fix: quote container/image names in SSH shell commands to prevent injection

[Copilot]

Container and image names were interpolated directly into SSH shell command strings without quoting. Since names can originate from remote docker ps output, a maliciously named container (e.g. ; rm -rf / or $(curl evil.sh)) would execute arbitrary commands as the SSH user.

Changes

• Wrap all user-derived container/image name interpolations in shlex.quote() across coordinator.py:
  • docker inspect, docker pull, docker image inspect — in _async_fetch_data
  • docker logs — in get_logs
  • docker restart — in restart
  • docker stop — in stop
  • docker stop … rm — in remove
  • docker_create <name> — in both create and _auto_recreate

execute_command already used shlex.quote() and was not changed.

# Before
f"{docker_cmd} restart {name}"
f"{docker_cmd} stop {name}; {docker_cmd} rm {name}"

# After
f"{docker_cmd} restart {shlex.quote(name)}"
f"{docker_cmd} stop {shlex.quote(name)}; {docker_cmd} rm {shlex.quote(name)}"

[Copilot]

Pull request overview

This PR hardens SSH-executed Docker shell commands against command injection by shell-quoting container and image identifiers that can originate from remote docker output.

Changes:

• Quote container names used in docker inspect, docker logs, docker restart, docker stop, and docker stop; docker rm command strings.
• Quote image names used in docker pull and docker image inspect command strings.
• Quote container names passed to docker_create in both create and _auto_recreate.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.