Rust: Constrain SensitiveFieldAccess to avoid including unwanted parents.

Author: geoffw0

rust/ql/lib/codeql/rust/security/SensitiveData.qll

@@ -112,14 +112,18 @@ private class SensitiveVariableAccess extends SensitiveData {
   override SensitiveDataClassification getClassification() { result = classification }
 }
 
+Expr fieldExprParentField(FieldExpr fe) {
+  result = fe.getParentNode()
+}
+
 /**
  * A field access data flow node that might be sensitive data.
  */
 private class SensitiveFieldAccess extends SensitiveData {
   SensitiveDataClassification classification;
 
   SensitiveFieldAccess() {
-    exists(FieldExpr fe | fe.getParentNode*() = this.asExpr().getAstNode() |
+    exists(FieldExpr fe | fieldExprParentField*(fe) = this.asExpr().getAstNode() |
       HeuristicNames::nameIndicatesSensitiveData(fe.getIdentifier().getText(), classification)
     )
   }