mirror of
https://github.com/corda/corda.git
synced 2025-01-31 00:24:59 +00:00
f59b22ba98
The class carpenter should refuse to carpent classes that are not whitelisted or marked as CordaSerializable. This prevents any security issue where a malicious message could indicate a class had a member of some type that on construction did something bad. By respecting the whitelist we avoid this. As the carpeter annotates anythign it constructs as CordaSerializable, it will always be able to carpent classes that contain memebrs that were unknown, and thus unannotated, carpented classes