SONARIAC-1856 Modify S7019: add EXEC alternatives and exceptions (#4597)

* SONARIAC-1856 Update S7019 content

* Remove script example

* Fix id

* Update rules/S7019/docker/rule.adoc

Co-authored-by: Jonas Wielage <jonas.wielage@sonarsource.com>

* Address review comment

---------

Co-authored-by: Jonas Wielage <jonas.wielage@sonarsource.com>

rules/S7019/docker/rule.adoc

@@ -10,6 +10,17 @@ This can cause problems when trying to gracefully stop containers because the ma
 Moreover, the exec form provides more control and predictability over the execution of the command.
 It does not invoke a command shell, which means it does not have the potential side effects of shell processing.
 
+
+=== Exceptions
+
+The exec form does not allow shell features such as variable expansion, piping (`|`) and command chaining (`&&`, `||`, `;`).
+In case you need to use these features, there are a few alternatives:
+* Creation of a wrapper script
+* Explicitly specify the shell to use with the `SHELL` instruction before `CMD` or `ENTRYPOINT`
+
+
+This rule will not raise an issue if the `SHELL` instruction is used before the `CMD` or `ENTRYPOINT` instruction, as we consider this a conscious decision.
+
 == How to fix it
 
 === Code examples
@@ -22,6 +33,14 @@ FROM scratch
 ENTRYPOINT echo "Welcome!"
 ----
 
+[source,docker,diff-id=2,diff-type=noncompliant]
+----
+FROM scratch
+ENTRYPOINT echo "Long script with chaining commands" \
+  && echo "Welcome!" \
+  && echo "Goodbye"
+----
+
 ==== Compliant solution
 
 [source,docker,diff-id=1,diff-type=compliant]
@@ -30,6 +49,21 @@ FROM scratch
 ENTRYPOINT ["echo", "Welcome!"]
 ----
 
+[source,docker,diff-id=2,diff-type=compliant]
+----
+FROM scratch
+SHELL ["/bin/bash", "-c"]
+ENTRYPOINT echo "Long script with chaining commands" \
+  && echo "Welcome!" \
+  && echo "Goodbye"
+----
+
+[source,docker,diff-id=2,diff-type=compliant]
+----
+FROM scratch
+ENTRYPOINT ["/entrypoint.sh"]
+----
+
 == Resources
 === Documentation