Reject CONTAINER_WORKSPACE values containing a colon

A colon in the workspace path breaks Docker's volume mount syntax
(host:container[:options]), silently changing mount behaviour.
Raise RuntimeError early in _start_container() if the colon is present.
Adds a corresponding test.

Author: anticomputer

src/seclab_taskflows/mcp_servers/container_shell.py

@@ -27,6 +27,8 @@
 
 def _start_container() -> str:
     """Start the Docker container and return its name."""
+    if CONTAINER_WORKSPACE and ":" in CONTAINER_WORKSPACE:
+        raise RuntimeError(f"CONTAINER_WORKSPACE must not contain a colon: {CONTAINER_WORKSPACE!r}")
     name = f"seclab-shell-{uuid.uuid4().hex[:8]}"
     cmd = ["docker", "run", "-d", "--rm", "--name", name]
     if CONTAINER_WORKSPACE:

tests/test_container_shell.py

@@ -70,6 +70,14 @@ def test_start_container_failure(self):
             with pytest.raises(RuntimeError, match="docker run failed"):
                 cs_mod._start_container()
 
+    def test_start_container_rejects_colon_in_workspace(self):
+        with (
+            patch.object(cs_mod, "CONTAINER_IMAGE", "test-image:latest"),
+            patch.object(cs_mod, "CONTAINER_WORKSPACE", "/host/path:ro"),
+        ):
+            with pytest.raises(RuntimeError, match="CONTAINER_WORKSPACE must not contain a colon"):
+                cs_mod._start_container()
+
 
 # ---------------------------------------------------------------------------
 # shell_exec tests