Charging sales tax on groceries in states like Texas or California — where food sold for home consumption is exempt — is a regulatory compliance failure that overcharges customers and exposes the store to audit liability. IRS Publication 334 and state-level tax codes define categories of exempt goods (groceries, prescription drugs, clothing in some states, medical devices). When the product schema has no is_tax_exempt flag, the tax calculation applies the full rate to every line item, making exemption enforcement impossible without a code change for each new product type added to the catalog. CWE-682 applies: the calculation is incorrect for exempt products.
Critical because taxing exempt product categories violates state-specific sales tax rules, exposing the business to regulatory audit penalties and class-action refund claims from systematically overcharged customers.
Add a tax exemption flag to the product schema and reference it in lib/tax.ts:
-- Migration
ALTER TABLE products ADD COLUMN is_tax_exempt BOOLEAN NOT NULL DEFAULT FALSE;
// lib/tax.ts
function calculateTax(
items: OrderItem[],
address: Address
): number {
const taxableSubtotal = items.reduce((sum, item) => {
return sum + (item.is_tax_exempt ? 0 : item.price * item.quantity)
}, 0)
const rate = getTaxRate(address)
return Math.round(taxableSubtotal * rate)
}
Seed exempt products with is_tax_exempt = true during data entry and verify the calculation result is lower than the full-cart total for a cart that contains exempt items. Do not rely on product name pattern-matching to determine exemption — use the schema field.
ID: ecommerce-shipping-tax.tax-computation.exempt-products
Severity: critical
What to look for: Count the number of tax-exempt product indicators in the codebase: (1) is_tax_exempt boolean in the product database schema, (2) tax category/class field on products, (3) conditional exclusion logic in the tax calculation function. Enumerate which product types are exempt if found (groceries, prescriptions, clothing).
Pass criteria: The product schema includes at least 1 tax exemption field (boolean flag or tax category), and the tax calculation function conditionally excludes products with that flag from the taxable subtotal, reducing the tax amount when exempt items are in the cart.
Fail criteria: No tax exemption field exists on the product model, or the field exists but the tax calculation applies tax to all products uniformly without checking it. Do not pass when an is_tax_exempt column exists in the schema but the tax calculation never references it.
Skip (N/A) when: All products in the catalog are taxable (search the product schema and seed data for tax exemption fields; if no exemption concept exists and all products are of a single taxable type, skip).
Detail on fail: "Product schema has no tax exemption field. Tax calculated on full cart subtotal including 3 grocery items that should be exempt." or "is_tax_exempt column exists but tax calculation at lib/tax.ts:24 ignores it — taxes all items equally."
Remediation: Add tax-exempt product support in the product schema and lib/tax.ts:
// Database schema
CREATE TABLE products (
id UUID PRIMARY KEY,
name TEXT,
price INT, -- in cents
is_tax_exempt BOOLEAN DEFAULT FALSE
)
// Tax calculation
function calculateTax(items: OrderItem[], address: Address): number {
const taxableSubtotal = items.reduce((sum, item) => {
return sum + (item.is_tax_exempt ? 0 : item.price * item.quantity)
}, 0)
const rate = getTaxRate(address)
return Math.round(taxableSubtotal * rate)
}