CPP: Convert SQL tainted away from away from DefaultTaintTracking.

[alexet]

This converts away from DefaultTaintTracking towards the newer API.

This does end up with some changes I noticed:

• argv is repeated multiple times. This is at often 3 times (argv, *argv, **argv) + sometimes more (sometimes there seems multiple versions of some indirections?).
• The alert location moves from the argv use to the argv argument.

I'm not sure about node.asConvertedExpr() vs asExpr for the sink. The issue with using asExpr is that multiple levels of conversions are reachable without going through each over due to the references. So having fewer possible sinks seems better.

I tried setting ArgvSource to use this.asParameter(2) instead of this.asParameter(_) and it seems to fix these issues, but I am not sure of the consequences.

[MathiasVP]

• argv is repeated multiple times. This is at often 3 times (argv, *argv, **argv) + sometimes more (sometimes there seems multiple versions of some indirections?).

The "multiple versions" issue is indeed annoying. It's a problem that should be fixed inside dataflow, and I'm currently in the process of doing this. It definitely shouldn't block this PR.

I'm not sure about node.asConvertedExpr() vs asExpr for the sink. The issue with using asExpr is that multiple levels of conversions are reachable without going through each over due to the references. So having fewer possible sinks seems better.

Indeed, this is related to the issue above. Ideally, we should be using asExpr in most places (since we often don't want to deal with conversions), but that's currently necessary to avoid these duplicated results.

I tried setting ArgvSource to use this.asParameter(2) instead of this.asParameter(_) and it seems to fix these issues, but I am not sure of the consequences.

Yeah, I think we should try to do this change in a separate PR 👍.

[MathiasVP]

LGTM other than a small comment.

[MathiasVP]

LGTM!