The function rest_is_ip_address should be not issue for sanitize

[davidperezgar]

A user is reporting in Plugin Check Plugin using WPCS Sanitize check, a possible false positive with the function rest_is_ip_address.

The code shared was this:

// Generate a unique session id
function wppa_get_session_id() {
global $wppa_version;
static $session_id;

    // Found already?
    if ( $session_id ) {
        return $session_id;
    }

    // Look for a cookie
    if ( isset( $_COOKIE['wppa_session_id'] ) ) {
(30)        $t = rest_is_ip_address( wp_unslash( $_COOKIE['wppa_session_id'] ) );
        if ( $t ) {
            $session_id = $t;
            return $session_id;
        }
    }

You can see it in this support post

I believe that this function does not need to have sanitized data as is checking if it's a correct IP.

[GaryJones]

Please see the bug report template to include the necessary details so that the report can be processed - what version of PHPCS, WPCS, the violation code, the minimal snippet, current behaviour, expected behaviour, etc.