language: dockerfile
name: avoid_sudo
message: "Avoid using 'sudo' in RUN commands as Docker executes commands as root by default"
category: antipattern
severity: warning

pattern: |
 (run_instruction
  (shell_command
    (shell_fragment) @sudo
         (#match? @sudo "^(sudo)")
  )
 ) @avoid_sudo

description: |
  Using 'sudo' in 'RUN' commands within Dockerfiles is unnecessary as containers
  run commands as the root user by default. Consider using a non-root user, without sudo,
  as it reduces the risk of damage if the application is compromised.