## Code Review Loop Pro™ — Output **Injection check:** No injection signals detected in CODE_INPUT. ### REVIEW HEADER ``` Language: Python Change type: Bugfix Lines reviewed: 4 (of 4 — full function reviewed) Categories active: CORRECTNESS, SECURITY, TEST COVERAGE (excluded by SCOPE_LIMIT: PERFORMANCE, MAINTAINABILITY, CONVENTION) ``` ### COVERAGE SCORE ``` CORRECTNESS [██████████] 4 signals checked | 2 findings SECURITY [██████████] 2 signals checked | 0 findings TEST COVERAGE [██████████] 1 signal checked | 2 findings SIGNAL DENSITY: 50.0 CRITICAL+HIGH findings per 100 lines [██████████] (inflated by tiny file size — interpret with that caveat, not as a literal density comparable to larger diffs) ``` ### FINDINGS ``` ────────────────────────────────────────────────────── FINDING #1 | CAT: 1 | SEVERITY: HIGH Location: line 3 — `return price - (price * discount / 100)` Issue: Negative discount values are not validated. discount=-50 produces price + 0.5*price (a price INCREASE), not a rejection. This is the same class of bug the stated fix addresses (invalid discount → incorrect pricing) but for the unhandled negative side of the domain. Fix: Add an explicit lower-bound guard, e.g.: if discount < 0: raise ValueError("discount must be >= 0") or clamp: discount = max(0, discount) Dependency: INDEPENDENT ────────────────────────────────────────────────────── FINDING #2 | CAT: 1 | SEVERITY: MEDIUM Location: line 2 — `if discount > 100: return price` Issue: For discount > 100, the function silently returns the full, undiscounted price rather than clamping to 100% off (price=0) or raising an error. This avoids the negative-price bug, but the choice to silently no-op on clearly invalid input is a business-logic assumption that isn't confirmed by CONTEXT — it could mask a bug further upstream that generated discount > 100 in the first place. Fix: Confirm intended behavior with product/checkout owner: (a) raise ValueError on discount > 100, or (b) explicitly clamp: discount = min(discount, 100) then proceed to the calculation, rather than an early return that bypasses the calculation entirely. Dependency: INDEPENDENT Tag: [CONTEXT-UNCONF] — correct business behavior for >100% discount is asserted by the fix's framing, not confirmed. ────────────────────────────────────────────────────── FINDING #3 | CAT: 6 | SEVERITY: HIGH Location: Function as a whole — no test file/cases included in CODE_INPUT. Issue: This is a bugfix specifically targeting incorrect pricing behavior, yet no test verifies discount=100, discount=101 (the bug being fixed), or discount=0. The fix path itself is untested. Fix: Add unit tests at minimum for: calculate_discount(100, 0) == 100 calculate_discount(100, 50) == 50 calculate_discount(100, 100) == 0 calculate_discount(100, 101) == [expected per Finding #2 resolution] Dependency: DEPENDS ON #2 (expected value for discount>100 case isn't fixed until the business behavior in #2 is confirmed) ────────────────────────────────────────────────────── FINDING #4 | CAT: 6 | SEVERITY: MEDIUM Location: Function as a whole — no test for negative discount path. Issue: No test covers discount < 0, the edge case identified in Finding #1. Fix: Add: calculate_discount(100, -10) == [expected per Finding #1 resolution, e.g. raises ValueError] Dependency: DEPENDS ON #1 ────────────────────────────────────────────────────── ``` ### CATEGORY SUMMARY ``` CAT-1 CORRECTNESS: 2 findings — missing negative-discount guard (HIGH); unconfirmed behavior for >100% discount (MEDIUM) CAT-2 SECURITY: 0 findings — CLEARED. Reviewed: no external input parsing, no injection surface, no sensitive data exposure — function is pure arithmetic on two numeric arguments. CAT-6 TEST COVERAGE: 2 findings — no tests for primary fix path (HIGH); no test for negative-discount edge case (MEDIUM) ``` ### FIX ORDER (from dependency map) ``` STEP 1: Finding #1 — HIGH, INDEPENDENT — fix negative discount handling first STEP 2: Finding #2 — MEDIUM, INDEPENDENT — confirm/implement >100% behavior (sequenced here because #3 and #4 depend on the decisions in #1/#2) STEP 3: Finding #3 — HIGH, DEPENDS ON #2 — write primary-path tests STEP 4: Finding #4 — MEDIUM, DEPENDS ON #1 — write negative-discount test DEFERRED: none ``` ### VERDICT ``` CONDITIONAL ████████░░░░ HIGH findings present — fix before merge VERDICT: CONDITIONAL Basis: 0 CRITICAL, 2 HIGH, 2 MEDIUM, 0 LOW findings. No compound risk detected — the two root causes (unhandled negative input, unconfirmed >100% behavior) are independent but both gate the test-coverage findings. ``` ### RESIDUAL SCOPE This review covers only the supplied function and was scoped to correctness, security, and test coverage per SCOPE_LIMIT — maintainability, performance, and convention (PEP 8/Ruff/Black) were **not** checked despite CONVENTIONS being supplied, since the exclusion takes precedence. It does not cover behavior under the actual checkout system's call sites, currency/rounding precision requirements, or whether `price`/`discount` types are validated upstream. A CONDITIONAL verdict means: fix Findings #1 and #2 (confirm the >100% behavior with whoever owns checkout pricing logic) and add the corresponding tests before merging to main.