Implement stripe sdk appsec events

[estringana]

Description

Implements RFC-1072 Automated Payment Events for Stripe integration. Adds instrumentation for payment creation methods and webhook event processing to automatically detect and tag payment transactions for AppSec monitoring.

Changes

Instrumented Methods:

1. \Stripe\Service\Checkout\SessionService::create() / \Stripe\Checkout\Session::create() (payment mode only)
2. \Stripe\Service\PaymentIntentService::create() / \Stripe\PaymentIntent::create()
3. \Stripe\Webhook::constructEvent() (webhook processing)
4. \Stripe\Event::constructFrom() (webhook processing)

Event Types:

• Payment creation (checkout sessions, payment intents)
• Payment success (payment_intent.succeeded)
• Payment failure (payment_intent.payment_failed)
• Payment cancellation (payment_intent.canceled)

Reviewer checklist

• Test coverage seems ok.
• Appropriate labels assigned.

[datadog-datadog-prod-us1]

⚠️ Tests

✨ Fix all issues with BitsAI or with Cursor

⚠️ Warnings

❄️ 8 New flaky tests detected

    testCheckoutSessionCreateDirectMethod from tests/Integrations/Stripe/Latest.DDTrace\Tests\Integrations\Stripe\StripeTest (Datadog) (Fix with Cursor)

    testCheckoutSessionCreateDirectMethodNonPaymentMode from tests/Integrations/Stripe/Latest.DDTrace\Tests\Integrations\Stripe\StripeTest (Datadog) (Fix with Cursor)

    testPaymentCancellationWebhook from tests/Integrations/Stripe/Latest.DDTrace\Tests\Integrations\Stripe\StripeTest (Datadog) (Fix with Cursor)

View all

🧪 1028 Tests failed

testSearchPhpBinaries from integration.DDTrace\Tests\Integration\PHPInstallerTest (Datadog) (Fix with Cursor)

DDTrace\Tests\Integration\PHPInstallerTest::testSearchPhpBinaries
Test code or tested code printed unexpected output: Searching for available php binaries, this operation might take a while.

testSimplePushAndProcess from laravel-58-test.DDTrace\Tests\Integrations\Laravel\V5_8\QueueTest (Datadog) (Fix with Cursor)

DDTrace\Tests\Integrations\Laravel\V5_8\QueueTest::testSimplePushAndProcess
Test code or tested code printed unexpected output: spanLinksTraceId: 69b2adf8000000002c2566a847c1e3d5
tid: 69b2adf800000000
hexProcessTraceId: 2c2566a847c1e3d5
hexProcessSpanId: 0b00365b8fab4bbd
processTraceId: 3181061584751551445
processSpanId: 792693301297499069

phpvfscomposer://tests/vendor/phpunit/phpunit/phpunit:106

testSimplePushAndProcess from laravel-8x-test.DDTrace\Tests\Integrations\Laravel\V8_x\QueueTest (Datadog) (Fix with Cursor)

DDTrace\Tests\Integrations\Laravel\V8_x\QueueTest::testSimplePushAndProcess
Test code or tested code printed unexpected output: spanLinksTraceId: 69b2ae5100000000de13888061cfe5ae
tid: 69b2ae5100000000
hexProcessTraceId: de13888061cfe5ae
hexProcessSpanId: 1bfcac203b6ad3b8
processTraceId: 16002283985955710382
processSpanId: 2016675987590927288

View all

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: dcea7a1 | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.56%. Comparing base (8cd0131) to head (dcea7a1).
⚠️ Report is 19 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3681      +/-   ##
==========================================
+ Coverage   62.22%   70.56%   +8.34%     
==========================================
  Files         141       39     -102     
  Lines       13352     7474    -5878     
  Branches     1746     1167     -579     
==========================================
- Hits         8308     5274    -3034     
+ Misses       4253     1646    -2607     
+ Partials      791      554     -237     

see 102 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8cd0131...dcea7a1. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[pr-commenter]

Benchmarks [ tracer ]

Benchmark execution time: 2026-03-06 17:34:57

Comparing candidate commit a061638 in PR branch estringana/implement-stripe-events with baseline commit 8cd0131 in branch master.

Found 2 performance improvements and 1 performance regressions! Performance is the same for 191 metrics, 0 unstable metrics.

scenario:ComposerTelemetryBench/benchTelemetryParsing

• 🟩 execution_time [-1357.325ns; -442.675ns] or [-11.906%; -3.883%]

scenario:ComposerTelemetryBench/benchTelemetryParsing-opcache

• 🟩 execution_time [-1.662µs; -0.738µs] or [-11.957%; -5.310%]

scenario:EmptyFileBench/benchEmptyFileDdprof

• 🟥 execution_time [+88.517µs; +313.643µs] or [+2.310%; +8.186%]

[cataphract]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 39402efe4d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[cataphract]

Looks good. You could however add a test that loads past events and make sure nothing is triggered