XNU NFS: Use TaintTracking library

This library wasn't available on LGTM when the query was written, but
it's there now.

Author: jbj

ql_demos/cpp/XNU_NFS_Boot_CVE-2018-4136_CVE-2018-4160/BCopyNegativeSize.ql

@@ -8,11 +8,11 @@
  */
 
 import cpp
-import semmle.code.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.TaintTracking
 import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
 import DataFlow::PathGraph
 
-class MyCfg extends DataFlow::Configuration {
+class MyCfg extends TaintTracking::Configuration {
   MyCfg() {
     this = "MyCfg"
   }
@@ -27,12 +27,8 @@ class MyCfg extends DataFlow::Configuration {
   override predicate isSource(DataFlow::Node source) {
     source.asExpr().(FunctionCall).getTarget().getName() = "mbuf_data"
   }
-
-  override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    node2.asExpr() = node1.asExpr().getParent()
-  }
 }
 
-from DataFlow::PathNode sink, DataFlow::PathNode source, MyCfg dataFlow
-where dataFlow.hasFlowPath(source, sink)
+from DataFlow::PathNode sink, DataFlow::PathNode source, MyCfg cfg
+where cfg.hasFlowPath(source, sink)
 select sink, source, sink, "The size argument of bcopy might be negative."