Describe the bug
When using both cxExcludeFolders and cxExcludeFiles for a SAST scan, it seems like the cxExcludeFiles values are interpreted as 'include these files only'

Expected behavior
When I enter *.isml,*.xml,*.json into the cxExcludeFiles input, I expect these files to be excluded from the zip.
But what happens is that only files with these extensions are added to the zip, the rest is ignored.

For example I have *.isml,*.xml,*.json in cxExcludeFiles and I have a directory full of .js, .xml, .isml, .json files, when I run the Github action I see:

[2021-01-22 07:10:14,307 INFO ] Zipping (2 MB): foo.isml
[2021-01-22 07:10:14,307 INFO ] Zipping (2 MB): foo2.isml
[2021-01-22 07:10:14,307 INFO ] Zipping (2 MB): bar.xml
[2021-01-22 07:10:14,308 INFO ] Zipping (2 MB): bar2.xml
[2021-01-22 07:10:14,308 INFO ] Zipping (2 MB): baz.json
[2021-01-22 07:10:14,308 INFO ] Zipping (2 MB): baz2.json

And 0 .js files.

When I enter package.json and package-lock.json to cxExcludeFiles, it will ignore every other file and say it has no files to zip:

[2021-01-22 07:42:09,478 INFO ] Zipping sources
[2021-01-22 07:42:09,479 INFO ] Zipping workspace: '/home/github/_work/the-project/the-project'
[2021-01-22 07:42:09,494 INFO ] No files to zip
[2021-01-22 07:42:09,495 ERROR] No files to zip

Checkmarx CLI Command Being Executed
Create CxSAST Scan, zipping sources

Link to Github Action Build Failing
not public

Additional context