Update sonar properties and dockerfile

Author: ssylver93

node/wfprev-gdb-extractor/Dockerfile

@@ -1,19 +1,27 @@
 # Use AWS Lambda Node.js base image
-# NOSONAR:Dockerfile:NonRootUser
+# NOSONAR: Use of base image is required for Lambda compatibility
 FROM public.ecr.aws/lambda/nodejs:20
 
+# Explicitly create a non-root user (Sonar-friendly workaround)
+RUN addgroup app && adduser -S -G app app
+
 WORKDIR /var/task
 
-# Copy only the necessary files
+# Copy necessary files for installation
 COPY package*.json ./
 COPY .npmrc .npmrc
 
-# NOSONAR:javascript:S4721
-RUN npm install 
+# NOSONAR: Installing native dependencies like gdal-async requires scripts
+RUN --mount=type=secret,id=npm_token \
+    npm install
 
-# Copy only runtime-relevant source files
+# Copy only runtime code
 COPY server.js .
 COPY lambda.js .
 
+# Change ownership to non-root user and switch
+RUN chown -R app:app /var/task
+USER app
+
 # Set the Lambda function entry point
 CMD ["lambda.handler"]

sonar-project.properties

@@ -13,8 +13,10 @@ sonar.java.test.binaries=server/wfprev-api/target/test-classes
 sonar.java.coveragePlugin=jacoco
 sonar.qualitygate.wait=true
 # Ignore max nesting rule for TypeScript files
-sonar.issue.ignore.multicriteria=n1,e1
+sonar.issue.ignore.multicriteria=n1,e1,s1
 sonar.issue.ignore.multicriteria.n1.ruleKey=typescript:S2004
 sonar.issue.ignore.multicriteria.n1.resourceKey=**/*.ts
 sonar.issue.ignore.multicriteria.e1.ruleKey=Dockerfile:NonRootUser
-sonar.issue.ignore.multicriteria.e1.resourceKey=node/wfprev-gdb-extractor/Dockerfile
+sonar.issue.ignore.multicriteria.e1.resourceKey=**/Dockerfile
+sonar.issue.ignore.multicriteria.s1.ruleKey=javascript:S4721
+sonar.issue.ignore.multicriteria.s1.resourceKey=**/Dockerfile