yawast 0.2.0.beta1

data/test/data/tomcat_release_notes.txt

@@ -0,0 +1,172 @@
+================================================================================
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+================================================================================
+
+
+                     Apache Tomcat Version 8.0.30
+                            Release Notes
+
+
+=========
+CONTENTS:
+=========
+
+* Dependency Changes
+* API Stability
+* Bundled APIs
+* Web application reloading and static fields in shared libraries
+* Security manager URLs
+* Symlinking static resources
+* Viewing the Tomcat Change Log
+* Cryptographic software notice
+* When all else fails
+
+
+===================
+Dependency Changes:
+===================
+Tomcat 8.0 is designed to run on Java SE 7 and later.
+
+
+==============
+API Stability:
+==============
+
+The public interfaces for the following classes are fixed and will not be
+changed at all during the remaining lifetime of the 8.x series:
+- All classes in the javax namespace
+
+The public interfaces for the following classes may be added to in order to
+resolve bugs and/or add new features. No existing interface method will be
+removed or changed although it may be deprecated.
+- org.apache.catalina.* (excluding sub-packages)
+
+Note: As Tomcat 8 matures, the above list will be added to. The list is not
+      considered complete at this time.
+
+The remaining classes are considered part of the Tomcat internals and may change
+without notice between point releases.
+
+
+=============
+Bundled APIs:
+=============
+A standard installation of Tomcat 8.0 makes all of the following APIs available
+for use by web applications (by placing them in "lib"):
+* annotations-api.jar (Annotations package)
+* catalina.jar (Tomcat Catalina implementation)
+* catalina-ant.jar (Tomcat Catalina Ant tasks)
+* catalina-ha.jar (High availability package)
+* catalina-storeconfig.jar (Generation of XML configuration from current state)
+* catalina-tribes.jar (Group communication)
+* ecj-4.4.2.jar (Eclipse JDT Java compiler)
+* el-api.jar (EL 3.0 API)
+* jasper.jar (Jasper 2 Compiler and Runtime)
+* jasper-el.jar (Jasper 2 EL implementation)
+* jsp-api.jar (JSP 2.3 API)
+* servlet-api.jar (Servlet 3.1 API)
+* tomcat-api.jar (Interfaces shared by Catalina and Jasper)
+* tomcat-coyote.jar (Tomcat connectors and utility classes)
+* tomcat-dbcp.jar (package renamed database connection pool based on Commons DBCP)
+* tomcat-jdbc.jar (Tomcat's database connection pooling solution)
+* tomcat-jni.jar (Interface to the native component of the APR/native connector)
+* tomcat-util.jar (Various utilities)
+* tomcat-websocket.jar (WebSocket 1.1 implementation)
+* websocket-api.jar (WebSocket 1.1 API)
+
+You can make additional APIs available to all of your web applications by
+putting unpacked classes into a "classes" directory (not created by default),
+or by placing them in JAR files in the "lib" directory.
+
+To override the XML parser implementation or interfaces, use the endorsed
+mechanism of the JVM. The default configuration defines JARs located in
+"endorsed" as endorsed.
+
+
+================================================================
+Web application reloading and static fields in shared libraries:
+================================================================
+Some shared libraries (many are part of the JDK) keep references to objects
+instantiated by the web application. To avoid class loading related problems
+(ClassCastExceptions, messages indicating that the classloader
+is stopped, etc.), the shared libraries state should be reinitialized.
+
+Something which might help is to avoid putting classes which would be
+referenced by a shared static field in the web application classloader,
+and putting them in the shared classloader instead (JARs should be put in the
+"lib" folder, and classes should be put in the "classes" folder).
+
+
+======================
+Security manager URLs:
+======================
+In order to grant security permissions to JARs located inside the
+web application repository, use URLs of of the following format
+in your policy file:
+
+file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar
+
+
+============================
+Symlinking static resources:
+============================
+By default, Unix symlinks will not work when used in a web application to link
+resources located outside the web application root directory.
+
+This behavior is optional, and the "allowLinking" flag may be used to disable
+the check.
+
+
+==============================
+Viewing the Tomcat Change Log:
+==============================
+The full change log is available from http://tomcat.apache.org and is also
+included in the documentation web application.
+
+
+=============================
+Cryptographic software notice
+=============================
+This distribution includes cryptographic software.  The country in
+which you currently reside may have restrictions on the import,
+possession, use, and/or re-export to another country, of
+encryption software.  BEFORE using any encryption software, please
+check your country's laws, regulations and policies concerning the
+import, possession, or use, and re-export of encryption software, to
+see if this is permitted.  See <http://www.wassenaar.org/> for more
+information.
+
+The U.S. Government Department of Commerce, Bureau of Industry and
+Security (BIS), has classified this software as Export Commodity
+Control Number (ECCN) 5D002.C.1, which includes information security
+software using or performing cryptographic functions with asymmetric
+algorithms.  The form and manner of this Apache Software Foundation
+distribution makes it eligible for export under the License Exception
+ENC Technology Software Unrestricted (TSU) exception (see the BIS
+Export Administration Regulations, Section 740.13) for both object
+code and source code.
+
+The following provides more details on the included cryptographic
+software:
+  - Tomcat includes code designed to work with JSSE
+  - Tomcat includes code designed to work with OpenSSL
+
+
+====================
+When all else fails:
+====================
+See the FAQ
+http://tomcat.apache.org/faq/

data/test/data/wordpress_readme_html.txt

@@ -0,0 +1,86 @@
+
+<!DOCTYPE html>
+<html>
+<head>
+<meta name="viewport" content="width=device-width"/>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+<title>WordPress &#8250; ReadMe</title>
+<link rel="stylesheet" href="wp-admin/css/install.css?ver=20100228" type="text/css"/>
+</head>
+<body>
+<h1 id="logo">
+<a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png"/></a>
+<br/> Version 4.5.3
+</h1>
+<p style="text-align: center">Semantic Personal Publishing Platform</p>
+<h2>First Things First</h2>
+<p>Welcome. WordPress is a very special project to me. Every developer and contributor adds something unique to the mix, and together we create something beautiful that I&#8217;m proud to be a part of. Thousands of hours have gone into WordPress, and we&#8217;re dedicated to making it better every day. Thank you for making it part of your world.</p>
+<p style="text-align: right">&#8212; Matt Mullenweg</p>
+<h2>Installation: Famous 5-minute install</h2>
+<ol>
+<li>Unzip the package in an empty directory and upload everything.</li>
+<li>Open <span class="file"><a href="wp-admin/install.php">wp-admin/install.php</a></span> in your browser. It will take you through the process to set up a <code>wp-config.php</code> file with your database connection details.
+<ol>
+<li>If for some reason this doesn&#8217;t work, don&#8217;t worry. It doesn&#8217;t work on all web hosts. Open up <code>wp-config-sample.php</code> with a text editor like WordPad or similar and fill in your database connection details.</li>
+<li>Save the file as <code>wp-config.php</code> and upload it.</li>
+<li>Open <span class="file"><a href="wp-admin/install.php">wp-admin/install.php</a></span> in your browser.</li>
+</ol>
+</li>
+<li>Once the configuration file is set up, the installer will set up the tables needed for your blog. If there is an error, double check your <code>wp-config.php</code> file, and try again. If it fails again, please go to the <a href="https://wordpress.org/support/" title="WordPress support">support forums</a> with as much data as you can gather.</li>
+<li><strong>If you did not enter a password, note the password given to you.</strong> If you did not provide a username, it will be <code>admin</code>.</li>
+<li>The installer should then send you to the <a href="wp-login.php">login page</a>. Sign in with the username and password you chose during the installation. If a password was generated for you, you can then click on &#8220;Profile&#8221; to change the password.</li>
+</ol>
+<h2>Updating</h2>
+<h3>Using the Automatic Updater</h3>
+<p>If you are updating from version 2.7 or higher, you can use the automatic updater:</p>
+<ol>
+<li>Open <span class="file"><a href="wp-admin/update-core.php">wp-admin/update-core.php</a></span> in your browser and follow the instructions.</li>
+<li>You wanted more, perhaps? That&#8217;s it!</li>
+</ol>
+<h3>Updating Manually</h3>
+<ol>
+<li>Before you update anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</li>
+<li>Delete your old WordPress files, saving ones you&#8217;ve modified.</li>
+<li>Upload the new files.</li>
+<li>Point your browser to <span class="file"><a href="wp-admin/upgrade.php">/wp-admin/upgrade.php</a>.</span></li>
+</ol>
+<h2>Migrating from other systems</h2>
+<p>WordPress can <a href="https://codex.wordpress.org/Importing_Content">import from a number of systems</a>. First you need to get WordPress installed and working as described above, before using <a href="wp-admin/import.php" title="Import to WordPress">our import tools</a>.</p>
+<h2>System Requirements</h2>
+<ul>
+<li><a href="http://php.net/">PHP</a> version <strong>5.2.4</strong> or higher.</li>
+<li><a href="http://www.mysql.com/">MySQL</a> version <strong>5.0</strong> or higher.</li>
+</ul>
+<h3>Recommendations</h3>
+<ul>
+<li><a href="http://php.net/">PHP</a> version <strong>5.6</strong> or higher.</li>
+<li><a href="http://www.mysql.com/">MySQL</a> version <strong>5.6</strong> or higher.</li>
+<li>The <a href="http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html">mod_rewrite</a> Apache module.</li>
+<li>A link to <a href="https://wordpress.org/">wordpress.org</a> on your site.</li>
+</ul>
+<h2>Online Resources</h2>
+<p>If you have any questions that aren&#8217;t addressed in this document, please take advantage of WordPress&#8217; numerous online resources:</p>
+<dl>
+<dt><a href="https://codex.wordpress.org/">The WordPress Codex</a></dt>
+<dd>The Codex is the encyclopedia of all things WordPress. It is the most comprehensive source of information for WordPress available.</dd>
+<dt><a href="https://wordpress.org/news/">The WordPress Blog</a></dt>
+<dd>This is where you&#8217;ll find the latest updates and news related to WordPress. Recent WordPress news appears in your administrative dashboard by default.</dd>
+<dt><a href="https://planet.wordpress.org/">WordPress Planet</a></dt>
+<dd>The WordPress Planet is a news aggregator that brings together posts from WordPress blogs around the web.</dd>
+<dt><a href="https://wordpress.org/support/">WordPress Support Forums</a></dt>
+<dd>If you&#8217;ve looked everywhere and still can&#8217;t find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible.</dd>
+<dt><a href="https://codex.wordpress.org/IRC">WordPress <abbr title="Internet Relay Chat">IRC</abbr> Channel</a></dt>
+<dd>There is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (<a href="irc://irc.freenode.net/wordpress">irc.freenode.net #wordpress</a>)</dd>
+</dl>
+<h2>Final Notes</h2>
+<ul>
+<li>If you have any suggestions, ideas, or comments, or if you (gasp!) found a bug, join us in the <a href="https://wordpress.org/support/">Support Forums</a>.</li>
+<li>WordPress has a robust plugin <abbr title="application programming interface">API</abbr> that makes extending the code easy. If you are a developer interested in utilizing this, see the <a href="https://codex.wordpress.org/Plugin_API" title="WordPress plugin API">plugin documentation in the Codex</a>. You shouldn&#8217;t modify any of the core code.</li>
+</ul>
+<h2>Share the Love</h2>
+<p>WordPress has no multi-million dollar marketing campaign or celebrity sponsors, but we do have something even better&#8212;you. If you enjoy WordPress please consider telling a friend, setting it up for someone less knowledgable than yourself, or writing the author of a media article that overlooks us.</p>
+<p>WordPress is the official continuation of <a href="http://cafelog.com/">b2/caf&#233;log</a>, which came from Michel V. The work has been continued by the <a href="https://wordpress.org/about/">WordPress developers</a>. If you would like to support WordPress, please consider <a href="https://wordpress.org/donate/" title="Donate to WordPress">donating</a>.</p>
+<h2>License</h2>
+<p>WordPress is free software, and is released under the terms of the <abbr title="GNU General Public License">GPL</abbr> version 2 or (at your option) any later version. See <a href="license.txt">license.txt</a>.</p>
+</body>
+</html>

data/test/test_cmd_util.rb

@@ -0,0 +1,35 @@
+require 'minitest/autorun'
+require './lib/yawast'
+require './test/base'
+
+class TestCommandUtils < Minitest::Test
+  include TestBase
+
+  def test_valid_url
+    args = ['http://www.apple.com']
+    uri = Yawast::Commands::Utils.extract_uri args
+    assert_equal uri.to_s, 'http://www.apple.com/'
+  end
+
+  def test_partial_url
+    args = ['www.apple.com']
+    uri = Yawast::Commands::Utils.extract_uri args
+    assert_equal uri.to_s, 'http://www.apple.com/'
+  end
+
+  def test_invalid_url
+    args = ['xxx:\invalid']
+
+    assert_raises URI::InvalidURIError do
+      Yawast::Commands::Utils.extract_uri args
+    end
+  end
+
+  def test_unresolvable_url
+    args = ['http://www.gjhgjhbmnbmnvgccf.com']
+
+    assert_raises ArgumentError do
+      Yawast::Commands::Utils.extract_uri args
+    end
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,5 @@
+require 'minitest/reporters'
+require 'coveralls'
+
+MiniTest::Reporters.use!
+Coveralls.wear!

data/test/test_object_presence.rb

@@ -0,0 +1,36 @@
+require 'minitest/autorun'
+require 'webrick'
+require './lib/yawast'
+require './test/base'
+
+class TestScannerApacheServerStatus < Minitest::Test
+  include TestBase
+
+  def test_readme_html_present
+    port = rand(60000) + 1024 # pick a random port number
+    server = start_web_server 'test/data/wordpress_readme_html.txt', 'readme.html', port
+
+    override_stdout
+    uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
+    Yawast::Scanner::ObjectPresence.check_readme_html uri
+
+    assert stdout_value.include?('\'/readme.html\' found:'), 'readme.html page warning not found'
+
+    server.exit
+    restore_stdout
+  end
+
+  def test_release_notes_txt_present
+    port = rand(60000) + 1024 # pick a random port number
+    server = start_web_server 'test/data/tomcat_release_notes.txt', 'RELEASE-NOTES.txt', port
+
+    override_stdout
+    uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
+    Yawast::Scanner::ObjectPresence.check_release_notes_txt uri
+
+    assert stdout_value.include?('\'/RELEASE-NOTES.txt\' found:'), 'RELEASE-NOTES.txt page warning not found'
+
+    server.exit
+    restore_stdout
+  end
+end

data/test/test_scan_apache_banner.rb

@@ -0,0 +1,58 @@
+require 'minitest/autorun'
+require './lib/yawast'
+require './test/base'
+
+class TestScannerApacheBanner < Minitest::Test
+  include TestBase
+
+  def test_apache_basic_banner_no_version
+    server = 'Apache'
+    override_stdout
+    Yawast::Scanner::Apache.check_banner server
+
+    assert stdout_value.include?("Apache Server: #{server}"), "Unexpected banner: #{stdout_value}"
+
+    restore_stdout
+  end
+
+  def test_apache_basic_banner
+    server = 'Apache/2.4.7'
+    override_stdout
+    Yawast::Scanner::Apache.check_banner server
+
+    assert stdout_value.include?("Apache Server: #{server}"), "Unexpected banner: #{stdout_value}"
+
+    restore_stdout
+  end
+
+  def test_apache_basic_banner_distro
+    server = 'Apache/2.4.7 (Ubuntu)'
+    override_stdout
+    Yawast::Scanner::Apache.check_banner server
+
+    assert stdout_value.include?("Apache Server: #{server}"), "Unexpected banner: #{stdout_value}"
+
+    restore_stdout
+  end
+
+  def test_apache_one_module
+    server = 'Apache/2.4.6 (FreeBSD) PHP/5.4.23'
+    override_stdout
+    Yawast::Scanner::Apache.check_banner server
+
+    assert stdout_value.include?('Apache Server: Module listing enabled'), 'Module listing missing'
+
+    restore_stdout
+  end
+
+  def test_apache_openssl_module
+    server = 'Apache/2.4.6 (FreeBSD) PHP/5.4.23 OpenSSL/0.9.8n'
+    override_stdout
+    Yawast::Scanner::Apache.check_banner server
+
+    assert stdout_value.include?('Apache Server: Module listing enabled'), 'Module listing missing'
+    assert stdout_value.include?('OpenSSL Version Disclosure'), 'OpenSSL version warning missing'
+
+    restore_stdout
+  end
+end

data/test/test_scan_apache_server_info.rb

@@ -0,0 +1,22 @@
+require 'minitest/autorun'
+require 'webrick'
+require './lib/yawast'
+require './test/base'
+
+class TestScannerApacheServerInfo < Minitest::Test
+  include TestBase
+
+  def test_server_info_present
+    port = rand(60000) + 1024 # pick a random port number
+    server = start_web_server 'test/data/apache_server_info.txt', 'server-info', port
+
+    override_stdout
+    uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
+    Yawast::Scanner::Apache.check_server_info uri
+
+    assert stdout_value.include?('Apache Server Info page found'), 'Apache Server Info page warning not found'
+
+    server.exit
+    restore_stdout
+  end
+end

data/test/test_scan_apache_server_status.rb

@@ -0,0 +1,22 @@
+require 'minitest/autorun'
+require 'webrick'
+require './lib/yawast'
+require './test/base'
+
+class TestScannerApacheServerStatus < Minitest::Test
+  include TestBase
+
+  def test_server_status_present
+    port = rand(60000) + 1024 # pick a random port number
+    server = start_web_server 'test/data/apache_server_status.txt', 'server-status', port
+
+    override_stdout
+    uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
+    Yawast::Scanner::Apache.check_server_status uri
+
+    assert stdout_value.include?('Apache Server Status page found'), 'Apache Server Status page warning not found'
+
+    server.exit
+    restore_stdout
+  end
+end

data/test/test_scan_cms.rb

@@ -0,0 +1,27 @@
+require 'minitest/autorun'
+require './lib/yawast'
+require './test/base'
+
+class TestScannerCms < Minitest::Test
+  include TestBase
+
+  def test_generator_tag_valid
+    body = File.read('test/data/cms_wordpress_body.txt')
+    override_stdout
+    Yawast::Scanner::Cms.get_generator body
+
+    assert stdout_value.include?('WordPress'), "Unexpected generator tag: #{stdout_value}"
+
+    restore_stdout
+  end
+
+  def test_generator_tag_invalid
+    body = File.read('test/data/cms_none_body.txt')
+    override_stdout
+    Yawast::Scanner::Cms.get_generator body
+
+    assert stdout_value == '', "Unexpected generator tag: #{stdout_value}"
+
+    restore_stdout
+  end
+end

data/test/test_scan_iis_headers.rb

@@ -0,0 +1,40 @@
+require 'minitest/autorun'
+require './lib/yawast'
+require './test/base'
+
+class TestScannerIisHeaders < Minitest::Test
+  include TestBase
+
+  def test_iis_basic_banner
+    server = 'Microsoft-IIS/8.5'
+
+    override_stdout
+    Yawast::Scanner::Iis.check_banner server
+
+    assert stdout_value.include?("IIS Version: #{server}"), "Unexpected banner: #{stdout_value}"
+
+    restore_stdout
+  end
+
+  def test_asp_version
+    headers = parse_headers_from_file 'test/data/iis_server_header.txt'
+
+    override_stdout
+    Yawast::Scanner::Iis.check_asp_banner headers
+
+    assert stdout_value.include?('ASP.NET Version'), 'ASP.NET Version warning not found.'
+
+    restore_stdout
+  end
+
+  def test_mvc_version
+    headers = parse_headers_from_file 'test/data/iis_server_header.txt'
+
+    override_stdout
+    Yawast::Scanner::Iis.check_mvc_version headers
+
+    assert stdout_value.include?('ASP.NET MVC Version'), 'ASP.NET MVC Version warning not found.'
+
+    restore_stdout
+  end
+end

data/test/test_scan_nginx_banner.rb

@@ -0,0 +1,18 @@
+require 'minitest/autorun'
+require './lib/yawast'
+require './test/base'
+
+class TestScannerNginxHeaders < Minitest::Test
+  include TestBase
+
+  def test_nginx_basic_banner
+    server = 'nginx/1.8.1'
+
+    override_stdout
+    Yawast::Scanner::Nginx.check_banner server
+
+    assert stdout_value.include?("nginx Version: #{server}"), "Unexpected banner: #{stdout_value}"
+
+    restore_stdout
+  end
+end

data/test/test_shared_http.rb

@@ -0,0 +1,40 @@
+require 'minitest/autorun'
+require './lib/yawast'
+require './test/base'
+
+class TestSharedHttp < Minitest::Test
+  include TestBase
+
+  def setup
+    @uri = URI::Parser.new.parse 'http://www.apple.com/library/test/success.html'
+  end
+
+  def test_get_apple_success
+    body = Yawast::Shared::Http.get @uri
+
+    assert body.include?('Success'), 'Failed to receive "Success" message from Apple.com'
+  end
+
+  def test_status_apple_success
+    status = Yawast::Shared::Http.get_status_code @uri
+
+    assert_equal status, '200'
+  end
+
+  def test_status_apple_failure
+    uri = @uri
+    uri.path += '.404'
+    status = Yawast::Shared::Http.get_status_code uri
+
+    assert_equal status, '404'
+  end
+
+  def test_head_apple_success
+    head = Yawast::Shared::Http.head @uri
+    head.each do |k, v|
+      if k.downcase == 'server'
+        assert_equal v, 'Apache'
+      end
+    end
+  end
+end

data/test/test_shared_util.rb

@@ -0,0 +1,44 @@
+require 'minitest/autorun'
+require './lib/yawast'
+require './test/base'
+require 'colorize'
+
+class TestSharedUtils < Minitest::Test
+  include TestBase
+
+  def test_puts_error
+    override_stdout
+
+    Yawast::Utilities.puts_error 'test'
+    assert_equal stdout_value, '[E]'.red + " test\n"
+
+    restore_stdout
+  end
+
+  def test_puts_vuln
+    override_stdout
+
+    Yawast::Utilities.puts_vuln 'test'
+    assert_equal stdout_value, '[V]'.magenta + " test\n"
+
+    restore_stdout
+  end
+
+  def test_puts_warn
+    override_stdout
+
+    Yawast::Utilities.puts_warn 'test'
+    assert_equal stdout_value, '[W]'.yellow + " test\n"
+
+    restore_stdout
+  end
+
+  def test_puts_info
+    override_stdout
+
+    Yawast::Utilities.puts_info 'test'
+    assert_equal stdout_value, '[I]'.green + " test\n"
+
+    restore_stdout
+  end
+end

data/test/test_string_ext.rb

@@ -0,0 +1,15 @@
+require 'minitest/autorun'
+require './lib/yawast'
+require './test/base'
+
+class TestStringExtensions < Minitest::Test
+  include TestBase
+
+  def test_valid_number
+    assert_equal '42'.is_number?, true
+  end
+
+  def test_invalid_number
+    assert_equal '4two'.is_number?, false
+  end
+end

data/test/test_yawast.rb

@@ -0,0 +1,17 @@
+require 'minitest/autorun'
+require './lib/yawast'
+require './test/base'
+
+class TestYawast < Minitest::Test
+  include TestBase
+
+  def test_header
+    override_stdout
+
+    Yawast.header
+    header = stdout_value
+    assert header.include?('Copyright'), 'Header not found'
+
+    restore_stdout
+  end
+end