Fixed token leaks (#1364)

* Fixed token leaks

* generalized masking tokens

src/main/java/com/checkmarx/flow/custom/GitLabIssueTracker.java

@@ -333,6 +333,9 @@ private String getFileUrl(ScanRequest request, String filename) {
             return null;
         }
         String repoUrl = request.getRepoUrl().replace(".git", "/");
+        if ( !ScanUtils.empty(repoUrl) && repoUrl.contains("gitlab-ci-token") && repoUrl.contains("@")) {
+            repoUrl = repoUrl.substring(0, 8) + repoUrl.substring(repoUrl.indexOf('@') + 1);
+        }
         return (Optional.ofNullable(filename).isPresent())
                 ? String.format(String.format("%s/blob/%%s/%%s", repoUrl), request.getBranch(), filename)
                 : null;

src/main/resources/logback-spring.xml

@@ -57,8 +57,8 @@
                 <maskPattern>"access_token":"([^"]+)"</maskPattern>
                 <maskPattern>Authorization: Bearer (.+)</maskPattern>
 		<!-- Mask GitHub tokens -->
-		<maskPattern>https://([_a-zA-Z0-9]+)@github.com</maskPattern>
-		<maskPattern>Authorization: token ([_a-zA-Z0-9]+)$</maskPattern>
+                <maskPattern>https://([_a-zA-Z0-9:.\\-]+|)@.+</maskPattern>
+		        <maskPattern>Authorization: token ([_a-zA-Z0-9]+)$</maskPattern>
                 <pattern>${CONSOLE_LOG_PATTERN}</pattern>
             </layout>
         </encoder>
@@ -90,8 +90,8 @@
                 <maskPattern>"access_token":"([^"]+)"</maskPattern>
                 <maskPattern>Authorization: Bearer (.+)</maskPattern>
 		<!-- Mask GitHub tokens -->
-		<maskPattern>https://([_a-zA-Z0-9]+)@github.com</maskPattern>
-		<maskPattern>Authorization: token ([_a-zA-Z0-9]+)$</maskPattern>
+                <maskPattern>https://([_a-zA-Z0-9:.\\-]+|)@.+</maskPattern>
+                <maskPattern>Authorization: token ([_a-zA-Z0-9]+)$</maskPattern>
                 <pattern>${FILE_LOG_PATTERN}</pattern>
             </layout>
         </encoder>