Issue Cause:
As recommended by Burpsuite security scan, we initially validate the file extension. Since file extensions can be easily altered, and it may not effectively block potentially harmful files.
To overcome this, we also validate uploaded files by checking their file extension signature to see if it matches the signature of an executable file (MZ). But csv or txt file doesn't have extension signature, hence we are using the content of the file to validate it.
If an uploaded CSV file begins with the characters 'M' or 'Z' in its first two characters, the validation identifies it as an executable file, leading to the rejection of the file.
Issue Resolution:
1. Upload CSV files in UTF-8 format, as they have a different file extension signature and won't be identified as an executable file.
2. Ensure that CSV files uploaded have their first two characters different from 'M' and 'Z' to avoid false rejection.