C++: Use localExprFlow in existing queries

This shortens the queries a bit and ensures test coverage of the new
predicate.

Author: jbj

cpp/ql/src/Critical/NewDelete.qll

@@ -47,7 +47,7 @@ predicate allocExprOrIndirect(Expr alloc, string kind) {
       or
       exists(Expr e |
         allocExprOrIndirect(e, kind) and
-        DataFlow::localFlow(DataFlow::exprNode(e), DataFlow::exprNode(rtn.getExpr()))
+        DataFlow::localExprFlow(e, rtn.getExpr())
       )
     )
   )

cpp/ql/src/Critical/OverflowStatic.ql

@@ -95,7 +95,7 @@ class CallWithBufferSize extends FunctionCall {
 
   int statedSizeValue() {
     exists(Expr statedSizeSrc |
-      DataFlow::localFlow(DataFlow::exprNode(statedSizeSrc), DataFlow::exprNode(statedSizeExpr())) and
+      DataFlow::localExprFlow(statedSizeSrc, statedSizeExpr()) and
       result = statedSizeSrc.getValue().toInt()
     )
   }

cpp/ql/src/Likely Bugs/Conversion/LossyFunctionResultCast.ql

@@ -55,7 +55,7 @@ predicate whiteListWrapped(FunctionCall fc) {
   whitelistPow(fc) or
   exists(Expr e, ReturnStmt rs |
     whiteListWrapped(e) and
-    DataFlow::localFlow(DataFlow::exprNode(e), DataFlow::exprNode(rs.getExpr())) and
+    DataFlow::localExprFlow(e, rs.getExpr()) and
     fc.getTarget() = rs.getEnclosingFunction()
   )
 }

cpp/ql/src/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean.ql

@@ -23,7 +23,7 @@ predicate isBoolean(Expr e1) {
 }
 
 predicate isStringCopyCastedAsBoolean(FunctionCall func, Expr expr1, string msg) {
-  DataFlow::localFlow(DataFlow::exprNode(func), DataFlow::exprNode(expr1)) and
+  DataFlow::localExprFlow(func, expr1) and
   isBoolean(expr1.getConversion*()) and
   func.getTarget() instanceof StrcpyFunction and
   msg = "Return value of " + func.getTarget().getName() + " used as a Boolean."

cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql

@@ -36,12 +36,10 @@ class MallocCall extends FunctionCall
 
 predicate terminationProblem(MallocCall malloc, string msg) {
   malloc.getAllocatedSize() instanceof StrlenCall and
-  not exists(DataFlow::Node def, DataFlow::Node use, FunctionCall fc, MemcpyFunction memcpy, int ix |
-    DataFlow::localFlow(def, use) and
-    def.asExpr() = malloc and
+  not exists(FunctionCall fc, MemcpyFunction memcpy, int ix |
+    DataFlow::localExprFlow(malloc, fc.getArgument(ix)) and
     fc.getTarget() = memcpy and
-    memcpy.hasArrayOutput(ix) and
-    use.asExpr() = fc.getArgument(ix)
+    memcpy.hasArrayOutput(ix)
   ) and
   msg = "This allocation does not include space to null-terminate the string."
 }