The initial integration of Corda with the DJVM assumed that all data types would be annotated as @CordaSerializable. This was sufficient for the Finance CorDapp, but a complete solution requires support for whitelists and custom serializers too.
As of v4.8.58, ClassGraph now allows us to scan attachment: URLs inside an AttachmentsClassLoader for all classes that implement SerializationCustomSerializer without executing any untrusted byte-code. Once we have identified the class names, we can construct their sandboxed equivalents.
And we can construct the whitelists by loading all of AttachmentsClassLoader's