Amend security_response_id being release before displaying it

[estringana]

Description

When emitting an error, shutdown handlers are called. Then security_response_id is free before the error message string is formed. When it is formed then security_response_id is pointing to garbage

Reviewer checklist

• Test coverage seems ok.
• Appropriate labels assigned.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 53.48837% with 20 lines in your changes missing coverage. Please review.
✅ Project coverage is 61.74%. Comparing base (86c8b84) to head (03d91e6).
⚠️ Report is 6 commits behind head on master.

Files with missing lines	Patch %	Lines
appsec/src/extension/request_abort.c	53.48%	16 Missing and 4 partials ⚠️

❌ Your patch status has failed because the patch coverage (53.48%) is below the target coverage (90.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3493      +/-   ##
==========================================
- Coverage   61.79%   61.74%   -0.06%     
==========================================
  Files         142      142              
  Lines       12904    12933      +29     
  Branches     1689     1694       +5     
==========================================
+ Hits         7974     7985      +11     
- Misses       4169     4183      +14     
- Partials      761      765       +4     

Files with missing lines	Coverage Δ
appsec/src/extension/request_abort.h	100.00% <ø> (ø)
appsec/src/extension/request_lifecycle.c	63.36% <ø> (ø)
appsec/src/extension/request_abort.c	72.52% <53.48%> (-1.35%)	⬇️

... and 1 file with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 86c8b84...03d91e6. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[pr-commenter]

Benchmarks [ appsec ]

Benchmark execution time: 2025-11-25 14:52:05

Comparing candidate commit 03d91e6 in PR branch estringana/fix-security-response-id-error-message with baseline commit 86c8b84 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

[pr-commenter]

Benchmarks [ tracer ]

Benchmark execution time: 2025-11-25 15:21:26

Comparing candidate commit 03d91e6 in PR branch estringana/fix-security-response-id-error-message with baseline commit 86c8b84 in branch master.

Found 2 performance improvements and 3 performance regressions! Performance is the same for 189 metrics, 0 unstable metrics.

scenario:ComposerTelemetryBench/benchTelemetryParsing

• 🟥 execution_time [+356.896ns; +1243.104ns] or [+3.335%; +11.618%]

scenario:MessagePackSerializationBench/benchMessagePackSerialization

• 🟩 execution_time [-4.319µs; -2.601µs] or [-4.071%; -2.452%]

scenario:PHPRedisBench/benchRedisOverhead

• 🟥 execution_time [+34.221µs; +72.203µs] or [+4.130%; +8.714%]

scenario:SamplingRuleMatchingBench/benchRegexMatching4-opcache

• 🟥 execution_time [+292.523ns; +541.277ns] or [+2.596%; +4.803%]

scenario:TraceSerializationBench/benchSerializeTrace

• 🟩 execution_time [-42.319µs; -31.381µs] or [-9.413%; -6.980%]