S1313 flags IP addresses reserved for documentation as “sensitive” (false-positive)

This is a false positive in my opinion. My code includes the string “192.0.2.0” as a placeholder IP address in example code. RFC 5737 reserves the block 192.0.2.0/24 for documentation purposes and states that the entire block should be kept unroutable.

Refering to an IP address that is meant for documentation should not constitude sensitive data. These IP addresses are the oposite to sensitive, as the spec encourages their use for example code.

As S1313 already has a number of exceptions, blocks of IP addresses that do not trigger the rule, I believe these exceptions should be expanded to also include the reserved IPs for documentation from RFC 5737.

I encountered this using SonarCloud on a TypeScript project. But as RSPEC-1313 seems to be implemented in most languages, I would expect this to affect all users.

1 Like

Hello @tw-martijn ,

Welcome to the community and sorry for the late reply! Thanks for the post, this is good to know. I was not aware of the RFC. Here and here are the tickets to resolve the issue.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.