DataDog · estringana · Mar 3, 2026
@@ -298,7 +298,7 @@ manifest:
   tests/appsec/test_automated_login_events.py::Test_V3_Login_Events_Anon::test_login_wrong_user_failure_basic: missing_feature (Basic auth not implemented)
   tests/appsec/test_automated_login_events.py::Test_V3_Login_Events_Blocking: v1.8.0
   tests/appsec/test_automated_login_events.py::Test_V3_Login_Events_RC: v1.8.0
-  tests/appsec/test_automated_payment_events.py: missing_feature
+  tests/appsec/test_automated_payment_events.py: v1.17.0-dev
   tests/appsec/test_automated_user_and_session_tracking.py::Test_Automated_Session_Blocking: missing_feature
   tests/appsec/test_automated_user_and_session_tracking.py::Test_Automated_User_Blocking: v1.8.0
   tests/appsec/test_automated_user_and_session_tracking.py::Test_Automated_User_Tracking: v1.8.0

@@ -27,6 +27,9 @@
         RewriteRule "^/load_dependency$" "/load_dependency/"
         RewriteRule "^/signup$" "/signup/"
         RewriteRule "^/shell_execution$" "/shell_execution/"
+        RewriteRule "^/stripe/create_checkout_session$" "/stripe_create_checkout_session.php" [L]
+        RewriteRule "^/stripe/create_payment_intent$" "/stripe_create_payment_intent.php" [L]
+        RewriteRule "^/stripe/webhook$" "/stripe_webhook.php" [L]
         RewriteCond /var/www/html/%{REQUEST_URI} !-f
         RewriteRule "^/rasp/(.*)" "/rasp/$1.php" [L]
         RewriteRule "^/api_security.sampling/.*" "/api_security_sampling.php$0" [L]

@@ -3,7 +3,8 @@
     "type": "project",
     "require": {
         "weblog/acme": "*",
-        "monolog/monolog": "*"
+        "monolog/monolog": "*",
+        "stripe/stripe-php": "^10.0"
     },
     "repositories": [
         {

@@ -0,0 +1,31 @@
+<?php
+
+require_once '/var/www/html/vendor/autoload.php';
+
+header('Content-Type: application/json');
+
+try {
+    // Configure Stripe client
+    \Stripe\Stripe::setApiKey('sk_FAKE');
+    \Stripe\Stripe::$apiBase = 'http://internal_server:8089';
+
+    // Get JSON request body
+    $input = file_get_contents('php://input');
+    $data = json_decode($input, true);
+
+    if (json_last_error() !== JSON_ERROR_NONE) {
+        throw new Exception('Invalid JSON: ' . json_last_error_msg());
+    }
+
+    // Create checkout session with the request body data
+    $result = \Stripe\Checkout\Session::create($data);
+
+    // Return the result as JSON
+    echo json_encode($result);
+} catch (\Stripe\Exception\ApiErrorException $e) {
+    http_response_code(500);
+    echo json_encode(['error' => $e->getMessage()]);
+} catch (Exception $e) {
+    http_response_code(500);
+    echo json_encode(['error' => $e->getMessage()]);
+}
@@ -0,0 +1,31 @@
+<?php
+
+require_once '/var/www/html/vendor/autoload.php';
+
+header('Content-Type: application/json');
+
+try {
+    // Configure Stripe client
+    \Stripe\Stripe::setApiKey('sk_FAKE');
+    \Stripe\Stripe::$apiBase = 'http://internal_server:8089';
+
+    // Get JSON request body
+    $input = file_get_contents('php://input');
+    $data = json_decode($input, true);
+
+    if (json_last_error() !== JSON_ERROR_NONE) {
+        throw new Exception('Invalid JSON: ' . json_last_error_msg());
+    }
+
+    // Create payment intent with the request body data
+    $result = \Stripe\PaymentIntent::create($data);
+
+    // Return the result as JSON
+    echo json_encode($result);
+} catch (\Stripe\Exception\ApiErrorException $e) {
+    http_response_code(500);
+    echo json_encode(['error' => $e->getMessage()]);
+} catch (Exception $e) {
+    http_response_code(500);
+    echo json_encode(['error' => $e->getMessage()]);
+}
@@ -0,0 +1,36 @@
+<?php
+
+require_once '/var/www/html/vendor/autoload.php';
+
+header('Content-Type: application/json');
+
+try {
+    // Configure Stripe client
+    \Stripe\Stripe::setApiKey('sk_FAKE');
+    \Stripe\Stripe::$apiBase = 'http://internal_server:8089';
+
+    // Get raw request body
+    $payload = file_get_contents('php://input');
+
+    // Get Stripe signature from header
+    $sigHeader = $_SERVER['HTTP_STRIPE_SIGNATURE'] ?? '';
+
+    // Webhook secret
+    $webhookSecret = 'whsec_FAKE';
+
+    // Construct and verify the event
+    $event = \Stripe\Webhook::constructEvent(
+        $payload,
+        $sigHeader,
+        $webhookSecret
+    );
+
+    // Return the event.data.object as JSON
+    echo json_encode($event->data->object);
+} catch (\Stripe\Exception\SignatureVerificationException $e) {
+    http_response_code(403);
+    echo json_encode(['error' => $e->getMessage()]);
+} catch (Exception $e) {
+    http_response_code(403);
+    echo json_encode(['error' => $e->getMessage()]);
+}
@@ -42,6 +42,9 @@
         RewriteRule "^/load_dependency$" "/load_dependency/"
         RewriteRule "^/signup$" "/signup/"
         RewriteRule "^/shell_execution$" "/shell_execution/"
+        RewriteRule "^/stripe/create_checkout_session$" "/stripe_create_checkout_session.php" [L]
+        RewriteRule "^/stripe/create_payment_intent$" "/stripe_create_payment_intent.php" [L]
+        RewriteRule "^/stripe/webhook$" "/stripe_webhook.php" [L]
         RewriteRule "^/rasp/(.*)" "/rasp/$1.php" [L]
         RewriteRule "^/debugger$" "/debugger/"
         RewriteCond /var/www/html/%{REQUEST_URI} !-f