DataDog
diff --git a/‎.github/workflows/appsec.yml‎
Lines changed: 18 additions & 0 deletions b/‎.github/workflows/appsec.yml‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎packages/datadog-instrumentations/src/helpers/hooks.js‎
Lines changed: 1 addition & 0 deletions b/‎packages/datadog-instrumentations/src/helpers/hooks.js‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎packages/datadog-instrumentations/src/stripe.js‎
Lines changed: 92 additions & 0 deletions b/‎packages/datadog-instrumentations/src/stripe.js‎
Lines changed: 92 additions & 0 deletions
diff --git a/‎packages/dd-trace/src/appsec/addresses.js‎
Lines changed: 5 additions & 0 deletions b/‎packages/dd-trace/src/appsec/addresses.js‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/dd-trace/src/appsec/channels.js‎
Lines changed: 4 additions & 1 deletion b/‎packages/dd-trace/src/appsec/channels.js‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎packages/dd-trace/src/appsec/index.js‎
Lines changed: 103 additions & 0 deletions b/‎packages/dd-trace/src/appsec/index.js‎
Lines changed: 103 additions & 0 deletions
@@ -514,3 +514,21 @@ jobs:
         with:
           api_key: ${{ secrets.DD_API_KEY }}
           service: dd-trace-js-tests
+
+  stripe:
+    runs-on: ubuntu-latest
+    env:
+      PLUGINS: stripe
+    steps:
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: ./.github/actions/node/oldest-maintenance-lts
+      - uses: ./.github/actions/install
+      - run: yarn test:appsec:plugins:ci
+      - uses: ./.github/actions/node/latest
+      - run: yarn test:appsec:plugins:ci
+      - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+      - uses: DataDog/junit-upload-github-action@762867566348d59ac9bcf479ebb4ec040db8940a  # v2.0.0
+        if: always() && github.actor != 'dependabot[bot]'
+        with:
+          api_key: ${{ secrets.DD_API_KEY }}
+          service: dd-trace-js-tests
@@ -136,6 +136,7 @@ module.exports = {
   'selenium-webdriver': () => require('../selenium'),
   sequelize: () => require('../sequelize'),
   sharedb: () => require('../sharedb'),
+  stripe: () => require('../stripe'),
   tedious: () => require('../tedious'),
   tinypool: { esmFirst: true, fn: () => require('../vitest') },
   undici: () => require('../undici'),
 
@@ -0,0 +1,92 @@
+'use strict'
+
+const shimmer = require('../../datadog-shimmer')
+const { channel, addHook } = require('./helpers/instrument')
+
+const checkoutSessionCreateFinishCh = channel('datadog:stripe:checkoutSession:create:finish')
+const paymentIntentCreateFinishCh = channel('datadog:stripe:paymentIntent:create:finish')
+const constructEventFinishCh = channel('datadog:stripe:constructEvent:finish')
+
+function wrapSessionCreate (create) {
+  return function wrappedSessionCreate () {
+    const promise = create.apply(this, arguments)
+
+    if (!checkoutSessionCreateFinishCh.hasSubscribers) return promise
+
+    return promise.then((result) => {
+      checkoutSessionCreateFinishCh.publish(result)
+      return result
+    })
+  }
+}
+
+function wrapPaymentIntentCreate (create) {
+  return function wrappedPaymentIntentCreate () {
+    const promise = create.apply(this, arguments)
+
+    if (!paymentIntentCreateFinishCh.hasSubscribers) return promise
+
+    return promise.then((result) => {
+      paymentIntentCreateFinishCh.publish(result)
+      return result
+    })
+  }
+}
+
+function wrapConstructEvent (constructEvent) {
+  return function wrappedConstructEvent () {
+    const result = constructEvent.apply(this, arguments)
+
+    // no need to check for hasSubscribers,
+    // if it's false, the publish function will be noop
+    constructEventFinishCh.publish(result)
+
+    return result
+  }
+}
+
+function wrapConstructEventAsync (constructEventAsync) {
+  return function wrappedConstructEventAsync () {
+    const promise = constructEventAsync.apply(this, arguments)
+
+    if (!constructEventFinishCh.hasSubscribers) return promise
+
+    return promise.then((result) => {
+      constructEventFinishCh.publish(result)
+      return result
+    })
+  }
+}
+
+function wrapStripe (Stripe) {
+  return function wrappedStripe () {
+    let stripe = Stripe.apply(this, arguments)
+
+    // to support both with and without "new" operator syntax
+    if (this instanceof Stripe) {
+      stripe = this
+    }
+
+    if (typeof stripe.checkout?.sessions?.create === 'function') {
+      shimmer.wrap(stripe.checkout.sessions, 'create', wrapSessionCreate)
+    }
+    if (typeof stripe.paymentIntents?.create === 'function') {
+      shimmer.wrap(stripe.paymentIntents, 'create', wrapPaymentIntentCreate)
+    }
+    if (typeof stripe.webhooks?.constructEvent === 'function') {
+      shimmer.wrap(stripe.webhooks, 'constructEvent', wrapConstructEvent)
+    }
+    if (typeof stripe.webhooks?.constructEventAsync === 'function') {
+      shimmer.wrap(stripe.webhooks, 'constructEventAsync', wrapConstructEventAsync)
+    }
+
+    return stripe
+  }
+}
+
+addHook({
+  name: 'stripe',
+  versions: ['9', '10', '11', '12', '13', '14', '15', '16', '17', '18', '19', '>=20.0.0'],
+}, Stripe => {
+  return shimmer.wrapFunction(Stripe, wrapStripe)
+})
@@ -43,4 +43,9 @@ module.exports = {
 
   LOGIN_SUCCESS: 'server.business_logic.users.login.success',
   LOGIN_FAILURE: 'server.business_logic.users.login.failure',
+
+  PAYMENT_CREATION: 'server.business_logic.payment.creation',
+  PAYMENT_SUCCESS: 'server.business_logic.payment.success',
+  PAYMENT_FAILURE: 'server.business_logic.payment.failure',
+  PAYMENT_CANCELLATION: 'server.business_logic.payment.cancellation',
 }
@@ -38,10 +38,13 @@ module.exports = {
   responseBody: dc.channel('datadog:express:response:json:start'),
   responseSetHeader: dc.channel('datadog:http:server:response:set-header:start'),
   responseWriteHead: dc.channel('apm:http:server:response:writeHead:start'),
-  routerParam: dc.channel('datadog:router:param:start'),
   routerMiddlewareError: dc.channel('apm:router:middleware:error'),
+  routerParam: dc.channel('datadog:router:param:start'),
   setCookieChannel: dc.channel('datadog:iast:set-cookie'),
   setUncaughtExceptionCaptureCallbackStart: dc.channel('datadog:process:setUncaughtExceptionCaptureCallback:start'),
   startGraphqlResolve: dc.channel('datadog:graphql:resolver:start'),
+  stripeCheckoutSessionCreate: dc.channel('datadog:stripe:checkoutSession:create:finish'),
+  stripeConstructEvent: dc.channel('datadog:stripe:constructEvent:finish'),
+  stripePaymentIntentCreate: dc.channel('datadog:stripe:paymentIntent:create:finish'),
   wafRunFinished: dc.channel('datadog:waf:run:finish'),
 }
@@ -30,6 +30,9 @@ const {
   routerParam,
   fastifyResponseChannel,
   fastifyPathParams,
+  stripeCheckoutSessionCreate,
+  stripePaymentIntentCreate,
+  stripeConstructEvent,
 } = require('./channels')
 const waf = require('./waf')
 const addresses = require('./addresses')
@@ -92,6 +95,9 @@ function enable (_config) {
     fastifyResponseChannel.subscribe(onResponseBody)
     responseWriteHead.subscribe(onResponseWriteHead)
     responseSetHeader.subscribe(onResponseSetHeader)
+    stripeCheckoutSessionCreate.subscribe(onStripeCheckoutSessionCreate)
+    stripePaymentIntentCreate.subscribe(onStripePaymentIntentCreate)
+    stripeConstructEvent.subscribe(onStripeConstructEvent)
 
     isEnabled = true
     config = _config
@@ -382,6 +388,100 @@ function onResponseSetHeader ({ res, abortController }) {
   }
 }
 
+function onStripeCheckoutSessionCreate (payload) {
+  if (payload?.mode !== 'payment') return
+
+  waf.run({
+    persistent: {
+      [addresses.PAYMENT_CREATION]: {
+        integration: 'stripe',
+        id: payload.id,
+        amount_total: payload.amount_total,
+        client_reference_id: payload.client_reference_id,
+        currency: payload.currency,
+        'discounts.coupon': payload.discounts?.[0]?.coupon,
+        'discounts.promotion_code': payload.discounts?.[0]?.promotion_code,
+        livemode: payload.livemode,
+        'total_details.amount_discount': payload.total_details?.amount_discount,
+        'total_details.amount_shipping': payload.total_details?.amount_shipping,
+      },
+    },
+  })
+}
+
+function onStripePaymentIntentCreate (payload) {
+  if (payload === null || typeof payload !== 'object') return
+
+  waf.run({
+    persistent: {
+      [addresses.PAYMENT_CREATION]: {
+        integration: 'stripe',
+        id: payload.id,
+        amount: payload.amount,
+        currency: payload.currency,
+        livemode: payload.livemode,
+        payment_method: payload.payment_method,
+      },
+    },
+  })
+}
+
+function onStripeConstructEvent (payload) {
+  const object = payload?.data?.object
+  if (object === null || typeof object !== 'object') return
+
+  let persistent
+
+  switch (payload.type) {
+    case 'payment_intent.succeeded':
+      persistent = {
+        [addresses.PAYMENT_SUCCESS]: {
+          integration: 'stripe',
+          id: object.id,
+          amount: object.amount,
+          currency: object.currency,
+          livemode: object.livemode,
+          payment_method: object.payment_method,
+        },
+      }
+      break
+
+    case 'payment_intent.payment_failed':
+      persistent = {
+        [addresses.PAYMENT_FAILURE]: {
+          integration: 'stripe',
+          id: object.id,
+          amount: object.amount,
+          currency: object.currency,
+          'last_payment_error.code': object.last_payment_error?.code,
+          'last_payment_error.decline_code': object.last_payment_error?.decline_code,
+          'last_payment_error.payment_method.id': object.last_payment_error?.payment_method?.id,
+          'last_payment_error.payment_method.type': object.last_payment_error?.payment_method?.type,
+          livemode: object.livemode,
+        },
+      }
+      break
+
+    case 'payment_intent.canceled':
+      persistent = {
+        [addresses.PAYMENT_CANCELLATION]: {
+          integration: 'stripe',
+          id: object.id,
+          amount: object.amount,
+          cancellation_reason: object.cancellation_reason,
+          currency: object.currency,
+          livemode: object.livemode,
+        },
+      }
+      break
+
+    default:
+      return
+  }
+
+  waf.run({ persistent })
+}
+
 function handleResults (actions, req, res, rootSpan, abortController) {
   if (!actions || !req || !res || !rootSpan || !abortController) return
 
@@ -427,6 +527,9 @@ function disable () {
   if (fastifyResponseChannel.hasSubscribers) fastifyResponseChannel.unsubscribe(onResponseBody)
   if (responseWriteHead.hasSubscribers) responseWriteHead.unsubscribe(onResponseWriteHead)
   if (responseSetHeader.hasSubscribers) responseSetHeader.unsubscribe(onResponseSetHeader)
+  if (stripeCheckoutSessionCreate.hasSubscribers) stripeCheckoutSessionCreate.unsubscribe(onStripeCheckoutSessionCreate)
+  if (stripePaymentIntentCreate.hasSubscribers) stripePaymentIntentCreate.unsubscribe(onStripePaymentIntentCreate)
+  if (stripeConstructEvent.hasSubscribers) stripeConstructEvent.unsubscribe(onStripeConstructEvent)
 }
 
 // this is faster than Object.keys().length === 0
Original file line number	Diff line number	Diff line change
`@@ -43,4 +43,9 @@ module.exports = {`
`43`	`43`
`44`	`44`	`LOGIN_SUCCESS: 'server.business_logic.users.login.success',`
`45`	`45`	`LOGIN_FAILURE: 'server.business_logic.users.login.failure',`
	`46`	`+`
	`47`	`+ PAYMENT_CREATION: 'server.business_logic.payment.creation',`
	`48`	`+ PAYMENT_SUCCESS: 'server.business_logic.payment.success',`
	`49`	`+ PAYMENT_FAILURE: 'server.business_logic.payment.failure',`
	`50`	`+ PAYMENT_CANCELLATION: 'server.business_logic.payment.cancellation',`
`46`	`51`	`}`