This is a false positive in my opinion. My code includes the string “192.0.2.0” as a placeholder IP address in example code. RFC 5737 reserves the block 192.0.2.0/24 for documentation purposes and states that the entire block should be kept unroutable.
Refering to an IP address that is meant for documentation should not constitude sensitive data. These IP addresses are the oposite to sensitive, as the spec encourages their use for example code.
As S1313 already has a number of exceptions, blocks of IP addresses that do not trigger the rule, I believe these exceptions should be expanded to also include the reserved IPs for documentation from RFC 5737.
I encountered this using SonarCloud on a TypeScript project. But as RSPEC-1313 seems to be implemented in most languages, I would expect this to affect all users.