fix: suppress bandit security warnings with appropriate nosec comments (#755)

- Added nosec B105 for ENV_TOKEN as it's an environment variable name, not a hardcoded secret
- Added nosec B110 for intentional exception swallowing in cleanup/error handling paths
- Both cases are legitimate uses where errors should be silently ignored to prevent cascading failures

Signed-off-by: Mihai Criveti <[email protected]>

Author: crivetimihai

mcpgateway/reverse_proxy.py

@@ -72,7 +72,7 @@
 
 # Environment variable names
 ENV_GATEWAY = "REVERSE_PROXY_GATEWAY"
-ENV_TOKEN = "REVERSE_PROXY_TOKEN"
+ENV_TOKEN = "REVERSE_PROXY_TOKEN"  # nosec B105 - environment variable name, not a secret
 ENV_RECONNECT_DELAY = "REVERSE_PROXY_RECONNECT_DELAY"
 ENV_MAX_RETRIES = "REVERSE_PROXY_MAX_RETRIES"
 ENV_LOG_LEVEL = "REVERSE_PROXY_LOG_LEVEL"
@@ -540,7 +540,7 @@ async def disconnect(self) -> None:
                 }
                 await self._send_to_gateway(json.dumps(unregister))
             except Exception:
-                pass
+                pass  # nosec B110 - Intentionally swallow errors during cleanup
 
         # Close connection
         if self.connection:

mcpgateway/services/logging_service.py

@@ -155,7 +155,7 @@ def emit(self, record):
             )
         except Exception:
             # Silently fail to avoid logging recursion
-            pass
+            pass  # nosec B110 - Intentional to prevent logging recursion
 
 
 class LoggingService: