The function rest_is_ip_address should be not issue for sanitize

[davidperezgar]

A user is reporting in Plugin Check Plugin using WPCS Sanitize check, a possible false positive with the function rest_is_ip_address.

The code shared was this:

// Generate a unique session id
function wppa_get_session_id() {
global $wppa_version;
static $session_id;

	// Found already?
	if ( $session_id ) {
		return $session_id;
	}

	// Look for a cookie
	if ( isset( $_COOKIE['wppa_session_id'] ) ) {
(30)		$t = rest_is_ip_address( wp_unslash( $_COOKIE['wppa_session_id'] ) );
		if ( $t ) {
			$session_id = $t;
			return $session_id;
		}
	}

You can see it in this support post

I believe that this function does not need to have sanitized data as is checking if it's a correct IP.

[GaryJones]

Please see the bug report template to include the necessary details so that the report can be processed - what version of PHPCS, WPCS, the violation code, the minimal snippet, current behaviour, expected behaviour, etc.