
assets/queries/cicd/github/unpinned_actions_full_length_commit_sha/metadata.json
docs/queries/all-queries.md
docs/queries/cicd-queries.md
docs/queries/cicd-queries/common/555ab8f9-2001-455e-a077-f2d0f41e2fb9.md