Drop misleading "partialFingerprints required" check from ADO/GH rules

ReleaseHistory.md

@@ -1,6 +1,7 @@
 # SARIF Package Release History (SDK, Driver, Converters, and Multitool)
 
 ## **UNRELEASED**
+* BUGFIX: Drop the missing-`partialFingerprints` check from `BaseProvideRequiredResultProperties` (Base1015), which removes the firing for ADO1015/ADO1017 and GH1015/GH1017. Both Advanced Security for Azure DevOps and GitHub code scanning compute `partialFingerprints` automatically when omitted, so the `error`-level "this property is required by the {service} service" message was misleading. See [GHAZDO third-party SARIF docs](https://learn.microsoft.com/azure/devops/repos/security/github-advanced-security-code-scanning-third-party) (Sprint 245 `ruleId` inclusion, Sprint 255 `advancedsecurity.publish.allowmissingpartialfingerprints`) and [GitHub code scanning SARIF support — Fingerprint generation](https://docs.github.com/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#fingerprint-generation). AI producers are already advised against persisting fingerprints by AI2011.
 * BRK: Rename `Microsoft.CodeAnalysis.Sarif.Multitool.OptionsInterpretter` (and its test class `OptionsInterpretterTests`) to `OptionsInterpreter` / `OptionsInterpreterTests` (single `t`). External callers of `Sarif.Multitool.Library` constructing `new OptionsInterpretter(...)` must update to `new OptionsInterpreter(...)`.
 * NEW: Add `partition` multitool verb that splits one SARIF log into many by strategy (`PerRule` (default), `PerRunPerRule`, `PerRun`, `PerResult`, `PerRunPerTarget`, `PerRunPerTargetPerRule`, `PerIndexList`). Wraps `SarifPartitioner.Partition`, so each output gets its `tool.driver.rules` and `run.artifacts` pruned to only what the partition references.
 * NEW: Add `SplittingStrategy.PerIndexList` plus the `--indices` mini-language for explicit per-result bucket assignment: `<runId>:<r1>,<r2>;<runId>:...|<bucket>...`, with bare-int shorthand for run 0 and SARIF URL fallback (`sarif:/runs/X/results/Y`, §3.10.3). Optional `--spillover-bucket NAME` captures uncovered results; `--strict-coverage` errors on uncovered results. Duplicate or out-of-range addresses error.

src/Sarif.Multitool.Library/Rules/Base1015.ProvideRequiredResultProperties.cs

@@ -17,8 +17,7 @@ public class BaseProvideRequiredResultProperties
             nameof(RuleResources.Base1015_ProvideRequiredResultProperties_Error_EmptyLocationsArray_Text),
             nameof(RuleResources.Base1015_ProvideRequiredResultProperties_Error_MissingLocationsArray_Text),
             nameof(RuleResources.Base1015_ProvideRequiredResultProperties_Error_MissingMessageText_Text),
-            nameof(RuleResources.Base1015_ProvideRequiredResultProperties_Error_MissingMessage_Text),
-            nameof(RuleResources.Base1015_ProvideRequiredResultProperties_Error_MissingPartialFingerprints_Text)
+            nameof(RuleResources.Base1015_ProvideRequiredResultProperties_Error_MissingMessage_Text)
         };
 
         protected ICollection<string> BaseMessageResourceNames => _baseMessageResourceNames;
@@ -59,13 +58,12 @@ protected override void Analyze(Result result, string resultPointer)
                     nameof(RuleResources.Base1015_ProvideRequiredResultProperties_Error_EmptyLocationsArray_Text));
             }
 
-            if (result.PartialFingerprints == null)
-            {
-                // {0}: This 'result' object does not provide a 'partialFingerprints' dictionary. This property is required by the {1} service.
-                LogResult(
-                    resultPointer,
-                    nameof(RuleResources.Base1015_ProvideRequiredResultProperties_Error_MissingPartialFingerprints_Text));
-            }
+            // Note: missing 'partialFingerprints' is intentionally not flagged. Both consumers covered
+            // by the ADO and GH rule kinds (Advanced Security for Azure DevOps, GitHub code scanning)
+            // compute partialFingerprints automatically when the producer omits them. See:
+            //   * https://learn.microsoft.com/azure/devops/repos/security/github-advanced-security-code-scanning-third-party
+            //   * https://docs.github.com/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#fingerprint-generation
+            // AI producers should also avoid persisting fingerprints (see AI2011).
         }
     }
 }

src/Sarif.Multitool.Library/Rules/RuleResources.resx

@@ -525,9 +525,6 @@ Semantics: Assuming the reader of the log file (an end user or another tool) has
   <data name="Base1015_ProvideRequiredResultProperties_Error_MissingMessageText_Text" xml:space="preserve">
     <value>{0}: The 'message' object on this 'result' object does not provide a 'text' property. This property is required by the {1} service.</value>
   </data>
-  <data name="Base1015_ProvideRequiredResultProperties_Error_MissingPartialFingerprints_Text" xml:space="preserve">
-    <value>{0}: This 'result' object does not provide a 'partialFingerprints' dictionary. This property is required by the {1} service.</value>
-  </data>
   <data name="Base1018_ProvideRequiredToolProperties_Error_MissingDriverName_Text" xml:space="preserve">
     <value>{0}: The 'driver' object in this tool does not provide a 'name' value. This property is required by the {1} service.</value>
   </data>
@@ -591,9 +588,7 @@ Provide the 'ruleId' property, which is the unique identifier of the analysis ru
 
 Provide the 'message' property, which is a user-facing explanation of the result occurrence. The message's 'text' property is required by the ADO Advanced Security service.
 
-Provide the 'locations' array, which must contain at least one location object.
-
-Provide the 'partialFingerprints' dictionary. This property is required by the ADO Advanced Security service.</value>
+Provide the 'locations' array, which must contain at least one location object.</value>
   </data>
   <data name="ADO1016_ProvideRequiredLocationProperties_FullDescription_Text" xml:space="preserve">
     <value>The Location object is important for providing consumers with the location where the result occurred.
@@ -648,9 +643,7 @@ Provide the 'results' array, even if it is empty.</value>
 
 Provide the 'message' property, which is a user-facing explanation of the result occurrence. The message's 'text' property is required by the GitHub Advanced Security service.
 
-Provide the 'locations' array, which must contain at least one location object.
-
-Provide the 'partialFingerprints' dictionary. This property is required by the GitHub Advanced Security service.</value>
+Provide the 'locations' array, which must contain at least one location object.</value>
   </data>
   <data name="GH1016_ProvideRequiredLocationProperties_FullDescription_Text" xml:space="preserve">
     <value>The Location object is important for providing consumers with the location where the result occurred.