Adding a rule to restrict an image to build without adding a non-root user.

[sharmar0790]

This is a feature request to add a hadolint rule, so we can restrict building an image or throw the error while linting an image. This rule will basically check whether in the image user has configure the non-root user or not. As we know, when we build the image and not creating a non-root user then by default image will inherit the root user from base image which is not good from a security point of view. So we should add a rule to restrict the image building if user does not create a non-root user in the image.

https://docs.docker.com/develop/develop-images/instructions/#user

Expected behavior

Throw the error if user do not configure the non-root user in the Dockerfile.

Actual behavior

There is no such rule. If user is not creating a non-root user in Dockerfile, still hadolint pass the check.

Steps to reproduce the behavior

1. Create a Dockerfile

FROM maven:3.8.1-openjdk-17-slim as builder

WORKDIR /build
COPY . /build

RUN mvn dependency:go-offline package -DskipTests=true #remove -DskipTests=true to run the tests while building image

# Step : Package image
FROM openjdk:17-slim
COPY --from=builder /build/target/*.jar /app/app.jar
EXPOSE 9090
#CMD exec java $JAVA_OPTS -jar /app/app.jar
ENV JAVA_OPTS=""
ENTRYPOINT [ "sh", "-c", "java $JAVA_OPTS -jar /app/app.jar ${0} ${@}"

2. Run hadolint Dockerfile
3. It will pass the check even though there is no command to create a non-root user/group.