From d1b585e613e222775fd0283ceeaf3cb8d2c3f173 Mon Sep 17 00:00:00 2001
From: Larry Golding <lgolding@comcast.net>
Date: Fri, 3 Jul 2020 14:23:15 -0700
Subject: [PATCH] Provide messages for SARIF2004.OptimizeFileSize.

---
 docs/Producing effective SARIF.md             |  10 +++++
 docs/Rule factoring.xlsx                      | Bin 13515 -> 13522 bytes
 .../Rules/RuleResources.Designer.cs           |   8 ++--
 src/Sarif.Multitool/Rules/RuleResources.resx  |  10 +++--
 .../Rules/SARIF2004.OptimizeFileSize.cs       |  37 ++++++++++++++++--
 .../SARIF2004.OptimizeFileSize_Invalid.sarif  |   8 ++--
 6 files changed, 60 insertions(+), 13 deletions(-)

diff --git a/docs/Producing effective SARIF.md b/docs/Producing effective SARIF.md
index d87cf095a..7cc2662df 100644
--- a/docs/Producing effective SARIF.md	
+++ b/docs/Producing effective SARIF.md	
@@ -385,12 +385,22 @@ This run does not provide 'versionControlProvenance'. As a result, it is not pos
 
 #### Description
 
+Emit arrays only if they provide additional information.
+
+In several parts of a SARIF log file, a subset of information about an object appears in one place, and the full information describing all such objects appears in an array elsewhere in the log file. For example, each 'result' object has a 'ruleId' property that identifies the rule that was violated. Elsewhere in the log file, the array 'run.tool.driver.rules' contains additional information about the rules. But if the elements of the 'rules' array contained no information about the rules beyond their ids, then there might be no reason to include the 'rules' array at all, and the log file could be made smaller simply by omitting it. In some scenarios (for example, when assessing compliance with policy), the 'rules' array might be used to record the full set of rules that were evaluated. In such a scenario, the 'rules' array should be retained even if it contains only id information.
+
+Similarly, most 'result' objects contain at least one 'artifactLocation' object. Elsewhere in the log file, the array 'run.artifacts' contains additional information about the artifacts that were analyzed. But if the elements of the 'artifacts' array contained not information about the artifacts beyond their locations, then there might be no reason to include the 'artifacts' array at all, and again the log file could be made smaller by omitting it. In some scenarios (for example, when assessing compliance with policy), the 'artifacts' array might be used to record the full set of artifacts that were analyzed. In such a scenario, the 'artifacts' array should be retained even if it contains only location information.
+
 #### Messages
 
 ##### `EliminateLocationOnlyArtifacts`: warning
 
+{0): The 'artifacts' array contains no information beyond the locations of the artifacts. Removing this array might reduce the log file size without losing information. In some scenarios (for example, when assessing compliance with policy), the 'artifacts' array might be used to record the full set of artifacts that were analyzed. In such a scenario, the 'artifacts' array should be retained even if it contains only location information.
+
 ##### `EliminateIdOnlyRules`: warning
 
+{0}: The 'rules' array contains no information beyond the ids of the rules. Removing this array might reduce the log file size without losing information. In some scenarios (for example, when assessing compliance with policy), the 'rules' array might be used to record the full set of rules that were evaluated. In such a scenario, the 'rules' array should be retained even if it contains only id information.
+
 ---
 
 ### Rule `SARIF2005.ProvideToolProperties`
diff --git a/docs/Rule factoring.xlsx b/docs/Rule factoring.xlsx
index 911cb5d13bc1a3d1fc7e233704f982aa5663180e..29711c7424c716ee0c21a7b07a247575c65d8d90 100644
GIT binary patch
delta 4177
zcmV-X5U%gbY0_!1<^}~6Qi+#blj{Z?e{FB0I1v7R()|bI?-ZN204iN2A<<RZuBx`z
z{ZeV=f+<!2=WNrYs`kI{*a>O7U7d2>i-?Uq!^1N(&zRFs+pcvUnN(c#IU*+*Ijk>5
z#ruaG{e81^6XYmO`---rXE}Oe3Vk~J^N-VwkgIzkRt^C4Do2gh>&)|1*|3hPe-p80
zJy>cXJE~zRA3U{|j8>{)On0s4V;p-O<vrRVWbzmcQP;d=g(!!P^?C;)SxYt0R}EjQ
z5v?naf$OMT4Qsa)-5Mb7dCT>a1w~F*X6FyRko3NVu(u>~wi2!w{shC|k8c9gyH|C*
zltPJGp8&MCBmFLZf;~dsq+t6#e+S1Qg`Q-O+|=;EO2!{#6(6wT7chc<8;yXptX48e
z-Urd512-R?oz}c%w>#-NbiMvUJ5#9^IW1LsQE|<x98F*;HtfxY9M-dew_x@C#GfGV
z>>%e$=~S$yL#uB<$Rj*-MjWSpWIRC_(^fOtQ_be0*Pz3FT)(S1i#=}ye<<9!V*d<W
zGH5K&7sLu9Ei-zrE~##uLAE)XXLl8Qyi-*2+Evx+t`eoXdnHTyz6bt;FllL`^&s3G
zrQQ9{p#w9SjpDo1(t-Q);xiQBnm$4~py)u$cI!Fhn*`tbQfB1a^CFrC37$r7IGs%0
zFkKRNmXO4aaqI`h1moE}fB6o<$T%wn9dxs=w1Li182!R@LARrY;B4U43yo*I|G8%V
zX&7zaO~B?%yX9=7UNm8r&h{(sE3wIuON^4A-Yz%R_?1_>$x)ERKDg}m{$l*00meS@
z%_eByFw4<%T%>-nNK@CxQQ?L-fCNNlm<Nk_Leg|O@hv0o6(xIme*!f-JH1u>wK-7<
z9MfjDNk)#$%sb?HMQjnr$4c6kpl~x;$CO|{H6CoMKPzo#5Eln}B*fDRPD2+j0w_|F
z`fd^izB>;Ke-TX<#bOqj`k2!{`#;V=tMP37tQeLJmHI}~as?lwD^|~_0zvHp0=}=w
z&Z1<71E3f#$<hr;S&H4+EDqhMSO(FA6!S&2d?9PXuRnMKC7yknQ9VF+n#Q#2%#6$Z
z?qRduZS3pxruVX|!sLDb^uIY?L-Z{>(s_A%q~rX{#m$A)#xDc#Y=X^bW#NrwIs22*
z1{Jey3Pb`4FQAVQunGVG*^{~qA%EL$+ei|9Uts@1;L{FvEs0l2hV6kYld%FM8N`|0
zXIiFhA(E)2=s20h{QLBc61%EgY-WMUP^OPhcis9_H^qxzzi&5#Z$))jm%B^PACA32
zv0If7>)q3(_xqRZZ0ZdTb-sJZH|4Il^nMfv@7Jrp|Lx+ntiB$ei=rL~hJW4R(tED!
z{rPBgSUnfp{4gx{#ZLU@v8=XvEq<(?Mu&Y><PYkPwwqBf9w(!1zTSD7;k<I;C?6l!
ztKz0yy=;qJtx2k4lh<PYhv)VF(6DV+E_B<x`uegzTb0|rptxUe*7XlX>J7H5^X1d7
ztn&Mfu=~3o<*UK>O8ggye}7>!jJl6T+OAhsc_<(2p<o{AIb-u@quD559htEGPBeZr
zs)}!G8Nd@&@N-l0<0DsaA`5?#EIE=%cU9*v>xWD4e@Q%#XS2!T?0P<*oJEV-^z3>Z
z`)Bhs@zc!DvSb?m>0MnstVM*SRfDQ{y!7V&`G<+`jjk?K0{wekynh~Ap9gh*e^+dZ
zRb7Zdd~fhaS#IxExs2U3ZvFUCCgeunlsSA~mR}{=QvBIi40}){a@c%TufG+GVk6M+
zgPEv<|EihD&te**<2>4*n>l4F?|-WX55;5tvZ+6pueZhe>A4n@i-uxCDsj#qe%us?
zmB?f<_%Mtm@2cDg5`Xdk!FDZ6Qe<NOU0q+-5B0P7ByJt*AJQ`M>ApDB*;>+igVoES
zF1P<NFhizkL^u_VxEh*hHk|rNG)@9Bo8EjPqKZ#k4d3+tp^FTixEi`(JRDDF(<q$$
z%=E<HsOgET;fteT6o>v#8Jie3acyES9mY{GOQx;aiItKGz<<PWh-<?!875&cZBI#1
zIL1>Tm4V{Q(lIj<8LcS9^=%4aGDG1DxzO1uJ~SjJNAtFfbf&8^y2<PO>Y^%N2VxbJ
z`MuAjrugS_1o1)Sg`S44D}|A@6pCN#UmUCJt<n-TCCTTKT@i{uKZt_=b`@TXzKI%M
z8N@Y41U6!U5r6*JhTISk--e{bI5QiPVaRl1L*7vX0h(I^6MzXXHAWQ7(Jxa#^B&X8
zPBx81^o}7E%ZwF5dbMjpBGD?O$Dtz-5{v-OTo4FAa)Ti;a6*b9Qvk^{M3nJyvH=+A
zonaA4d-CPfw&=E-=6xWt^YLo&>GzLcmf1hD^Xy*(?|;jun@`>^gMSX}+sluG-#&kO
z_c^`0^M1J)J<7B`P238Nm{pI^NVFZA7=#8R5>PD|;lt1n5Kwa|hQP>Z1REJc!bXOr
zv0N#Ysl8CKS)NL??MhI}nL&uuIOfd^mb(Mymd98oi1odP2@-9a0Ma_s2sQ?WgpC19
zV;La#Cx6Z{m`k*609fO$F~SG>upl6yC~gP{%x3}u3MVrVHXj@?w>-vjr_x(@e;Rof
z!f?!3A7tz`ftdizg5rT|1ciZ4r7%cSbxXnKXv4!MsR6w~WV;piH2hMbT6{ZCp<ZVO
z!<(TM+vm;DASW|=>3ZsGkrR7_lU4%V&J2b(!+%9kc_KR+Vn#hyJzv5_uh}*OBwl7P
zycwFOBN`gy6pda|p2~5789rRT4Td+vMMQZbI~x6D)Ys}3s_m`p=--<=f!dX~yHLNE
zy3G|FR2}SgC=ApG0)rYJ3WF9it%B{mL*1z1;REKPxIB>^FfrPxeB{}VJRC!38K%2W
zeSZm;<s%PGtngUc-NiHav0{dx1-vFO0m$(Mfx+RyV+BC7Qo~~{3sAugh7XS!i(jNQ
z$Z1)SM^#4&?+%ZIQ{f4uPCE0<72K|#5M=Z<g+UuREzed<fp&5j6M`yC%~<X5gn%bA
z7=ANn#$v<66WLp1s}<-BPoUM=G6O71nSa6XX1KHhJdtgN)e3Z*fm?wP7E9o=wRYND
zvqZKTRx8kLM$-zwwJfl-xN|L2a8N9;ZzeDkxRwzZw3bn0p<=<kK?r*T!^3BpOK-pv
z+2OHzgYNJ&y}_yB3}O4PPJk~x-VC#Y=4)PqT$bd(YDBus_@Lk-JH|*dgI>}*SATGD
zvIZrS!k{%-OE|wKV@w1)8fq+%ikZRi@iAlZ@zEfs`1I;T(g1e{5t0^Gu+>rYyM~81
z!(I91X?PFCR&bCVu-_#x6HrkL0)rMIYAmq+rxXSrkr@n|9SslbR-VXOgu;G`t>D0|
za4j_$-V7JT=80@GdMS1mY7y1XI)B@3d)Sst(LC~J`w9(?J>e2WV5V?WMPP7}X?1Qd
zQwd1clo|^jBpVDL9Wxf6WE$kM1cmJeqRXq9LSK4BaN2^|9UOcnJq2t3wRkFx&P-t&
zLSS%kh_RqPP&{K49aeYs%Gwa|(Qy~>ur1(SZcP;$95cf<#9;UwbJ@7_M1S@Q(3ZLG
z<RDZIo|cEiDfSpX|Dizez?{IuC_C_A=sd*m@NRY4a61q!4Ms%i^t|S+r*3U&?sR>G
z_qQ>uO9JEjuyLb6(Dejn1~4gsL9RC#*7Xe!TbDeMmC;dK)4JViHjk}%#qi<3Vgye-
zL2tL9FvzQTtO?*r2_EcKhks3R!^3;En`n8Q5ZvBIebi~L(7=aq<sdLq<Y%*+Y(HH>
ze#V#y+}#pmCFtR?=Hau~Wp`@^bJ6^$k65P)4O9glp%@Hrh0EsFfoN$k?d8vJJuI~g
zwU>ZK_(5|59~?Cp_UWh#=(Yo7+tEuxBdk~nJQF1_GgJteCq{*UF@F>E9SUMTaQ|)Q
z!>5pog7QSRSKCL{UCa0)(kIr|X#^51j7i`Y-SF_18XkUW)gYIWkNfli3x&2z-iMYF
zm;@dW8w_h{!^2wYK(sU%t1CJsq80bJmwYQU*h<3l3IdbBew4sKuij7?SWN^5$+yAq
zo;R&R`;6a*k7jS1(SKOf(xB`$`7Q7F67?7hZ32(13Csj}zgyH(g2(rv))^4*S~FOO
zYdcVO&h`@R81H(0_zjuNfOty`QHLcRDBBV-;PJSyvw4ms+OEC?oC91Fm<imH5Exv2
z#8~hkhv320r+IkCnz8tGk0r9b+DFU8s}T4rb!bh)m>E1CBY${chmcZZp`v1?OdqZ^
zJiN!ciIxqKdac89V$w$@GliC^DPNzEUkQ2F+|h4T$XmD8Eqk!``EF+&B<5JQy(t;P
zrj7u`a3Q2Hu&E<3XctLfP$3u$TL=vgzrr}7mIh_Z(8)O4{e7B%ENS-DaEqGsI+j*w
z&{>V)SpWfw;eR(5DGZ7tK9|N(#26e!_Bh#OzTxSJVh73&P_HxPgiyRO{60Scis7L$
zg+ZRhgJI7S2hVW#Z^q*5!%2agS-<6f+q1nCIKisukD*wQAgI9v2<;~c40bJ^5l&hM
z4Q|HjNLn+Rn`?W?a6)V;$FRF4LGWQH0m81uqoKoYf`13Q)<LWr9#*Ukh)e&a!Pras
zsjjWOp7fG$g|_6oxzmzwd~4a<!tH~2QM5;AtI$vjU~5Z(;7eZ%0)&E3Vc^b^z@Xq8
z47+4CJZ$hCh?Wge%hme*SN-DNK7T4c<ki!9cNlDnNA)(Vm{_G>cpVSrB+I>g$5p;B
zd0*DzH9Xbkr)Tj_cp(}z@&2nfcr44h`9TQ0<h?8Em;Iou*5WN$^_uskw=b)@%Gb3R
z;at8`TrD5;#EvheU;VRv7ljlA85f(zvj!|D0e@dh!!Q)Z-vz%z$df*_=^x!(X*+N-
z5jGI4D87Z{ZY#D)Niw^Bd((ES9STBU(sS-F=N=Nz4`qSAK<QkH1pBUs5eO!EF187N
z&6ds`M%qxpX(0t9xB-pl>E%Vts)$Ji&q`LHOb!}ZlF$*W61+2}iU`qc2PM_6bqFhN
zq<<=@u}8Hf6=k1v3ncKo2`Rx)P7Nh3(5VI@J|a0Akkwul9e^_e1(YC+Ccf*FAFlyb
z>OTiMW#lY#(^Ph+W85*DvtAtB2b~Ybx~|<i>|)sbK6ziSUb<DCT(n&=z-i1`#1v2?
zRl1^kWlIJ0D2uk(n2f}>$bxFKww-Ts;9>WT^()n!%;;*}sGM@NkV5YZW9QM6VAnDE
zJ!miOcI<Bkj%@0v-|?ipg^P!5iPOLfJja_j{%z(@qnlae&pz5*XY=hA{g3jP?qA~6
z@xm<dBm0Hnh<E~|UGDRjlYRrUj4n?D1r$<=mt2$JF;WC!3IG6;eF_?rP%;o4FQAVQ
zunGVG***XO7ytkO0000000000005;7lfMiala?|n0gIEtGC&Lp9{>P&Y%g<kd2D5q
zPcs#hA~PBR7Lz?QK>;L_e=|@4CX>)JQ~@`WB{U-&85f(zX8`~Jh5`Tp5dZ)H00000
b00000008@wV>CVinUkV4BL-M800000p6cCs

delta 4169
zcmV-P5Vr5qY0GJ_<^}~FKYspNlj{Z?e^GCnIuw4NbpHeLI|UOUfJ&z(5UtWWRc+V3
zRGM5c#R_1qZJJco{`-ziNZWOqa=RN58~YqSzH`oZ%<;!<+gJ}&NXEMq;UgDWv@3YY
zy89G;y<XW7vZNwiNgCeK6g^UjKA!yZ;dsNv`i}Fp1pu8)QLR*;IF2l8+7fxhe|y@2
zrQ)I`3YOyDk-ea#lr^QQZ5+>aL#HLILnA^W4#D76#R{77VrXfnMi4<8qJX}vSuZEF
zwm1Z?C1O4FcEQ^oAnsVh)T04KR$C-z_Z=7Hu7R+(IIy+?t`Pp%g~6NN1g1ByYFQz;
z<dr%CXlEq-CVuQX7{5xv_H7Ohe?#&eK_8f|;hvQU-^nW6V};LP*!^oX4AL@MNg#Re
zL<{!ZJalqgv4-A^(zQt6e<7`|RD-OBNR^jN(K1DISn>^hwIPOnF|Y=#o)>v@<eco~
zd?BooR%B?@H3)fvht3GY*bB5L2;;O-RCGkqCGQmIa2MC#YR+IUYYqyxe=h020}~V)
z3-krC!bpmQ+{p`~YHJWpik8W3Ngr+{5v;OhxxOuVA#Y#ElDzGK{~%0K=x7}Xcce7l
z{~9_l6UijL3neVLKg&Kt0j|gclmm(mv`n|2LB8?qdsm1Ae}4*NH^YJN+KViYZQqY_
z`_zvDJIHg_^H1|Ei?bgPe~bu|f|EhjyGm>56#2n#Oy^`fS+JW7tbC^N<nDg9o_`r8
z+YcSEKGSX(-N<K6=%uy&#=4SkQe<PT<j2>`jWK>>rK(dji$V`v#=TFJ-Pgd_!=By*
z?Q3Q!dJ41HgV1B!bA!zG-5ItQfgYB#d>P?5Ud=tj$az7@oSs0<f6P{A6n~{pR1C+o
zo=uXGB@+D(aaLke#ObkuGzBPJPsTCEt`}<$x>cX0GBb#a0X^)yr*k*<Z8x6<wjafw
z9r-iQUiz7r2lG737lE#iKK+yb;|w$!Po~d`W?2)Vt_3O9@G-ii)q+S6)EE%(eMxo^
zL<@HY6#W%m**=azSXPVBw}Wgo3+6am=E3TjtPa0==Lr-!=4ndQ0Ntq@)2tIcu6Dco
z&1&4()#+95C6}4b`|jyKIbK2Z4L#6#b#tKO^2_=4xzWaN18_`&^=M?_Ol3Lw36n7^
z6tiy%L;?wfEE;mF3IG7#le`Qee{E0WND}^j(*1|XpKf(W62B%vzzTv58EIx#!|dH>
z6AVO?#5u>n%%1kYZ@)QlR~6;<oV2qJ=HcnCuIhTK%kkN--#6>QYf<f2<@Vh3hhuM0
zY?tN3YWsBV{r)vOnR<hLoo^rVb-69hy&uKi`}N}Qe>;0Ct8e?~qNoRge_^{n_nzx|
zcRCvFm(Rr}-w(@Ou@%30EUQgkiyy0}(SBDI`GfkS&3Y7!$H{1uueP3MIIUbb%E!mm
zvbZjnFPmapYm%y1=e3ys{&}_AH*A}w3*9EKzP;>DmgQzADDGG5RsBPedV|gKbn&z;
ztNeZ~?EdaY`Eu~R68{C_e_z-Pqwb@THmhY-?#st|D40ij&e;6fXg1212PSO46OA8@
zs^WDe9eAV)er`&BeBcU>WZ_SeB?mIOT-E8z>fzk`UlL!&v)N>Ra&>t*If>@8>B-eN
z_D?R;#7{Fn%aUpMr+0Douo51YRt>7+@!Y%gPd`q4Z**~{0_fkXf8uT5`aG!f`@3RY
zEbBrH;(LQX%5rnJ%%$(9aqGuVG9cIbri|hHviv5=7UIvwV%WVRk;CT8di7e&i?u-C
zMq)ko|5Y=QpT#srhk3L=H*?BV-2YY$9*W2OWnF(M-)@W5({n8*7Y)UPRN$OG{J1Xm
zOA*Op@L?EB-etKKe<b4ngUw2ANfC+pcXfSRJ=D+Qleo37e@M&3r~6`GXDdnT4VEwa
zy4?K7zzmtD5z|*R;%aE3*>LJ7(KrdjY<lwvk19TKHGI?mhb}U7;%exE@o+qyO`~w~
zGt(1)qoyaWhA)nWQ5^a|Wo%;D#I^CkbQnj$ESa`uCo(1De}IYM5Z8udGEBl?+Mbf2
zaP+4@Dg(uprDJ9^GZf<bK7}xuq40%V=;#z58j|Be^R|q1q^oUoo!9xrSyjFbL>83s
zz00Mh_@{CN@j=9eo`&963M2PYD1NPfaoAn&Z7s2<B>AOeSA^ov_hQ4pUW8|(SFwke
z262TEfsL4Be}q4_A=d=Nw;?Gp&di2n7&4vMkQ-_sKyyoA0x;o)#)u7bSeGfF`G9F=
zN1H~%dj}WFY}s}po$VTzNVIb4Vdx0B1S7y=&Itq{xyFzfEJBJQQvk^{L~P^3WCJkJ
zjbRZ%dtA$@ZP9Hv&4)ll=i|lv^Y5R&F0y}Qr`f*-f8N*6*Pp##2LBw`w-=uVzkT_9
z^Ci8z^L{xSJ<6~?PTX>hm{kwgNVM&m7`O%_60ln^!iTOQAYjj>7y><`5v*qn3F{e_
z##&0LOwLiBO0>O{U@K<^AwuI2H#4~19Wb{%#xg<V_Z}ulv~2<i>r5k99~ctW2P}<c
zfIOeLe`gwrwhaI|?g}G(pbv8b0yf1p0fF&MK)}Yy41|pb2h1&xv6fTmt^0Z!c^1NO
zh*%#)>=l8T0L+}?fjNT0z(u7nNK<u5!NzFA!v?7Vy+dR#E39c)K}=PNZ^tRr>&#$y
zGqhs+ycrtgWJWJtPkk+N;*4<AN}$`B!SH6de+Vj1WP3x*s7KcGC0x{+Z8JdNWd_5W
zp?NyIp+QdG=q2T;92c13!}M)1ycsSc$`je%=qIDTR<}?cZ)HXQ!Q9cO@^%&K_foe@
z1qZthRy!01>H~p61rLQm$xN$YJMK_5YIt~uxhO7AWIIfZcHBO)w<DWlsFz`?`_z|k
zf4O~R)5LO*rQKaTmp)d^5R`yd1SSA6J|{5PJ$S4DXjW=?th4|X++cY3n6daItwBy{
zK^*A&xJSY%_XJWW52Zk-dlcN>Jt2tbD++@Sa$26Pk^-INFeU`MFg0Vf-4g<y%wYJ#
zoEeLC4^Lztjjd9kbN2*Voh>s!Qpya5e>cOW6yS+$Gptge+YDR^gmAM2E=Oypvo%X(
zn_-m#-DWhU0L*29rN!Nw1)pX^ST`$5aA1VFjKH8=Mquz}!L>mMYXif>N101)z!TZ-
zv1)^E_cXP^vEU40`L8;_=N@l{IYIM#UV~gxa$prAU1oe#aN+qelFXo&^j<1Bf9R}1
z$)qqSCu<4kb27$6u%e;H0(m<#7~Vf-EZ#pF<m8`Tl}H-k>L5bW!V0!(Mc*_$yczDw
zFT3GA6kEYTbijI-z)Zl7niCk5gs8DV{!b|kY>^oZ8yyV~yR1Bsm4w26iml*aSz#_U
z7~TvQ#pa1@GkPg@7HSclp&S&pe<f2Ck9==mp@E9Q6hvUA@K8lyaFA(rZl|dP1Zzr-
z1sll*!+Xb!#Rr)Nxul@5T|jiLYNpWV9^ss}V0JqP_oSyF_g{&p(x_(&%Mb#CokNTT
z^?~9UBk!=ft21ju#CykGz{9qHcP(qG(4fr>%MgR%W6b5?&J)=gpe=LVf5Abh9PE~d
zL>GGupZ`!G*f1wBF^Ud680v=@9)4L}4%`kz3xg3}IzF#?@2Oi`nmd<1!spu<?n?sW
z`>=4MKyc{^%nV>s0)v*`VA!Q^c-Vc(6Il_hzLwMUD7u#wKi-Yu!+*sHo_K=VZcbs)
zs^YOGfF~t*@Txi-iW?q&e^tAQ7KaJJ<89POoh}s`tRc)C1ZIlX8K07Uw9Xhafvq57
ztOPwg);xUlnz7o=7$5e~Z=2EHL)ih`N3YX}&|=s{F&N$u!_#4i3u<A;YbQa!^~lt=
zwwH`X_;GUrA0IUs_8F-Q=(Yo7+tEu%Bdl8q?2Hna8QKn*Cq~-=e`6--n-s)+;3?e9
zhmRr`9p#DaRc$w}yOQ}l(tT^ICxK)OV-k2!H$1$hhKEnE8st*!$9<}SxkB6N6sEzH
zz$CCuY%r{)4G(Ln1JS}@tlH=ph?d{u_QAAM#1$GGC}G!vz$CCLB``=_C=A?91O|z?
z!SE|@3I;wWH>0tre}zHWIr+WS?<MUqmfHk2t_jQpt$w$(rv#7hL%A~`ercU_yBW?&
zx8q*At<Ycx!|%yt2E<$9B;3t#ZkC7v4^6}F-6zquB?;&TT*VkOfd>-;gLfY>7HsDb
zJb3qM9)4lXSbW}NiR_%#N6W+u5%`OBD5qh}3^vIK9#|oyf7DoLQ?XK}TPzI^zhd1)
zi-t(O++i(Z(nlsUg_fZyU!ss-47q9U==Un*ty}AsJy^TT+qn-C)0}O8@ofx?Isz2K
zL`Y#^QAc3VS(3n@jbJeBMre3=8FE4`49b?FqjC1~_bCFhq&Z!~gKE;NIjztjFOOkI
zfB?nt`->C?e|Zsir?D3?278fhDx1hRJRM%_K-muJ)mcvPN!1_2Z}k(P7`B!v3|d({
z7+zVT{S12mW-NYxI4N*5YbOOxdMU6%!<dC)L4u$L6CiY+Brtesu}<Tlb<p5utd5{H
zqq!|@FBwjVBjp%Yw<HKY5+y)*Y4K>N<xTM5rF9VNe};z@YXjoKe_=3oN<Z#vD`QN0
z$+tpV^4;8N$v3{WXl~*1LA);7qq0?KxUXPoOM&34UvmP4oKIok$&$bz=Nk;0vKk)N
z`3^*jhN!jF`Yl-f`ra;oDn91b(`vgPtcyqWPOF$$rC)m;59K7woqW?(zBPGY*5YN=
z=BH=zIA(Yu3N-N+tT%Wp%ewhN2)yLIE9#fspsZHnU0L<A_qn$#tGdcpwHV=4zFAx?
z9`wWxuclx81(Pu=6tkHZa1;bUGj0pB4J;=Ce^E=rFcgK~1^+|HlRk7wJGZ&ecHm?p
zY#=yMd<)6lR&0}!WOn`crrlO63O*+1+%M-`63-4rjy}QIOsfQk1BwwSp=GAF34U2G
zf?JHN<4W>eD@bq+7SGbli&&IQXai41mtb557I~7gOq2=UIae}5tk^-p?Z7*f7dP4z
zf86<_*^-ir555HwQ933CI4-&4qyYwHN5m(j6dkhMo4f@`K_G_$l(Qrpgyh@nz!dh+
zfmZ1`i_F!f?{tdWXG?JuJNLn6ow2H_K{ae+`1~PxTP>g4szIijT?xQxECmw=xYH(G
z^1bm(1@xfvX0b8piOnK&Zr#f7e3OB^V5_~~nEGr+SF74&T%x&FcAq;xj~<n{j>+#q
z|7hFs_%cZ3Q?p~ov+_Ee->(-qjc7yzIu63oI-IbZDGR6XO|BpFO^f42aZ2|uaT3ts
zI-+beVl?Uz&w#Ye{qyIfUz0E^6|<)<I|BtBKYspNljku~1YZgO0F!?T8k1Kt5FCUo
z8gi=&007@U000;O000000000000000qYRV53>uT2GAaRtlgKha0Rxi>GdckelSDH?
z0v#!nKq)1YtTQSBACuQJQ~@xPEHon<Kr?O&X8`~Jh5`Tp5dZ)H0000000000008up
TYBW9pl9Q=4BL-1100000K^xK3

diff --git a/src/Sarif.Multitool/Rules/RuleResources.Designer.cs b/src/Sarif.Multitool/Rules/RuleResources.Designer.cs
index 8ecf66420..9021ec315 100644
--- a/src/Sarif.Multitool/Rules/RuleResources.Designer.cs
+++ b/src/Sarif.Multitool/Rules/RuleResources.Designer.cs
@@ -443,7 +443,9 @@ internal static string SARIF2003_ProvideVersionControlProvenance_Note_Default_Te
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to Placeholder_SARIF2004_OptimizeFileSize_FullDescription_Text.
+        ///   Looks up a localized string similar to Emit arrays only if they provide additional information.
+        ///
+        ///In several parts of a SARIF log file, a subset of information about an object appears in one place, and the full information describing all such objects appears in an array elsewhere in the log file. For example, each &apos;result&apos; object has a &apos;ruleId&apos; property that identifies the rule that was violated. Elsewhere in the log file, the array &apos;run.tool.driver.rules&apos; contains additional information about the rules. But if the elements of the &apos;rules&apos; array [rest of string was truncated]&quot;;.
         /// </summary>
         internal static string SARIF2004_OptimizeFileSize_FullDescription_Text {
             get {
@@ -452,7 +454,7 @@ internal static string SARIF2004_OptimizeFileSize_FullDescription_Text {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to Placeholder_SARIF2004_OptimizeFileSize_Warning_EliminateIdOnlyRules_Text.
+        ///   Looks up a localized string similar to {0}: The &apos;rules&apos; array contains no information beyond the ids of the rules. Removing this array might reduce the log file size without losing information. In some scenarios (for example, when assessing compliance with policy), the &apos;rules&apos; array might be used to record the full set of rules that were evaluated. In such a scenario, the &apos;rules&apos; array should be retained even if it contains only id information..
         /// </summary>
         internal static string SARIF2004_OptimizeFileSize_Warning_EliminateIdOnlyRules_Text {
             get {
@@ -461,7 +463,7 @@ internal static string SARIF2004_OptimizeFileSize_Warning_EliminateIdOnlyRules_T
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to {0}: Placeholder_SARIF2004_OptimizeFileSize_Warning_EliminateLocationOnlyArtifacts_Text.
+        ///   Looks up a localized string similar to {0): The &apos;artifacts&apos; array contains no information beyond the locations of the artifacts. Removing this array might reduce the log file size without losing information. In some scenarios (for example, when assessing compliance with policy), the &apos;artifacts&apos; array might be used to record the full set of artifacts that were analyzed. In such a scenario, the &apos;artifacts&apos; array should be retained even if it contains only location information..
         /// </summary>
         internal static string SARIF2004_OptimizeFileSize_Warning_EliminateLocationOnlyArtifacts_Text {
             get {
diff --git a/src/Sarif.Multitool/Rules/RuleResources.resx b/src/Sarif.Multitool/Rules/RuleResources.resx
index 5b7e7fad1..c364484ad 100644
--- a/src/Sarif.Multitool/Rules/RuleResources.resx
+++ b/src/Sarif.Multitool/Rules/RuleResources.resx
@@ -268,10 +268,14 @@ Many tools follow a conventional format for the 'reportingDescriptor.id' propert
     <value>{0}: This 'region' object does not specify 'startLine', 'charOffset', or 'byteOffset'. As a result, it is impossible to determine whether this 'region' object describes a line/column text region, a character offset/length text region, or a binary region.</value>
   </data>
   <data name="SARIF2004_OptimizeFileSize_FullDescription_Text" xml:space="preserve">
-    <value>Placeholder_SARIF2004_OptimizeFileSize_FullDescription_Text</value>
+    <value>Emit arrays only if they provide additional information.
+
+In several parts of a SARIF log file, a subset of information about an object appears in one place, and the full information describing all such objects appears in an array elsewhere in the log file. For example, each 'result' object has a 'ruleId' property that identifies the rule that was violated. Elsewhere in the log file, the array 'run.tool.driver.rules' contains additional information about the rules. But if the elements of the 'rules' array contained no information about the rules beyond their ids, then there might be no reason to include the 'rules' array at all, and the log file could be made smaller simply by omitting it. In some scenarios (for example, when assessing compliance with policy), the 'rules' array might be used to record the full set of rules that were evaluated. In such a scenario, the 'rules' array should be retained even if it contains only id information.
+
+Similarly, most 'result' objects contain at least one 'artifactLocation' object. Elsewhere in the log file, the array 'run.artifacts' contains additional information about the artifacts that were analyzed. But if the elements of the 'artifacts' array contained not information about the artifacts beyond their locations, then there might be no reason to include the 'artifacts' array at all, and again the log file could be made smaller by omitting it. In some scenarios (for example, when assessing compliance with policy), the 'artifacts' array might be used to record the full set of artifacts that were analyzed. In such a scenario, the 'artifacts' array should be retained even if it contains only location information.</value>
   </data>
   <data name="SARIF2004_OptimizeFileSize_Warning_EliminateLocationOnlyArtifacts_Text" xml:space="preserve">
-    <value>{0}: Placeholder_SARIF2004_OptimizeFileSize_Warning_EliminateLocationOnlyArtifacts_Text</value>
+    <value>{0): The 'artifacts' array contains no information beyond the locations of the artifacts. Removing this array might reduce the log file size without losing information. In some scenarios (for example, when assessing compliance with policy), the 'artifacts' array might be used to record the full set of artifacts that were analyzed. In such a scenario, the 'artifacts' array should be retained even if it contains only location information.</value>
   </data>
   <data name="SARIF2002_ProvideMessageArguments_FullDescription_Text" xml:space="preserve">
     <value>In result messages, use the 'message.id' and 'message.arguments' properties rather than 'message.text'. This has several advantages. If 'text' is lengthy, using 'id' and 'arguments' makes the SARIF file smaller. If the rule metadata is stored externally to the SARIF log file, the message text can be improved (for example, by adding more text, clarifying the phrasing, or fixing typos), and the result messages will pick up the improvements the next time it is displayed. Finally, SARIF supports localizing messages into different languages, which is possible if the SARIF file contains 'message.id' and 'message.arguments', but not if it contains 'message.text' directly.</value>
@@ -286,7 +290,7 @@ Many tools follow a conventional format for the 'reportingDescriptor.id' propert
     <value>{0}: This run does not provide 'versionControlProvenance'. As a result, it is not possible to determine which version of code was analyzed, nor to map relative paths to their locations within the repository.</value>
   </data>
   <data name="SARIF2004_OptimizeFileSize_Warning_EliminateIdOnlyRules_Text" xml:space="preserve">
-    <value>Placeholder_SARIF2004_OptimizeFileSize_Warning_EliminateIdOnlyRules_Text</value>
+    <value>{0}: The 'rules' array contains no information beyond the ids of the rules. Removing this array might reduce the log file size without losing information. In some scenarios (for example, when assessing compliance with policy), the 'rules' array might be used to record the full set of rules that were evaluated. In such a scenario, the 'rules' array should be retained even if it contains only id information.</value>
   </data>
   <data name="SARIF2006_UrisShouldBeReachable_FullDescription_Text" xml:space="preserve">
     <value>Placeholder_SARIF2006_UrisShouldBeReachable_FullDescription_Text</value>
diff --git a/src/Sarif.Multitool/Rules/SARIF2004.OptimizeFileSize.cs b/src/Sarif.Multitool/Rules/SARIF2004.OptimizeFileSize.cs
index 779eafa0d..9ad457d32 100644
--- a/src/Sarif.Multitool/Rules/SARIF2004.OptimizeFileSize.cs
+++ b/src/Sarif.Multitool/Rules/SARIF2004.OptimizeFileSize.cs
@@ -19,7 +19,28 @@ public class OptimizeFileSize : SarifValidationSkimmerBase
         public override string Id => RuleId.OptimizeFileSize;
 
         /// <summary>
-        /// Placeholder_SARIF2004_OptimizeFileSize_FullDescription_Text
+        /// Emit arrays only if they provide additional information.
+        ///
+        /// In several parts of a SARIF log file, a subset of information about an object appears
+        /// in one place, and the full information describing all such objects appears in an array
+        /// elsewhere in the log file. For example, each 'result' object has a 'ruleId' property
+        /// that identifies the rule that was violated. Elsewhere in the log file, the array
+        /// 'run.tool.driver.rules' contains additional information about the rules. But if the
+        /// elements of the 'rules' array contained no information about the rules beyond their ids,
+        /// then there might be no reason to include the 'rules' array at all, and the log file
+        /// could be made smaller simply by omitting it. In some scenarios (for example, when
+        /// assessing compliance with policy), the 'rules' array might be used to record the full
+        /// set of rules that were evaluated. In such a scenario, the 'rules' array should be retained
+        /// even if it contains only id information.
+        ///
+        /// Similarly, most 'result' objects contain at least one 'artifactLocation' object. Elsewhere
+        /// in the log file, the array 'run.artifacts' contains additional information about the artifacts
+        /// that were analyzed. But if the elements of the 'artifacts' array contained not information
+        /// about the artifacts beyond their locations, then there might be no reason to include the
+        /// 'artifacts' array at all, and again the log file could be made smaller by omitting it. In
+        /// some scenarios (for example, when assessing compliance with policy), the 'artifacts' array
+        /// might be used to record the full set of artifacts that were analyzed. In such a scenario,
+        /// the 'artifacts' array should be retained even if it contains only location information.
         /// </summary>
         public override MultiformatMessageString FullDescription => new MultiformatMessageString { Text = RuleResources.SARIF2004_OptimizeFileSize_FullDescription_Text };
 
@@ -60,7 +81,12 @@ private void AnalyzeLocationOnlyArtifacts(Run run, string runPointer)
 
             if (HasResultLocationsWithUriAndIndex(firstResultLocationPointer) && HasLocationOnlyArtifacts(firstArtifactPointer))
             {
-                // {0}: Placeholder_SARIF2004_OptimizeFileSize_Warning_EliminateLocationOnlyArtifacts_Text
+                // {0): The 'artifacts' array contains no information beyond the locations of the
+                // artifacts. Removing this array might  reduce the log file size without losing
+                // information. In some scenarios (for example, when assessing compliance with policy),
+                // the 'artifacts' array might be used to record the full set of artifacts that were
+                // analyzed. In such a scenario, the 'artifacts' array should be retained even if it
+                // contains only location information.
                 LogResult(
                     firstArtifactPointer,
                     nameof(RuleResources.SARIF2004_OptimizeFileSize_Warning_EliminateLocationOnlyArtifacts_Text));
@@ -105,7 +131,12 @@ private void AnalyzeIdOnlyRules(Run run, string runPointer)
 
             if (HasIdOnlyRules(firstRulePointer))
             {
-                // {0}: SARIF2004_OptimizeFileSize_Warning_EliminateIdOnlyRules_Text
+                // {0}: The 'rules' array contains no information beyond the ids of the rules.
+                // Removing this array might reduce the log file size without losing information.
+                // In some scenarios (for example, when assessing compliance with policy), the
+                // 'rules' array might be used to record the full set of rules that were evaluated.
+                // In such a scenario, the 'rules' array should be retained even if it contains
+                // only id information.
                 LogResult(
                     firstRulePointer,
                     nameof(RuleResources.SARIF2004_OptimizeFileSize_Warning_EliminateIdOnlyRules_Text));
diff --git a/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2004.OptimizeFileSize_Invalid.sarif b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2004.OptimizeFileSize_Invalid.sarif
index 8876da0b1..572416b81 100644
--- a/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2004.OptimizeFileSize_Invalid.sarif
+++ b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2004.OptimizeFileSize_Invalid.sarif
@@ -11,17 +11,17 @@
               "id": "SARIF2004",
               "name": "OptimizeFileSize",
               "shortDescription": {
-                "text": "Placeholder_SARIF2004_OptimizeFileSize_FullDescription_Text."
+                "text": "Emit arrays only if they provide additional information."
               },
               "fullDescription": {
-                "text": "Placeholder_SARIF2004_OptimizeFileSize_FullDescription_Text"
+                "text": "Emit arrays only if they provide additional information.\r\n\r\nIn several parts of a SARIF log file, a subset of information about an object appears in one place, and the full information describing all such objects appears in an array elsewhere in the log file. For example, each 'result' object has a 'ruleId' property that identifies the rule that was violated. Elsewhere in the log file, the array 'run.tool.driver.rules' contains additional information about the rules. But if the elements of the 'rules' array contained no information about the rules beyond their ids, then there might be no reason to include the 'rules' array at all, and the log file could be made smaller simply by omitting it. In some scenarios (for example, when assessing compliance with policy), the 'rules' array might be used to record the full set of rules that were evaluated. In such a scenario, the 'rules' array should be retained even if it contains only id information.\r\n\r\nSimilarly, most 'result' objects contain at least one 'artifactLocation' object. Elsewhere in the log file, the array 'run.artifacts' contains additional information about the artifacts that were analyzed. But if the elements of the 'artifacts' array contained not information about the artifacts beyond their locations, then there might be no reason to include the 'artifacts' array at all, and again the log file could be made smaller by omitting it. In some scenarios (for example, when assessing compliance with policy), the 'artifacts' array might be used to record the full set of artifacts that were analyzed. In such a scenario, the 'artifacts' array should be retained even if it contains only location information."
               },
               "messageStrings": {
                 "Warning_EliminateLocationOnlyArtifacts": {
-                  "text": "{0}: Placeholder_SARIF2004_OptimizeFileSize_Warning_EliminateLocationOnlyArtifacts_Text"
+                  "text": "{0): The 'artifacts' array contains no information beyond the locations of the artifacts. Removing this array might reduce the log file size without losing information. In some scenarios (for example, when assessing compliance with policy), the 'artifacts' array might be used to record the full set of artifacts that were analyzed. In such a scenario, the 'artifacts' array should be retained even if it contains only location information."
                 },
                 "Warning_EliminateIdOnlyRules": {
-                  "text": "Placeholder_SARIF2004_OptimizeFileSize_Warning_EliminateIdOnlyRules_Text"
+                  "text": "{0}: The 'rules' array contains no information beyond the ids of the rules. Removing this array might reduce the log file size without losing information. In some scenarios (for example, when assessing compliance with policy), the 'rules' array might be used to record the full set of rules that were evaluated. In such a scenario, the 'rules' array should be retained even if it contains only id information."
                 }
               },
               "helpUri": "http://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html"