High-performance encoded exfiltration detection for MCP Gateway

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jonpspri from gravatar.com jonpspri Avatar for lucarlig from gravatar.com lucarlig

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: ContextForge Contributors
  • Requires: Python >=3.11
Classifiers
Report project as malware

Project description

Encoded Exfiltration Detection (Rust)

High-performance encoded exfiltration detection for ContextForge and MCP Gateway.

Features

  • Detects suspicious encoded payloads in prompt args, tool outputs, and resource content
  • Scans common exfil encodings:
    • base64
    • base64url
    • hex
    • percent-encoding
    • escaped hex
  • Scores candidates using decoded length, entropy, printable ratio, sensitive keywords, and egress hints
  • Optional redaction instead of hard blocking
  • Recursive scanning of nested dicts, lists, and JSON-like string payloads
  • Allowlist regex support for known-safe encoded strings
  • Decode-depth and recursion-depth guardrails

Build

make install

Usage

The plugin scans these hooks:

  • prompt_pre_fetch
  • tool_post_invoke
  • resource_post_fetch

Typical uses:

  • block suspicious encoded payloads before they leave the gateway
  • redact encoded secrets or staged exfil fragments from tool results
  • surface findings metadata for review and tuning

Detection Model

Each candidate encoded segment is decoded and scored. The detector looks for combinations of:

  • sufficient decoded length
  • suspicious entropy
  • printable decoded content
  • sensitive markers such as password, secret, token, authorization, or private key
  • egress hints such as curl, wget, webhook, upload, socket, or pastebin

The plugin can also inspect JSON strings recursively so encoded content nested inside serialized blobs is still visible to the detector.

Configuration

Important settings include:

  • enabled: per-encoding enable flags
  • min_encoded_length
  • min_decoded_length
  • min_entropy
  • min_printable_ratio
  • min_suspicion_score
  • max_scan_string_length
  • max_findings_per_value
  • redact
  • redaction_text
  • block_on_detection
  • min_findings_to_block
  • allowlist_patterns
  • extra_sensitive_keywords
  • extra_egress_hints
  • max_decode_depth
  • max_recursion_depth
  • parse_json_strings

Returned Metadata

When detections occur, the plugin can emit:

  • encoded_exfil_count
  • encoded_exfil_findings
  • encoded_exfil_redacted
  • implementation

Blocking responses use the ENCODED_EXFIL_DETECTED violation code.

Security Notes

  • Guardrails reject invalid allowlist regexes at configuration time.
  • Scan and recursion caps exist to keep detection bounded on large payloads.
  • Detailed findings can be reduced or sanitized before metadata emission depending on configuration.

Testing

make ci

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jonpspri from gravatar.com jonpspri Avatar for lucarlig from gravatar.com lucarlig

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: ContextForge Contributors
  • Requires: Python >=3.11
Classifiers

Release history Release notifications | RSS feed

This version

0.2.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cpex_encoded_exfil_detection-0.2.0.tar.gz (64.3 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

cpex_encoded_exfil_detection-0.2.0-cp311-abi3-win_amd64.whl (780.0 kB view details)

Uploaded CPython 3.11+Windows x86-64

cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_x86_64.whl (856.6 kB view details)

Uploaded CPython 3.11+manylinux: glibc 2.34+ x86-64

cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_s390x.whl (897.6 kB view details)

Uploaded CPython 3.11+manylinux: glibc 2.34+ s390x

cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_ppc64le.whl (880.0 kB view details)

Uploaded CPython 3.11+manylinux: glibc 2.34+ ppc64le

cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_aarch64.whl (794.2 kB view details)

Uploaded CPython 3.11+manylinux: glibc 2.34+ ARM64

cpex_encoded_exfil_detection-0.2.0-cp311-abi3-macosx_11_0_arm64.whl (753.6 kB view details)

Uploaded CPython 3.11+macOS 11.0+ ARM64

File details

Details for the file cpex_encoded_exfil_detection-0.2.0.tar.gz.

File metadata

File hashes

Hashes for cpex_encoded_exfil_detection-0.2.0.tar.gz
Algorithm Hash digest
SHA256 b5c6e33bdddb5ccdf1c331040649fa2b2ea2373383042091c0f95299df1c6b58
MD5 b9912de0b4ca71df4e9db118e27d3658
BLAKE2b-256 8b24d186169c1085f40af62852fadbe3c060a959ed5ad7e5ba00b3ac97c2db28

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpex_encoded_exfil_detection-0.2.0.tar.gz:

Publisher: release-rust-python-package.yaml on IBM/cpex-plugins

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cpex_encoded_exfil_detection-0.2.0-cp311-abi3-win_amd64.whl.

File metadata

File hashes

Hashes for cpex_encoded_exfil_detection-0.2.0-cp311-abi3-win_amd64.whl
Algorithm Hash digest
SHA256 a70ae294cfa64dcbf0b6f54412bafb6964dcc887e5684426f0eaeefe22408b95
MD5 9785f4fa32e0282a37f981e9b819d4c3
BLAKE2b-256 bab1c0dcbdf1ab1b94e4907c75cdf392e74ab95e677abb29e5cbad283bead176

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpex_encoded_exfil_detection-0.2.0-cp311-abi3-win_amd64.whl:

Publisher: release-rust-python-package.yaml on IBM/cpex-plugins

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_x86_64.whl.

File metadata

File hashes

Hashes for cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_x86_64.whl
Algorithm Hash digest
SHA256 3845a368875da7e65f312e6359af2942ff1fb8af325a1227a2573a6a91b3890f
MD5 4023115bf9103ea8245f4902d31c3737
BLAKE2b-256 6b63355ec76b4c112233e2661f1955d2acfde3e6dfa8626f1dcbcd98bf919281

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_x86_64.whl:

Publisher: release-rust-python-package.yaml on IBM/cpex-plugins

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_s390x.whl.

File metadata

File hashes

Hashes for cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_s390x.whl
Algorithm Hash digest
SHA256 ffb64b239e472d12d7c9eec95b5c39d650d009f1ae965b73e20df30917244dbc
MD5 a9ca53e479a76ee42f6f5ee96cce9eae
BLAKE2b-256 6533974494234b94a784d10936ed1e66c7c04fa8ac5347dd6c12fe15de563858

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_s390x.whl:

Publisher: release-rust-python-package.yaml on IBM/cpex-plugins

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_ppc64le.whl.

File metadata

File hashes

Hashes for cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_ppc64le.whl
Algorithm Hash digest
SHA256 8d9d24a4861120612e5b1a0cd4ed1a408d4d203e03caee15cdceb9e37cdd62da
MD5 5fe27021111cacfffe005bd185d57305
BLAKE2b-256 b00e72a4b2a1c58cea7aec50fcc43882d92fce34cf06df19abb977fd08035146

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_ppc64le.whl:

Publisher: release-rust-python-package.yaml on IBM/cpex-plugins

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_aarch64.whl.

File metadata

File hashes

Hashes for cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_aarch64.whl
Algorithm Hash digest
SHA256 d5912467a9a51738e74e78cde39a33961bb3a68884195c91dbb8a820d3bf61e6
MD5 acb653135bbe68986320f3b1833ab2f9
BLAKE2b-256 19f941f86b8e9eeae36a6474ddb90ebf3955cae76a41335f403fc3bb2191e4af

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpex_encoded_exfil_detection-0.2.0-cp311-abi3-manylinux_2_34_aarch64.whl:

Publisher: release-rust-python-package.yaml on IBM/cpex-plugins

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cpex_encoded_exfil_detection-0.2.0-cp311-abi3-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for cpex_encoded_exfil_detection-0.2.0-cp311-abi3-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 5511d0b403ba6d4014cb137fe7b83507959042fdfcb0b0b73119908c1a9b3901
MD5 8013145d9cd2db737c6227164817d3cf
BLAKE2b-256 3e5d1e4a55c7bd78a62b89341a00510f2a56f8915912fb4b240f2b356d3f1361

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpex_encoded_exfil_detection-0.2.0-cp311-abi3-macosx_11_0_arm64.whl:

Publisher: release-rust-python-package.yaml on IBM/cpex-plugins

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page