High-performance encoded exfiltration detection for MCP Gateway

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jonpspri from gravatar.com jonpspri Avatar for lucarlig from gravatar.com lucarlig

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: ContextForge Contributors
  • Requires: Python >=3.11
Classifiers
Report project as malware

Project description

Encoded Exfiltration Detection (Rust)

High-performance encoded exfiltration detection for ContextForge and MCP Gateway.

Features

  • Detects suspicious encoded payloads in prompt args, tool outputs, and resource content
  • Scans common exfil encodings:
    • base64
    • base64url
    • hex
    • percent-encoding
    • escaped hex
  • Scores candidates using decoded length, entropy, printable ratio, sensitive keywords, and egress hints
  • Optional redaction instead of hard blocking
  • Recursive scanning of nested dicts, lists, and JSON-like string payloads
  • Allowlist regex support for known-safe encoded strings
  • Decode-depth and recursion-depth guardrails

Build

make install

Usage

The plugin scans these hooks:

  • prompt_pre_fetch
  • tool_post_invoke
  • resource_post_fetch

Typical uses:

  • block suspicious encoded payloads before they leave the gateway
  • redact encoded secrets or staged exfil fragments from tool results
  • surface findings metadata for review and tuning

Detection Model

Each candidate encoded segment is decoded and scored. The detector looks for combinations of:

  • sufficient decoded length
  • suspicious entropy
  • printable decoded content
  • sensitive markers such as password, secret, token, authorization, or private key
  • egress hints such as curl, wget, webhook, upload, socket, or pastebin

The plugin can also inspect JSON strings recursively so encoded content nested inside serialized blobs is still visible to the detector.

Configuration

Important settings include:

  • enabled: per-encoding enable flags
  • min_encoded_length
  • min_decoded_length
  • min_entropy
  • min_printable_ratio
  • min_suspicion_score
  • max_scan_string_length
  • max_findings_per_value
  • redact
  • redaction_text
  • block_on_detection
  • min_findings_to_block
  • allowlist_patterns
  • extra_sensitive_keywords
  • extra_egress_hints
  • max_decode_depth
  • max_recursion_depth
  • parse_json_strings

Returned Metadata

When detections occur, the plugin can emit:

  • encoded_exfil_count
  • encoded_exfil_findings
  • encoded_exfil_redacted
  • implementation

Blocking responses use the ENCODED_EXFIL_DETECTED violation code.

Security Notes

  • Guardrails reject Rust-incompatible allowlist regexes at engine initialization time (during plugin construction). Features such as lookaround and backreferences are not supported.
  • Scan and recursion caps exist to keep detection bounded on large payloads.
  • Detailed findings can be reduced or sanitized before metadata emission depending on configuration.

Testing

make ci

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jonpspri from gravatar.com jonpspri Avatar for lucarlig from gravatar.com lucarlig

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: ContextForge Contributors
  • Requires: Python >=3.11
Classifiers

Release history Release notifications | RSS feed

0.3.3

0.3.2

0.3.1

0.3.0

This version

0.2.1

0.2.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cpex_encoded_exfil_detection-0.2.1.tar.gz (48.0 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

cpex_encoded_exfil_detection-0.2.1-cp311-abi3-win_amd64.whl (776.1 kB view details)

Uploaded CPython 3.11+Windows x86-64

cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_x86_64.whl (852.6 kB view details)

Uploaded CPython 3.11+manylinux: glibc 2.34+ x86-64

cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_s390x.whl (891.0 kB view details)

Uploaded CPython 3.11+manylinux: glibc 2.34+ s390x

cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_ppc64le.whl (873.6 kB view details)

Uploaded CPython 3.11+manylinux: glibc 2.34+ ppc64le

cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_aarch64.whl (790.2 kB view details)

Uploaded CPython 3.11+manylinux: glibc 2.34+ ARM64

cpex_encoded_exfil_detection-0.2.1-cp311-abi3-macosx_11_0_arm64.whl (753.7 kB view details)

Uploaded CPython 3.11+macOS 11.0+ ARM64

File details

Details for the file cpex_encoded_exfil_detection-0.2.1.tar.gz.

File metadata

File hashes

Hashes for cpex_encoded_exfil_detection-0.2.1.tar.gz
Algorithm Hash digest
SHA256 6d989d9812b0c62b397f74eb33cc3998cc9e9e7fbba1848edf70bfbcc3d749df
MD5 528ce758fe4712b574f34ade9b8efa10
BLAKE2b-256 8ae908ed4f71b39a57145f9ed5abf3edba304f51397a5ddf6cdff22444c11f84

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpex_encoded_exfil_detection-0.2.1.tar.gz:

Publisher: release-rust-python-package.yaml on IBM/cpex-plugins

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cpex_encoded_exfil_detection-0.2.1-cp311-abi3-win_amd64.whl.

File metadata

File hashes

Hashes for cpex_encoded_exfil_detection-0.2.1-cp311-abi3-win_amd64.whl
Algorithm Hash digest
SHA256 99f6c011d45009b97352b8f82d038e016cac7bcbde687aaae9a704571ab479b1
MD5 2c2abb66520700527777fa3614c481c0
BLAKE2b-256 ffbb0bfec3bad7c09f5a21bc55dba408c9371ecf2ea8c991dd317192a9986b13

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpex_encoded_exfil_detection-0.2.1-cp311-abi3-win_amd64.whl:

Publisher: release-rust-python-package.yaml on IBM/cpex-plugins

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_x86_64.whl.

File metadata

File hashes

Hashes for cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_x86_64.whl
Algorithm Hash digest
SHA256 f37e8111becb80064438d1b24118df3765c2e2d47501ec63ed6cb3011bcb7b9b
MD5 8b26bf5c381e5d91a2240f74cc66ecce
BLAKE2b-256 a62e2ee371f742cde4d714032cf46e44c71f7a79e71b76fc978ce26896b7f3bd

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_x86_64.whl:

Publisher: release-rust-python-package.yaml on IBM/cpex-plugins

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_s390x.whl.

File metadata

File hashes

Hashes for cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_s390x.whl
Algorithm Hash digest
SHA256 f14a4291d626536f043acc2758b339025c6e970999c7bd16586155bdffb3187f
MD5 f8ddbe63ebabf72f18ba79513906ea69
BLAKE2b-256 9fb09a676a42f4141dcf497dcf96f1ec999d7cbd46a15ec7b499ae972348e98b

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_s390x.whl:

Publisher: release-rust-python-package.yaml on IBM/cpex-plugins

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_ppc64le.whl.

File metadata

File hashes

Hashes for cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_ppc64le.whl
Algorithm Hash digest
SHA256 7470fdc27c7e6bb54037bd1e1ac38c5cba9429e0de594f833e9dc57d26e977e4
MD5 8cfa864a00b910be276972317e31d4d5
BLAKE2b-256 7c5eb6f815993e501b8b9798dabc3ba27ab858f175c9e54446beee848a4084e3

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_ppc64le.whl:

Publisher: release-rust-python-package.yaml on IBM/cpex-plugins

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_aarch64.whl.

File metadata

File hashes

Hashes for cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_aarch64.whl
Algorithm Hash digest
SHA256 41445f498d3a2b923e8095a06aa690383ca5ac1c38189b0034538bf6e905550c
MD5 07ae9772527367592ac6260462735b42
BLAKE2b-256 c2039d281128906ad94c965b81ee96987c324feb9ae8f7e7cac49d5c419de121

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpex_encoded_exfil_detection-0.2.1-cp311-abi3-manylinux_2_34_aarch64.whl:

Publisher: release-rust-python-package.yaml on IBM/cpex-plugins

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cpex_encoded_exfil_detection-0.2.1-cp311-abi3-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for cpex_encoded_exfil_detection-0.2.1-cp311-abi3-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 9c4dd0eddfb7969c370400b7a31f555be1e531dc3fbbaa7975375ed6878a1a72
MD5 e5e2084d5fb8450ab264fb466fe02764
BLAKE2b-256 fdebdb90debada2b804b23dcf59dec8de813e698722b06023ce8ae4442ab764b

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpex_encoded_exfil_detection-0.2.1-cp311-abi3-macosx_11_0_arm64.whl:

Publisher: release-rust-python-package.yaml on IBM/cpex-plugins

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page