From 42e6c2356b02476c23f183fe3ef1961a2cb2fcf3 Mon Sep 17 00:00:00 2001
From: Aaditya Jaiswal <aaditya.jaiswal@softude.com>
Date: Tue, 31 Mar 2026 19:38:13 +0530
Subject: [PATCH] VAPT done

---
 src/services/form16.service.ts | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/services/form16.service.ts b/src/services/form16.service.ts
index e52d946..215f912 100644
--- a/src/services/form16.service.ts
+++ b/src/services/form16.service.ts
@@ -2624,6 +2624,26 @@ export function parse26asTxtFile(buffer: Buffer): { rows: any[]; errors: string[
   const errors: string[] = [];
   if (rawLines.length === 0) return { rows: [], errors };
 
+  // Lightweight, non-blocking sanity logging – detect obviously suspicious uploads without rejecting them.
+  try {
+    const totalLines = rawLines.length;
+    const sampleLines = rawLines.slice(0, Math.min(200, totalLines));
+    const caretLines = sampleLines.filter((l) => (l.match(/\^/g) || []).length >= 5).length;
+    const hasDatePattern = sampleLines.some((l) => /\b\d{1,2}-[A-Za-z]{3}-\d{4}\b/.test(l));
+    const hasTanLike = sampleLines.some((l) => /\b[A-Z]{4}[A-Z0-9]{5}[A-Z]\b/i.test(l));
+    const suspicious =
+      totalLines < 5 ||
+      (caretLines === 0 && !hasDatePattern && !hasTanLike);
+    if (suspicious) {
+      logger.warn(
+        '[Form16] 26AS TXT upload appears suspicious (non-blocking): ' +
+          `lines=${totalLines}, caretLines=${caretLines}, hasDatePattern=${hasDatePattern}, hasTanLike=${hasTanLike}`
+      );
+    }
+  } catch {
+    // Never block parsing due to logging issues
+  }
+
   const firstLine = rawLines[0];
   let delimiter = detectDelimiter(firstLine);
   if (delimiter !== '^') {