Implement stripe sdk appsec events

[estringana]

Description

Implements RFC-1072 Automated Payment Events for Stripe integration. Adds instrumentation for payment creation methods and webhook event processing to automatically detect and tag payment transactions for AppSec monitoring.

Changes

Instrumented Methods:

1. \Stripe\Service\Checkout\SessionService::create() / \Stripe\Checkout\Session::create() (payment mode only)
2. \Stripe\Service\PaymentIntentService::create() / \Stripe\PaymentIntent::create()
3. \Stripe\Webhook::constructEvent() (webhook processing)
4. \Stripe\Event::constructFrom() (webhook processing)

Event Types:

• Payment creation (checkout sessions, payment intents)
• Payment success (payment_intent.succeeded)
• Payment failure (payment_intent.payment_failed)
• Payment cancellation (payment_intent.canceled)

Reviewer checklist

• Test coverage seems ok.
• Appropriate labels assigned.

[datadog-datadog-prod-us1]

⚠️ Tests

✨ Fix all issues with BitsAI or with Cursor

⚠️ Warnings

❄️ 8 New flaky tests detected

    testCheckoutSessionCreateDirectMethod from tests/Integrations/Stripe/Latest.DDTrace\Tests\Integrations\Stripe\StripeTest     (Fix with Cursor)

    testCheckoutSessionCreateDirectMethodNonPaymentMode from tests/Integrations/Stripe/Latest.DDTrace\Tests\Integrations\Stripe\StripeTest     (Fix with Cursor)

    testPaymentCancellationWebhook from tests/Integrations/Stripe/Latest.DDTrace\Tests\Integrations\Stripe\StripeTest     (Fix with Cursor)

View all

🧪 13 Tests failed

testSearchPhpBinaries from integration.DDTrace\Tests\Integration\PHPInstallerTest     (Fix with Cursor)

Risky Test
phpvfscomposer://tests/vendor/phpunit/phpunit/phpunit:60

testSimplePushAndProcess from laravel-58-test.DDTrace\Tests\Integrations\Laravel\V5_8\QueueTest     (Fix with Cursor)

DDTrace\Tests\Integrations\Laravel\V5_8\QueueTest::testSimplePushAndProcess
Test code or tested code printed unexpected output: spanLinksTraceId: 69c3ac96000000002f77cf6b4f2bf2a0
tid: 69c3ac9600000000
hexProcessTraceId: 2f77cf6b4f2bf2a0
hexProcessSpanId: a520170c1ce7c520
processTraceId: 3420430501807911584
processSpanId: 11898535556304848160

phpvfscomposer://tests/vendor/phpunit/phpunit/phpunit:106

testSimplePushAndProcess from laravel-8x-test.DDTrace\Tests\Integrations\Laravel\V8_x\QueueTest     (Fix with Cursor)

DDTrace\Tests\Integrations\Laravel\V8_x\QueueTest::testSimplePushAndProcess
Test code or tested code printed unexpected output: spanLinksTraceId: 69c3ac6c0000000081c31f84f61b3798
tid: 69c3ac6c00000000
hexProcessTraceId: 81c31f84f61b3798
hexProcessSpanId: 375caead8baef396
processTraceId: 9350351907276404632
processSpanId: 3989255430339490710

View all

ℹ️ Info

🎯 Code Coverage (details)
• Patch Coverage: 100.00%
• Overall Coverage: 60.66% (+0.03%)

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: a21e69d | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.79%. Comparing base (a1bb038) to head (a21e69d).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3681      +/-   ##
==========================================
- Coverage   68.81%   68.79%   -0.02%     
==========================================
  Files         166      166              
  Lines       19030    19030              
  Branches     1797     1797              
==========================================
- Hits        13095    13092       -3     
- Misses       5121     5125       +4     
+ Partials      814      813       -1     

Flag	Coverage Δ
helper-rust-integration	78.82% <ø> (-0.03%)	⬇️
helper-rust-unit	49.36% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 2 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a1bb038...a21e69d. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[pr-commenter]

Benchmarks [ tracer ]

Benchmark execution time: 2026-03-25 10:45:01

Comparing candidate commit a21e69d in PR branch estringana/implement-stripe-events with baseline commit a1bb038 in branch master.

Found 0 performance improvements and 2 performance regressions! Performance is the same for 192 metrics, 0 unstable metrics.

scenario:MessagePackSerializationBench/benchMessagePackSerialization

• 🟥 execution_time [+5.283µs; +6.857µs] or [+5.175%; +6.716%]

scenario:MessagePackSerializationBench/benchMessagePackSerialization-opcache

• 🟥 execution_time [+3.338µs; +4.142µs] or [+3.170%; +3.935%]

[cataphract]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 39402efe4d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[cataphract]

Looks good. You could however add a test that loads past events and make sure nothing is triggered