[CHORE]: Fix regex empty match and clean up docstring examples (S5842, S6739)

## Problem

SonarQube flagged issues that should be cleaned up to improve code quality.

---

## 1. Regex Matches Empty String (S5842)

**File:** `plugins/secrets_detection/secrets_detection.py:40`

**Rule S5842:** "Repeated patterns in regular expressions should not match the empty string"

### Current Code

```python
"aws_secret_access_key": re.compile(r"(?i)aws(.{0,20})?(secret|access)(.{0,20})?=\s*([A-Za-z0-9/+=]{40})"),
```

### Problem

The pattern `(.{0,20})?` triggers S5842:

| Component | Meaning | Issue |
|-----------|---------|-------|
| `.{0,20}` | Match 0 to 20 chars | Can match empty (0 chars) |
| `?` | Make the group optional | Quantifier on empty-matching group |
| Combined | `?` applied to group that already matches empty | **Redundant - triggers S5842** |

The `?` quantifier is meaningless when applied to `(.{0,20})` because `.{0,20}` already handles the "nothing" case (matches 0 characters).

### Fix

```python
# Before
"aws_secret_access_key": re.compile(r"(?i)aws(.{0,20})?(secret|access)(.{0,20})?=\s*([A-Za-z0-9/+=]{40})"),

# After - remove redundant ? and use non-capturing groups
"aws_secret_access_key": re.compile(r"(?i)aws.{0,20}(?:secret|access).{0,20}=\s*([A-Za-z0-9/+=]{40})"),
```

This change is semantically equivalent - it matches the same strings but eliminates the redundant quantifier.

---

## 2. Docstring Example Passwords (S6739)

**File:** `mcpgateway/version.py`
**Lines:** 34, 36, 263, 267, 271, 275

Doctest examples contain `secret`, `pass`, `secret123`, `password` which trigger SonarQube's secrets scanner.

### Affected Locations

**Module-level docstring (lines 34, 36):**
```python
>>> _sanitize_url("redis://user:pass@localhost:6379/0")
>>> _sanitize_url("postgresql://admin:secret@db.example.com/mydb")
```

**Function docstring (lines 263, 267, 271, 275):**
```python
>>> _sanitize_url("postgresql://user:password@localhost:5432/db")
>>> _sanitize_url("redis://admin:secret123@redis.example.com:6379/0")
>>> _sanitize_url("redis://:password@localhost:6379")
>>> _sanitize_url("mysql://root:pass@db.local:3306/mydb?charset=utf8")
```

### Fix

Replace with obvious placeholder `xxxxx` that won't trigger secret scanners.

---

## Verification

```bash
# Run doctests
python -m doctest mcpgateway/version.py -v

# Run plugin tests (note: tests in tests/unit/plugins/)
pytest tests/unit/plugins/test_secrets_detection.py -v

# Re-run SonarQube
make sonar-submit-podman
```

## References

- [SonarQube Rule S5842 (Python)](https://rules.sonarsource.com/python/RSPEC-5842/) - Repeated patterns should not match empty string
- [SonarQube Rule S6739](https://rules.sonarsource.com/python/RSPEC-6739/) - Hardcoded secrets in code

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[CHORE]: Fix regex empty match and clean up docstring examples (S5842, S6739) #2166

Problem

1. Regex Matches Empty String (S5842)

Current Code

Problem

Fix

2. Docstring Example Passwords (S6739)

Affected Locations

Fix

Verification

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Component	Meaning	Issue
`.{0,20}`	Match 0 to 20 chars	Can match empty (0 chars)
`?`	Make the group optional	Quantifier on empty-matching group
Combined	`?` applied to group that already matches empty	Redundant - triggers S5842

[CHORE]: Fix regex empty match and clean up docstring examples (S5842, S6739) #2166

Description

Problem

1. Regex Matches Empty String (S5842)

Current Code

Problem

Fix

2. Docstring Example Passwords (S6739)

Affected Locations

Fix

Verification

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions