Skip to content

Commit 726cabf

Browse files
Release ISCY v23.6.2
1 parent fbcf651 commit 726cabf

7 files changed

Lines changed: 39 additions & 26 deletions

File tree

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# ISCY V23.6.1 / Rust 0.2.1
1+
# ISCY V23.6.2 / Rust 0.2.2
22

33
ISCY ist eine ISMS-/Cybersecurity-Plattform mit ISO 27001-, NIS2- und KRITIS-Unterstuetzung, Product Security, Zero-Trust-Agent-Posture, lokalem CVE-Enrichment und lokalem LLM-Betrieb.
44

@@ -96,7 +96,7 @@ Das Backend stellt serverseitige Weboberflaechen und APIs fuer die migrierten Pr
9696

9797
## Zero-Trust Agent
9898

99-
ISCY `0.2.1` enthaelt einen read-only Agent-MVP fuer Windows, macOS und Linux. Der Agent meldet Inventar, Heartbeats und Zero-Trust-Findings an die Rust-Plattform. Die Plattform stellt dazu `/zero-trust/` sowie API-Endpunkte unter `/api/v1/agents/...` bereit.
99+
ISCY `0.2.2` enthaelt einen read-only Agent-MVP fuer Windows, macOS und Linux. Der Agent meldet Inventar, Heartbeats und Zero-Trust-Findings an die Rust-Plattform. Die Plattform stellt dazu `/zero-trust/` sowie API-Endpunkte unter `/api/v1/agents/...` bereit.
100100

101101
Die produktive Agent-Aufnahme ist gehaertet:
102102

docs/ISCY_Handbuch.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# ISCY Handbuch
22

3-
Version: Arbeitsstand Juni 2026 (ISCY V23.6.1 / Rust 0.2.1)
3+
Version: Arbeitsstand Juni 2026 (ISCY V23.6.2 / Rust 0.2.2)
44

55
Dieses Handbuch erklaert ISCY fachlich und in einfacher Sprache. Es ist fuer Menschen geschrieben, die nicht aus einem ISMS-, Compliance- oder Informationssicherheits-Umfeld kommen.
66

docs/ZERO_TRUST_AGENT.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# Zero-Trust Agent
22

3-
Version: ISCY Rust Backend `0.2.1`
3+
Version: ISCY Rust Backend `0.2.2`
44

55
## Zielbild
66

@@ -139,7 +139,7 @@ Der Plattform-Katalog kennt zusaetzlich diese Zero-Trust-Pruefpunkte, die ueber
139139
- Softwareinventar fuer CVE-Korrelation
140140
- Removable-Media-Policy
141141

142-
Wichtig: In `0.2.1` liest der Basisagent diese tiefen OS-/MDM-/EDR-Signale noch nicht selbst aus. Er liefert den sicheren Intake, die Plattformdatenstruktur und die Baseline. Konkrete Windows/macOS/Linux-Pruefmodule koennen danach gezielt erweitert werden.
142+
Wichtig: In `0.2.2` liest der Basisagent diese tiefen OS-/MDM-/EDR-Signale noch nicht selbst aus. Er liefert den sicheren Intake, die Plattformdatenstruktur und die Baseline. Konkrete Windows/macOS/Linux-Pruefmodule koennen danach gezielt erweitert werden.
143143

144144
## Deployment-Zielpfade
145145

rust/iscy-backend/Cargo.lock

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

rust/iscy-backend/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "iscy-backend"
3-
version = "0.2.1"
3+
version = "0.2.2"
44
edition = "2021"
55

66
[dependencies]

rust/iscy-backend/src/lib.rs

Lines changed: 29 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1339,22 +1339,35 @@ fn agent_mtls_fingerprint_from_headers(headers: &HeaderMap) -> Option<String> {
13391339
.or_else(|| header_string(headers, "ssl-client-fingerprint"))
13401340
}
13411341

1342-
fn agent_tenant_id_from_headers(headers: &HeaderMap) -> Result<i64, Response> {
1342+
#[derive(Debug, Clone, Copy)]
1343+
enum AgentTenantHeaderError {
1344+
Missing,
1345+
Invalid,
1346+
}
1347+
1348+
impl AgentTenantHeaderError {
1349+
fn into_response(self) -> Response {
1350+
match self {
1351+
Self::Missing => agent_auth_error_response(
1352+
StatusCode::UNAUTHORIZED,
1353+
"missing_agent_tenant",
1354+
"Agent-Requests benoetigen den Header x-iscy-tenant-id.",
1355+
),
1356+
Self::Invalid => agent_auth_error_response(
1357+
StatusCode::BAD_REQUEST,
1358+
"invalid_agent_tenant",
1359+
"Header x-iscy-tenant-id muss eine positive Tenant-ID enthalten.",
1360+
),
1361+
}
1362+
}
1363+
}
1364+
1365+
fn agent_tenant_id_from_headers(headers: &HeaderMap) -> Result<i64, AgentTenantHeaderError> {
13431366
let Some(raw_tenant_id) = header_string(headers, "x-iscy-tenant-id") else {
1344-
return Err(agent_auth_error_response(
1345-
StatusCode::UNAUTHORIZED,
1346-
"missing_agent_tenant",
1347-
"Agent-Requests benoetigen den Header x-iscy-tenant-id.",
1348-
));
1367+
return Err(AgentTenantHeaderError::Missing);
13491368
};
13501369
let tenant_id = raw_tenant_id.parse::<i64>().ok().filter(|value| *value > 0);
1351-
tenant_id.ok_or_else(|| {
1352-
agent_auth_error_response(
1353-
StatusCode::BAD_REQUEST,
1354-
"invalid_agent_tenant",
1355-
"Header x-iscy-tenant-id muss eine positive Tenant-ID enthalten.",
1356-
)
1357-
})
1370+
tenant_id.ok_or(AgentTenantHeaderError::Invalid)
13581371
}
13591372

13601373
fn agent_auth_error_response(
@@ -2252,7 +2265,7 @@ async fn agent_enroll(
22522265
if let Some(enrollment_token) = agent_enrollment_token_from_headers(&headers) {
22532266
let tenant_id = match agent_tenant_id_from_headers(&headers) {
22542267
Ok(tenant_id) => tenant_id,
2255-
Err(response) => return response,
2268+
Err(err) => return err.into_response(),
22562269
};
22572270
let mtls_fingerprint = agent_mtls_fingerprint_from_headers(&headers);
22582271
return match store
@@ -2343,7 +2356,7 @@ async fn agent_heartbeat(
23432356
let tenant_id = if let Some(agent_secret) = agent_secret_from_headers(&headers) {
23442357
let tenant_id = match agent_tenant_id_from_headers(&headers) {
23452358
Ok(tenant_id) => tenant_id,
2346-
Err(response) => return response,
2359+
Err(err) => return err.into_response(),
23472360
};
23482361
let mtls_fingerprint = agent_mtls_fingerprint_from_headers(&headers);
23492362
match store
@@ -2438,7 +2451,7 @@ async fn agent_findings(
24382451
let tenant_id = if let Some(agent_secret) = agent_secret_from_headers(&headers) {
24392452
let tenant_id = match agent_tenant_id_from_headers(&headers) {
24402453
Ok(tenant_id) => tenant_id,
2441-
Err(response) => return response,
2454+
Err(err) => return err.into_response(),
24422455
};
24432456
let mtls_fingerprint = agent_mtls_fingerprint_from_headers(&headers);
24442457
match store

rust/iscy-backend/tests/http_tests.rs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -774,7 +774,7 @@ async fn zero_trust_agent_token_enrollment_allows_secret_based_intake() {
774774
"os_family":"windows",
775775
"os_version":"Windows 11",
776776
"architecture":"x86_64",
777-
"agent_version":"0.2.1",
777+
"agent_version":"0.2.2",
778778
"deployment_channel":"intune"
779779
}"#,
780780
))
@@ -801,7 +801,7 @@ async fn zero_trust_agent_token_enrollment_allows_secret_based_intake() {
801801
.header("x-iscy-agent-secret", agent_secret.as_str())
802802
.header("x-iscy-agent-mtls-fingerprint", "sha256:lab-client")
803803
.body(Body::from(
804-
r#"{"agent_version":"0.2.1","status":"OK","summary":{"collector_mode":"read_only"}}"#,
804+
r#"{"agent_version":"0.2.2","status":"OK","summary":{"collector_mode":"read_only"}}"#,
805805
))
806806
.unwrap(),
807807
)
@@ -837,7 +837,7 @@ async fn zero_trust_agent_token_enrollment_allows_secret_based_intake() {
837837
.header("x-iscy-tenant-id", "1")
838838
.header("x-iscy-agent-secret", agent_secret.as_str())
839839
.header("x-iscy-agent-mtls-fingerprint", "sha256:wrong-client")
840-
.body(Body::from(r#"{"agent_version":"0.2.1","status":"OK"}"#))
840+
.body(Body::from(r#"{"agent_version":"0.2.2","status":"OK"}"#))
841841
.unwrap(),
842842
)
843843
.await

0 commit comments

Comments
 (0)