HP Fortify consider database as untrusted source (Tainted source). Is there a way to configure HP Fortify to mark the database as trusted source (Untainted source). If yes what are the options here to do it?
One random thought I have (though I have not tried it) is to mark the getter method(s) of the Entity class (considering one is using hibernate) as safe for specific vulnerability (TaintedFlag) using dataflowcleansing rule. If that works (which I guess should work), then is that the recommended way to do it? Or is there a different approach to configure it in HP Fortify?
Can one mark complete database (all tables) as trusted or is there a way to specifically mark a table (or column) as trusted. It will be interesting to know pro and cons of these approach and what is recommended approach.