是什么原因导致代码块右侧出现大量空白?

是什么原因导致代码块右侧出现大量空白?

我试图将代码块尽可能对称地填充到几乎所有页面上,但页面上的常规文本和代码块位置有些不对: 在此处输入图片描述

我的代码片段:

\documentclass[12pt]{article}
\usepackage{graphicx}
\usepackage{subcaption}
\usepackage{xcolor}
\usepackage{listings}
\usepackage[a4paper, hmargin=2cm, right=2cm]{geometry}

.
.
.

\lstdefinestyle{mitigation}{
  backgroundcolor=\color{mitigationbackground},
  basicstyle=\ttfamily\color{mitigationcolor},
  keywordstyle=\color{mitigationkeyword},
  commentstyle=\color{mytitlecolor},
  numbers=none,
  breaklines=true,
  breakatwhitespace=true,
  showstringspaces=false,
  frame=lines,
  rulecolor=\color{mitigationcolor},
  framesep=8pt,
  xleftmargin=8pt,
  framexleftmargin=8pt,
  belowcaptionskip=1\baselineskip,
  aboveskip=1\baselineskip,
  lineskip=-1pt, % Adjust this value to control line spacing
  escapeinside={(*}{*)}, % Add this line for line breaks in code
}

\lstdefinestyle{mystyle}{
  backgroundcolor=\color{mycodebackground},
  basicstyle=\ttfamily\color{mycodecolor},
  keywordstyle=\color{myprotectedcolor},
  commentstyle=\color{mytitlecolor},
  numbers=none,
  breaklines=true,
  breakatwhitespace=true,
  showstringspaces=false,
  frame=lines,
  rulecolor=\color{mycodecolor},
  framesep=8pt,
  xleftmargin=8pt,
  framexleftmargin=8pt,
  belowcaptionskip=1\baselineskip,
  aboveskip=1\baselineskip,
  lineskip=-1pt, % Adjust this value to control line spacing
  escapeinside={(*}{*)}, % Add this line for line breaks in code
}

.
.
.

The code snippet below illustrates a potential File Inclusion vulnerability:
\lstset{style=mystyle}
\begin{lstlisting}[language=Java, label=java-code3, linewidth=0.9\linewidth]
public class FileHandler {
    public String readFile(String fileName) {
        String filePath = "/path/to/files/" + fileName;
        try (BufferedReader br = new BufferedReader(new FileReader(filePath))) {
            StringBuilder content = new StringBuilder();
            String line;
            while ((line = br.readLine()) != null) {
            content.append(line);
        }
        return content.toString();
        } catch (IOException e) {
        // Handle exception
        }
    return null;
    }
}
\end{lstlisting}

In this example, the 'fileName' parameter is directly concatenated into the 'filePath string without proper validation. An attacker could manipulate the 'fileName' parameterto include files outside of the intended directory, leading to unauthorized access t\\ sensitive system files.

Mitigation:
\lstset{style=mitigation}
\begin{lstlisting}[language=Java, label=java-code4, linewidth=0.9\linewidth]
public class FileHandler {
private static final String BASE_PATH = "/path/to/files/";

public String readFile(String fileName) {
    if (!isValidFileName(fileName)) {
        // Handle invalid file name
        return null;
    }

    String filePath = BASE_PATH + fileName;
    try (BufferedReader br = new BufferedReader(new FileReader(filePath))) {
        StringBuilder content = new StringBuilder();
        String line;
        while ((line = br.readLine()) != null) {
            content.append(line);
        }
        return content.toString();
    } catch (IOException e) {
        // Handle exception
    }
    return null;
}

private boolean isValidFileName(String fileName) {
    // Implement validation logic for file name
}

}
\end{lstlisting}

PS:由于这只是为了学习用 LaTeX 准备报告,实际代码、漏洞或缓解措施并不重要。

相关内容