From 53f69d99666a8c9a5dae63cd3e908ffd5b1876de Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Wed, 24 Apr 2024 11:50:41 +0100
Subject: [PATCH] Reduce query tests with cases covered by concept tests

---
 .../Tests1/HeaderInjection.expected           | 134 +++---------------
 .../Tests1/HeaderWriteTest.expected           |  82 -----------
 .../Tests1/HeaderWriteTest.ql                 |  20 ---
 .../Tests1/flask_tests.py                     |  60 +-------
 .../Tests1/wsgiref_tests.py                   |  17 ---
 .../Tests2/HeaderWriteTest.expected           |  15 +-
 .../Tests2/wsgiref_tests.py                   |  17 ---
 7 files changed, 26 insertions(+), 319 deletions(-)
 delete mode 100644 python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderWriteTest.expected
 delete mode 100644 python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderWriteTest.ql

diff --git a/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderInjection.expected b/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderInjection.expected
index 5b4276b83034..b5f4ff549c41 100644
--- a/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderInjection.expected
+++ b/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderInjection.expected
@@ -1,139 +1,43 @@
 edges
 | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:1:29:1:35 | ControlFlowNode for request | provenance |  |
 | flask_tests.py:1:29:1:35 | ControlFlowNode for request | flask_tests.py:9:18:9:24 | ControlFlowNode for request | provenance |  |
-| flask_tests.py:1:29:1:35 | ControlFlowNode for request | flask_tests.py:20:18:20:24 | ControlFlowNode for request | provenance |  |
-| flask_tests.py:1:29:1:35 | ControlFlowNode for request | flask_tests.py:29:18:29:24 | ControlFlowNode for request | provenance |  |
-| flask_tests.py:1:29:1:35 | ControlFlowNode for request | flask_tests.py:38:18:38:24 | ControlFlowNode for request | provenance |  |
-| flask_tests.py:1:29:1:35 | ControlFlowNode for request | flask_tests.py:49:44:49:50 | ControlFlowNode for request | provenance |  |
-| flask_tests.py:1:29:1:35 | ControlFlowNode for request | flask_tests.py:49:72:49:78 | ControlFlowNode for request | provenance |  |
-| flask_tests.py:1:29:1:35 | ControlFlowNode for request | flask_tests.py:53:18:53:24 | ControlFlowNode for request | provenance |  |
-| flask_tests.py:1:29:1:35 | ControlFlowNode for request | flask_tests.py:54:41:54:47 | ControlFlowNode for request | provenance |  |
-| flask_tests.py:1:29:1:35 | ControlFlowNode for request | flask_tests.py:59:18:59:24 | ControlFlowNode for request | provenance |  |
-| flask_tests.py:1:29:1:35 | ControlFlowNode for request | flask_tests.py:60:36:60:42 | ControlFlowNode for request | provenance |  |
-| flask_tests.py:1:29:1:35 | ControlFlowNode for request | flask_tests.py:71:18:71:24 | ControlFlowNode for request | provenance |  |
+| flask_tests.py:1:29:1:35 | ControlFlowNode for request | flask_tests.py:19:18:19:24 | ControlFlowNode for request | provenance |  |
+| flask_tests.py:1:29:1:35 | ControlFlowNode for request | flask_tests.py:20:36:20:42 | ControlFlowNode for request | provenance |  |
+| flask_tests.py:1:29:1:35 | ControlFlowNode for request | flask_tests.py:31:18:31:24 | ControlFlowNode for request | provenance |  |
 | flask_tests.py:9:5:9:14 | ControlFlowNode for rfs_header | flask_tests.py:13:17:13:26 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:9:18:9:24 | ControlFlowNode for request | flask_tests.py:9:5:9:14 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:20:5:20:14 | ControlFlowNode for rfs_header | flask_tests.py:23:22:23:31 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:20:18:20:24 | ControlFlowNode for request | flask_tests.py:20:5:20:14 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:29:5:29:14 | ControlFlowNode for rfs_header | flask_tests.py:32:22:32:31 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:29:18:29:24 | ControlFlowNode for request | flask_tests.py:29:5:29:14 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:38:5:38:14 | ControlFlowNode for rfs_header | flask_tests.py:43:10:43:19 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:38:18:38:24 | ControlFlowNode for request | flask_tests.py:38:5:38:14 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:49:44:49:50 | ControlFlowNode for request | flask_tests.py:49:72:49:97 | ControlFlowNode for Subscript | provenance |  |
-| flask_tests.py:49:72:49:78 | ControlFlowNode for request | flask_tests.py:49:72:49:97 | ControlFlowNode for Subscript | provenance |  |
-| flask_tests.py:53:18:53:24 | ControlFlowNode for request | flask_tests.py:54:41:54:66 | ControlFlowNode for Subscript | provenance |  |
-| flask_tests.py:54:41:54:47 | ControlFlowNode for request | flask_tests.py:54:41:54:66 | ControlFlowNode for Subscript | provenance |  |
-| flask_tests.py:59:18:59:24 | ControlFlowNode for request | flask_tests.py:60:36:60:61 | ControlFlowNode for Subscript | provenance |  |
-| flask_tests.py:60:36:60:42 | ControlFlowNode for request | flask_tests.py:60:36:60:61 | ControlFlowNode for Subscript | provenance |  |
-| flask_tests.py:71:5:71:14 | ControlFlowNode for rfs_header | flask_tests.py:74:17:74:26 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:71:5:71:14 | ControlFlowNode for rfs_header | flask_tests.py:75:24:75:33 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:71:5:71:14 | ControlFlowNode for rfs_header | flask_tests.py:76:17:76:26 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:71:5:71:14 | ControlFlowNode for rfs_header | flask_tests.py:77:24:77:33 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:71:5:71:14 | ControlFlowNode for rfs_header | flask_tests.py:78:25:78:34 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:71:5:71:14 | ControlFlowNode for rfs_header | flask_tests.py:79:13:79:22 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:71:5:71:14 | ControlFlowNode for rfs_header | flask_tests.py:80:11:80:20 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:71:5:71:14 | ControlFlowNode for rfs_header | flask_tests.py:82:12:82:21 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:71:5:71:14 | ControlFlowNode for rfs_header | flask_tests.py:85:11:85:20 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:71:5:71:14 | ControlFlowNode for rfs_header | flask_tests.py:86:12:86:21 | ControlFlowNode for rfs_header | provenance |  |
-| flask_tests.py:71:18:71:24 | ControlFlowNode for request | flask_tests.py:71:5:71:14 | ControlFlowNode for rfs_header | provenance |  |
+| flask_tests.py:9:18:9:24 | ControlFlowNode for request | flask_tests.py:9:5:9:14 | ControlFlowNode for rfs_header | provenance | AdditionalTaintStep |
+| flask_tests.py:19:18:19:24 | ControlFlowNode for request | flask_tests.py:20:36:20:61 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep |
+| flask_tests.py:20:36:20:42 | ControlFlowNode for request | flask_tests.py:20:36:20:61 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep |
+| flask_tests.py:31:5:31:14 | ControlFlowNode for rfs_header | flask_tests.py:33:11:33:20 | ControlFlowNode for rfs_header | provenance |  |
+| flask_tests.py:31:5:31:14 | ControlFlowNode for rfs_header | flask_tests.py:35:12:35:21 | ControlFlowNode for rfs_header | provenance |  |
+| flask_tests.py:31:18:31:24 | ControlFlowNode for request | flask_tests.py:31:5:31:14 | ControlFlowNode for rfs_header | provenance | AdditionalTaintStep |
 | wsgiref_tests.py:4:14:4:20 | ControlFlowNode for environ | wsgiref_tests.py:6:5:6:10 | ControlFlowNode for h_name | provenance |  |
 | wsgiref_tests.py:4:14:4:20 | ControlFlowNode for environ | wsgiref_tests.py:7:5:7:9 | ControlFlowNode for h_val | provenance |  |
 | wsgiref_tests.py:6:5:6:10 | ControlFlowNode for h_name | wsgiref_tests.py:8:17:8:22 | ControlFlowNode for h_name | provenance |  |
 | wsgiref_tests.py:7:5:7:9 | ControlFlowNode for h_val | wsgiref_tests.py:8:42:8:46 | ControlFlowNode for h_val | provenance |  |
-| wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | wsgiref_tests.py:14:5:14:10 | ControlFlowNode for h_name | provenance |  |
-| wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | wsgiref_tests.py:15:5:15:9 | ControlFlowNode for h_val | provenance |  |
-| wsgiref_tests.py:14:5:14:10 | ControlFlowNode for h_name | wsgiref_tests.py:16:25:16:30 | ControlFlowNode for h_name | provenance |  |
-| wsgiref_tests.py:14:5:14:10 | ControlFlowNode for h_name | wsgiref_tests.py:17:24:17:29 | ControlFlowNode for h_name | provenance |  |
-| wsgiref_tests.py:14:5:14:10 | ControlFlowNode for h_name | wsgiref_tests.py:18:24:18:29 | ControlFlowNode for h_name | provenance |  |
-| wsgiref_tests.py:14:5:14:10 | ControlFlowNode for h_name | wsgiref_tests.py:19:25:19:30 | ControlFlowNode for h_name | provenance |  |
-| wsgiref_tests.py:14:5:14:10 | ControlFlowNode for h_name | wsgiref_tests.py:20:13:20:18 | ControlFlowNode for h_name | provenance |  |
-| wsgiref_tests.py:15:5:15:9 | ControlFlowNode for h_val | wsgiref_tests.py:16:50:16:54 | ControlFlowNode for h_val | provenance |  |
-| wsgiref_tests.py:15:5:15:9 | ControlFlowNode for h_val | wsgiref_tests.py:17:32:17:36 | ControlFlowNode for h_val | provenance |  |
-| wsgiref_tests.py:15:5:15:9 | ControlFlowNode for h_val | wsgiref_tests.py:18:32:18:36 | ControlFlowNode for h_val | provenance |  |
-| wsgiref_tests.py:15:5:15:9 | ControlFlowNode for h_val | wsgiref_tests.py:19:33:19:37 | ControlFlowNode for h_val | provenance |  |
-| wsgiref_tests.py:15:5:15:9 | ControlFlowNode for h_val | wsgiref_tests.py:20:23:20:27 | ControlFlowNode for h_val | provenance |  |
 nodes
 | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | flask_tests.py:1:29:1:35 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | flask_tests.py:9:5:9:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
 | flask_tests.py:9:18:9:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | flask_tests.py:13:17:13:26 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:20:5:20:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:20:18:20:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| flask_tests.py:23:22:23:31 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:29:5:29:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:29:18:29:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| flask_tests.py:32:22:32:31 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:38:5:38:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:38:18:38:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| flask_tests.py:43:10:43:19 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:49:44:49:50 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| flask_tests.py:49:72:49:78 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| flask_tests.py:49:72:49:97 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| flask_tests.py:53:18:53:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| flask_tests.py:54:41:54:47 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| flask_tests.py:54:41:54:66 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| flask_tests.py:59:18:59:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| flask_tests.py:60:36:60:42 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| flask_tests.py:60:36:60:61 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| flask_tests.py:71:5:71:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:71:18:71:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| flask_tests.py:74:17:74:26 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:75:24:75:33 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:76:17:76:26 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:77:24:77:33 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:78:25:78:34 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:79:13:79:22 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:80:11:80:20 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:82:12:82:21 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:85:11:85:20 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_tests.py:86:12:86:21 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
+| flask_tests.py:19:18:19:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| flask_tests.py:20:36:20:42 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| flask_tests.py:20:36:20:61 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
+| flask_tests.py:31:5:31:14 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
+| flask_tests.py:31:18:31:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| flask_tests.py:33:11:33:20 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
+| flask_tests.py:35:12:35:21 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
 | wsgiref_tests.py:4:14:4:20 | ControlFlowNode for environ | semmle.label | ControlFlowNode for environ |
 | wsgiref_tests.py:6:5:6:10 | ControlFlowNode for h_name | semmle.label | ControlFlowNode for h_name |
 | wsgiref_tests.py:7:5:7:9 | ControlFlowNode for h_val | semmle.label | ControlFlowNode for h_val |
 | wsgiref_tests.py:8:17:8:22 | ControlFlowNode for h_name | semmle.label | ControlFlowNode for h_name |
 | wsgiref_tests.py:8:42:8:46 | ControlFlowNode for h_val | semmle.label | ControlFlowNode for h_val |
-| wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | semmle.label | ControlFlowNode for environ |
-| wsgiref_tests.py:14:5:14:10 | ControlFlowNode for h_name | semmle.label | ControlFlowNode for h_name |
-| wsgiref_tests.py:15:5:15:9 | ControlFlowNode for h_val | semmle.label | ControlFlowNode for h_val |
-| wsgiref_tests.py:16:25:16:30 | ControlFlowNode for h_name | semmle.label | ControlFlowNode for h_name |
-| wsgiref_tests.py:16:50:16:54 | ControlFlowNode for h_val | semmle.label | ControlFlowNode for h_val |
-| wsgiref_tests.py:17:24:17:29 | ControlFlowNode for h_name | semmle.label | ControlFlowNode for h_name |
-| wsgiref_tests.py:17:32:17:36 | ControlFlowNode for h_val | semmle.label | ControlFlowNode for h_val |
-| wsgiref_tests.py:18:24:18:29 | ControlFlowNode for h_name | semmle.label | ControlFlowNode for h_name |
-| wsgiref_tests.py:18:32:18:36 | ControlFlowNode for h_val | semmle.label | ControlFlowNode for h_val |
-| wsgiref_tests.py:19:25:19:30 | ControlFlowNode for h_name | semmle.label | ControlFlowNode for h_name |
-| wsgiref_tests.py:19:33:19:37 | ControlFlowNode for h_val | semmle.label | ControlFlowNode for h_val |
-| wsgiref_tests.py:20:13:20:18 | ControlFlowNode for h_name | semmle.label | ControlFlowNode for h_name |
-| wsgiref_tests.py:20:23:20:27 | ControlFlowNode for h_val | semmle.label | ControlFlowNode for h_val |
 subpaths
 #select
 | flask_tests.py:13:17:13:26 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:13:17:13:26 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:23:22:23:31 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:23:22:23:31 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:32:22:32:31 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:32:22:32:31 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:43:10:43:19 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:43:10:43:19 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:49:72:49:97 | ControlFlowNode for Subscript | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:49:72:49:97 | ControlFlowNode for Subscript | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:54:41:54:66 | ControlFlowNode for Subscript | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:54:41:54:66 | ControlFlowNode for Subscript | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:60:36:60:61 | ControlFlowNode for Subscript | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:60:36:60:61 | ControlFlowNode for Subscript | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:74:17:74:26 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:74:17:74:26 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:75:24:75:33 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:75:24:75:33 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:76:17:76:26 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:76:17:76:26 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:77:24:77:33 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:77:24:77:33 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:78:25:78:34 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:78:25:78:34 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:79:13:79:22 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:79:13:79:22 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:80:11:80:20 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:80:11:80:20 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:82:12:82:21 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:82:12:82:21 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:85:11:85:20 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:85:11:85:20 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
-| flask_tests.py:86:12:86:21 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:86:12:86:21 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
+| flask_tests.py:20:36:20:61 | ControlFlowNode for Subscript | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:20:36:20:61 | ControlFlowNode for Subscript | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
+| flask_tests.py:33:11:33:20 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:33:11:33:20 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
+| flask_tests.py:35:12:35:21 | ControlFlowNode for rfs_header | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_tests.py:35:12:35:21 | ControlFlowNode for rfs_header | This HTTP header is constructed from a $@. | flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember | user-provided value |
 | wsgiref_tests.py:8:17:8:22 | ControlFlowNode for h_name | wsgiref_tests.py:4:14:4:20 | ControlFlowNode for environ | wsgiref_tests.py:8:17:8:22 | ControlFlowNode for h_name | This HTTP header is constructed from a $@. | wsgiref_tests.py:4:14:4:20 | ControlFlowNode for environ | user-provided value |
 | wsgiref_tests.py:8:42:8:46 | ControlFlowNode for h_val | wsgiref_tests.py:4:14:4:20 | ControlFlowNode for environ | wsgiref_tests.py:8:42:8:46 | ControlFlowNode for h_val | This HTTP header is constructed from a $@. | wsgiref_tests.py:4:14:4:20 | ControlFlowNode for environ | user-provided value |
-| wsgiref_tests.py:16:25:16:30 | ControlFlowNode for h_name | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | wsgiref_tests.py:16:25:16:30 | ControlFlowNode for h_name | This HTTP header is constructed from a $@. | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | user-provided value |
-| wsgiref_tests.py:16:50:16:54 | ControlFlowNode for h_val | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | wsgiref_tests.py:16:50:16:54 | ControlFlowNode for h_val | This HTTP header is constructed from a $@. | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | user-provided value |
-| wsgiref_tests.py:17:24:17:29 | ControlFlowNode for h_name | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | wsgiref_tests.py:17:24:17:29 | ControlFlowNode for h_name | This HTTP header is constructed from a $@. | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | user-provided value |
-| wsgiref_tests.py:17:32:17:36 | ControlFlowNode for h_val | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | wsgiref_tests.py:17:32:17:36 | ControlFlowNode for h_val | This HTTP header is constructed from a $@. | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | user-provided value |
-| wsgiref_tests.py:18:24:18:29 | ControlFlowNode for h_name | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | wsgiref_tests.py:18:24:18:29 | ControlFlowNode for h_name | This HTTP header is constructed from a $@. | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | user-provided value |
-| wsgiref_tests.py:18:32:18:36 | ControlFlowNode for h_val | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | wsgiref_tests.py:18:32:18:36 | ControlFlowNode for h_val | This HTTP header is constructed from a $@. | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | user-provided value |
-| wsgiref_tests.py:19:25:19:30 | ControlFlowNode for h_name | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | wsgiref_tests.py:19:25:19:30 | ControlFlowNode for h_name | This HTTP header is constructed from a $@. | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | user-provided value |
-| wsgiref_tests.py:19:33:19:37 | ControlFlowNode for h_val | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | wsgiref_tests.py:19:33:19:37 | ControlFlowNode for h_val | This HTTP header is constructed from a $@. | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | user-provided value |
-| wsgiref_tests.py:20:13:20:18 | ControlFlowNode for h_name | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | wsgiref_tests.py:20:13:20:18 | ControlFlowNode for h_name | This HTTP header is constructed from a $@. | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | user-provided value |
-| wsgiref_tests.py:20:23:20:27 | ControlFlowNode for h_val | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | wsgiref_tests.py:20:23:20:27 | ControlFlowNode for h_val | This HTTP header is constructed from a $@. | wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ | user-provided value |
diff --git a/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderWriteTest.expected b/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderWriteTest.expected
deleted file mode 100644
index 4621faec224f..000000000000
--- a/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderWriteTest.expected
+++ /dev/null
@@ -1,82 +0,0 @@
-source
-| flask_tests.py:1:29:1:35 | ControlFlowNode for ImportMember |
-| wsgiref_tests.py:4:14:4:20 | ControlFlowNode for environ |
-| wsgiref_tests.py:12:15:12:21 | ControlFlowNode for environ |
-sink
-| flask_tests.py:12:17:12:28 | ControlFlowNode for Str |
-| flask_tests.py:13:17:13:26 | ControlFlowNode for rfs_header |
-| flask_tests.py:22:22:22:33 | ControlFlowNode for Str |
-| flask_tests.py:23:22:23:31 | ControlFlowNode for rfs_header |
-| flask_tests.py:31:22:31:33 | ControlFlowNode for Str |
-| flask_tests.py:32:22:32:31 | ControlFlowNode for rfs_header |
-| flask_tests.py:41:10:41:21 | ControlFlowNode for Str |
-| flask_tests.py:43:10:43:19 | ControlFlowNode for rfs_header |
-| flask_tests.py:49:30:49:41 | ControlFlowNode for Str |
-| flask_tests.py:49:72:49:97 | ControlFlowNode for Subscript |
-| flask_tests.py:54:41:54:66 | ControlFlowNode for Subscript |
-| flask_tests.py:60:36:60:61 | ControlFlowNode for Subscript |
-| flask_tests.py:66:36:66:63 | ControlFlowNode for Attribute() |
-| flask_tests.py:74:17:74:26 | ControlFlowNode for rfs_header |
-| flask_tests.py:75:24:75:33 | ControlFlowNode for rfs_header |
-| flask_tests.py:76:17:76:26 | ControlFlowNode for rfs_header |
-| flask_tests.py:77:24:77:33 | ControlFlowNode for rfs_header |
-| flask_tests.py:78:25:78:34 | ControlFlowNode for rfs_header |
-| flask_tests.py:79:13:79:22 | ControlFlowNode for rfs_header |
-| flask_tests.py:80:11:80:20 | ControlFlowNode for rfs_header |
-| flask_tests.py:82:12:82:21 | ControlFlowNode for rfs_header |
-| flask_tests.py:85:11:85:20 | ControlFlowNode for rfs_header |
-| flask_tests.py:86:12:86:21 | ControlFlowNode for rfs_header |
-| wsgiref_tests.py:8:17:8:22 | ControlFlowNode for h_name |
-| wsgiref_tests.py:8:25:8:29 | ControlFlowNode for Str |
-| wsgiref_tests.py:8:34:8:39 | ControlFlowNode for Str |
-| wsgiref_tests.py:8:42:8:46 | ControlFlowNode for h_val |
-| wsgiref_tests.py:16:25:16:30 | ControlFlowNode for h_name |
-| wsgiref_tests.py:16:33:16:37 | ControlFlowNode for Str |
-| wsgiref_tests.py:16:42:16:47 | ControlFlowNode for Str |
-| wsgiref_tests.py:16:50:16:54 | ControlFlowNode for h_val |
-| wsgiref_tests.py:17:24:17:29 | ControlFlowNode for h_name |
-| wsgiref_tests.py:17:32:17:36 | ControlFlowNode for h_val |
-| wsgiref_tests.py:18:24:18:29 | ControlFlowNode for h_name |
-| wsgiref_tests.py:18:32:18:36 | ControlFlowNode for h_val |
-| wsgiref_tests.py:19:25:19:30 | ControlFlowNode for h_name |
-| wsgiref_tests.py:19:33:19:37 | ControlFlowNode for h_val |
-| wsgiref_tests.py:20:13:20:18 | ControlFlowNode for h_name |
-| wsgiref_tests.py:20:23:20:27 | ControlFlowNode for h_val |
-headerWrite
-| flask_tests.py:12:5:12:41 | ControlFlowNode for Attribute() | flask_tests.py:12:17:12:28 | ControlFlowNode for Str | flask_tests.py:12:31:12:40 | ControlFlowNode for rfs_header | true | false |
-| flask_tests.py:13:5:13:42 | ControlFlowNode for Attribute() | flask_tests.py:13:17:13:26 | ControlFlowNode for rfs_header | flask_tests.py:13:29:13:41 | ControlFlowNode for Str | true | false |
-| flask_tests.py:22:5:22:34 | ControlFlowNode for Subscript | flask_tests.py:22:22:22:33 | ControlFlowNode for Str | flask_tests.py:22:38:22:47 | ControlFlowNode for rfs_header | true | false |
-| flask_tests.py:23:5:23:32 | ControlFlowNode for Subscript | flask_tests.py:23:22:23:31 | ControlFlowNode for rfs_header | flask_tests.py:23:36:23:48 | ControlFlowNode for Str | true | false |
-| flask_tests.py:31:5:31:34 | ControlFlowNode for Subscript | flask_tests.py:31:22:31:33 | ControlFlowNode for Str | flask_tests.py:31:38:31:47 | ControlFlowNode for rfs_header | true | false |
-| flask_tests.py:32:5:32:32 | ControlFlowNode for Subscript | flask_tests.py:32:22:32:31 | ControlFlowNode for rfs_header | flask_tests.py:32:36:32:48 | ControlFlowNode for Str | true | false |
-| flask_tests.py:40:5:41:35 | ControlFlowNode for Attribute() | flask_tests.py:41:10:41:21 | ControlFlowNode for Str | flask_tests.py:41:24:41:33 | ControlFlowNode for rfs_header | true | false |
-| flask_tests.py:42:5:43:36 | ControlFlowNode for Attribute() | flask_tests.py:43:10:43:19 | ControlFlowNode for rfs_header | flask_tests.py:43:22:43:34 | ControlFlowNode for Str | true | false |
-| flask_tests.py:49:12:49:114 | ControlFlowNode for Response() | flask_tests.py:49:30:49:41 | ControlFlowNode for Str | flask_tests.py:49:44:49:69 | ControlFlowNode for Subscript | true | false |
-| flask_tests.py:49:12:49:114 | ControlFlowNode for Response() | flask_tests.py:49:30:49:41 | ControlFlowNode for Str | flask_tests.py:49:100:49:112 | ControlFlowNode for Str | true | false |
-| flask_tests.py:49:12:49:114 | ControlFlowNode for Response() | flask_tests.py:49:72:49:97 | ControlFlowNode for Subscript | flask_tests.py:49:44:49:69 | ControlFlowNode for Subscript | true | false |
-| flask_tests.py:49:12:49:114 | ControlFlowNode for Response() | flask_tests.py:49:72:49:97 | ControlFlowNode for Subscript | flask_tests.py:49:100:49:112 | ControlFlowNode for Str | true | false |
-| flask_tests.py:54:12:54:83 | ControlFlowNode for make_response() | flask_tests.py:54:41:54:66 | ControlFlowNode for Subscript | flask_tests.py:54:69:54:81 | ControlFlowNode for Str | true | false |
-| flask_tests.py:60:12:60:78 | ControlFlowNode for make_response() | flask_tests.py:60:36:60:61 | ControlFlowNode for Subscript | flask_tests.py:60:64:60:76 | ControlFlowNode for Str | true | false |
-| flask_tests.py:66:12:66:80 | ControlFlowNode for make_response() | flask_tests.py:66:36:66:63 | ControlFlowNode for Attribute() | flask_tests.py:66:66:66:78 | ControlFlowNode for Str | true | false |
-| flask_tests.py:74:5:74:42 | ControlFlowNode for Attribute() | flask_tests.py:74:17:74:26 | ControlFlowNode for rfs_header | flask_tests.py:74:29:74:41 | ControlFlowNode for Str | true | false |
-| flask_tests.py:75:5:75:49 | ControlFlowNode for Attribute() | flask_tests.py:75:24:75:33 | ControlFlowNode for rfs_header | flask_tests.py:75:36:75:48 | ControlFlowNode for Str | true | false |
-| flask_tests.py:76:5:76:42 | ControlFlowNode for Attribute() | flask_tests.py:76:17:76:26 | ControlFlowNode for rfs_header | flask_tests.py:76:29:76:41 | ControlFlowNode for Str | true | false |
-| flask_tests.py:77:5:77:49 | ControlFlowNode for Attribute() | flask_tests.py:77:24:77:33 | ControlFlowNode for rfs_header | flask_tests.py:77:36:77:48 | ControlFlowNode for Str | true | false |
-| flask_tests.py:78:5:78:50 | ControlFlowNode for Attribute() | flask_tests.py:78:25:78:34 | ControlFlowNode for rfs_header | flask_tests.py:78:37:78:49 | ControlFlowNode for Str | true | false |
-| flask_tests.py:79:5:79:23 | ControlFlowNode for Subscript | flask_tests.py:79:13:79:22 | ControlFlowNode for rfs_header | flask_tests.py:79:27:79:39 | ControlFlowNode for Str | true | false |
-| flask_tests.py:81:5:81:22 | ControlFlowNode for Attribute() | flask_tests.py:80:11:80:20 | ControlFlowNode for rfs_header | flask_tests.py:80:23:80:35 | ControlFlowNode for Str | true | false |
-| flask_tests.py:83:5:83:22 | ControlFlowNode for Attribute() | flask_tests.py:82:12:82:21 | ControlFlowNode for rfs_header | flask_tests.py:82:24:82:36 | ControlFlowNode for Str | true | false |
-| flask_tests.py:87:13:87:35 | ControlFlowNode for make_response() | flask_tests.py:85:11:85:20 | ControlFlowNode for rfs_header | flask_tests.py:85:23:85:35 | ControlFlowNode for Str | true | false |
-| flask_tests.py:88:13:88:35 | ControlFlowNode for make_response() | flask_tests.py:86:12:86:21 | ControlFlowNode for rfs_header | flask_tests.py:86:24:86:36 | ControlFlowNode for Str | true | false |
-| wsgiref_tests.py:9:5:9:35 | ControlFlowNode for start_response() | wsgiref_tests.py:8:17:8:22 | ControlFlowNode for h_name | wsgiref_tests.py:8:25:8:29 | ControlFlowNode for Str | true | true |
-| wsgiref_tests.py:9:5:9:35 | ControlFlowNode for start_response() | wsgiref_tests.py:8:17:8:22 | ControlFlowNode for h_name | wsgiref_tests.py:8:42:8:46 | ControlFlowNode for h_val | true | true |
-| wsgiref_tests.py:9:5:9:35 | ControlFlowNode for start_response() | wsgiref_tests.py:8:34:8:39 | ControlFlowNode for Str | wsgiref_tests.py:8:25:8:29 | ControlFlowNode for Str | true | true |
-| wsgiref_tests.py:9:5:9:35 | ControlFlowNode for start_response() | wsgiref_tests.py:8:34:8:39 | ControlFlowNode for Str | wsgiref_tests.py:8:42:8:46 | ControlFlowNode for h_val | true | true |
-| wsgiref_tests.py:16:15:16:57 | ControlFlowNode for Headers() | wsgiref_tests.py:16:25:16:30 | ControlFlowNode for h_name | wsgiref_tests.py:16:33:16:37 | ControlFlowNode for Str | true | true |
-| wsgiref_tests.py:16:15:16:57 | ControlFlowNode for Headers() | wsgiref_tests.py:16:25:16:30 | ControlFlowNode for h_name | wsgiref_tests.py:16:50:16:54 | ControlFlowNode for h_val | true | true |
-| wsgiref_tests.py:16:15:16:57 | ControlFlowNode for Headers() | wsgiref_tests.py:16:42:16:47 | ControlFlowNode for Str | wsgiref_tests.py:16:33:16:37 | ControlFlowNode for Str | true | true |
-| wsgiref_tests.py:16:15:16:57 | ControlFlowNode for Headers() | wsgiref_tests.py:16:42:16:47 | ControlFlowNode for Str | wsgiref_tests.py:16:50:16:54 | ControlFlowNode for h_val | true | true |
-| wsgiref_tests.py:17:5:17:37 | ControlFlowNode for Attribute() | wsgiref_tests.py:17:24:17:29 | ControlFlowNode for h_name | wsgiref_tests.py:17:32:17:36 | ControlFlowNode for h_val | true | true |
-| wsgiref_tests.py:18:5:18:37 | ControlFlowNode for Attribute() | wsgiref_tests.py:18:24:18:29 | ControlFlowNode for h_name | wsgiref_tests.py:18:32:18:36 | ControlFlowNode for h_val | true | true |
-| wsgiref_tests.py:19:5:19:38 | ControlFlowNode for Attribute() | wsgiref_tests.py:19:25:19:30 | ControlFlowNode for h_name | wsgiref_tests.py:19:33:19:37 | ControlFlowNode for h_val | true | true |
-| wsgiref_tests.py:20:5:20:19 | ControlFlowNode for Subscript | wsgiref_tests.py:20:13:20:18 | ControlFlowNode for h_name | wsgiref_tests.py:20:23:20:27 | ControlFlowNode for h_val | true | true |
diff --git a/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderWriteTest.ql b/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderWriteTest.ql
deleted file mode 100644
index a46d46e89c9e..000000000000
--- a/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderWriteTest.ql
+++ /dev/null
@@ -1,20 +0,0 @@
-import python
-import semmle.python.security.dataflow.HttpHeaderInjectionCustomizations
-import semmle.python.dataflow.new.DataFlow
-import semmle.python.Concepts
-
-query predicate source(HttpHeaderInjection::Source src) {
-  src.getLocation().getFile().getBaseName() in ["wsgiref_tests.py", "flask_tests.py"]
-}
-
-query predicate sink(HttpHeaderInjection::Sink sink) { any() }
-
-query predicate headerWrite(
-  Http::Server::ResponseHeaderWrite write, DataFlow::Node name, DataFlow::Node val,
-  boolean nameVuln, boolean valVuln
-) {
-  name = write.getNameArg() and
-  val = write.getValueArg() and
-  (if write.nameAllowsNewline() then nameVuln = true else nameVuln = false) and
-  (if write.valueAllowsNewline() then valVuln = true else valVuln = false)
-}
diff --git a/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/flask_tests.py b/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/flask_tests.py
index ca5474c0a28f..8fa81f036da0 100644
--- a/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/flask_tests.py
+++ b/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/flask_tests.py
@@ -14,46 +14,6 @@ def werkzeug_headers():
     response.headers = headers 
     return response
 
-
-@app.route("/flask_Response")
-def flask_Response():
-    rfs_header = request.args["rfs_header"]
-    response = Response()
-    response.headers['HeaderName'] = rfs_header # GOOD
-    response.headers[rfs_header] = "HeaderValue" # BAD
-    return response
-
-
-@app.route("/flask_make_response")
-def flask_make_response():
-    rfs_header = request.args["rfs_header"]
-    response = make_response("hello")
-    response.headers['HeaderName'] = rfs_header # GOOD
-    response.headers[rfs_header] = "HeaderValue" # BAD
-    return response
-
-
-@app.route("/flask_make_response_extend")
-def flask_make_response_extend():
-    rfs_header = request.args["rfs_header"]
-    resp = make_response("hello")
-    resp.headers.extend(
-        {'HeaderName': rfs_header}) # GOOD
-    resp.headers.extend(
-        {rfs_header: "HeaderValue"}) # BAD
-    return resp
-
-
-@app.route("/Response_arg")
-def Response_arg():
-    return Response(headers={'HeaderName': request.args["rfs_header"], request.args["rfs_header"]: "HeaderValue"}) # BAD
-
-@app.route("/flask_make_response_header_arg3")
-def flask_make_response_header_arg3():
-    rfs_header = request.args["rfs_header"]
-    resp = make_response("hello", 200, {request.args["rfs_header"]: "HeaderValue"}) # BAD
-    return resp
-
 @app.route("/flask_make_response_header_arg2")
 def flask_make_response_header_arg2():
     rfs_header = request.args["rfs_header"]
@@ -66,26 +26,14 @@ def flask_escaped():
     resp = make_response("hello", {rfs_header.replace("\n", ""): "HeaderValue"}) # GOOD - Newlines are removed from the input.
     return resp
 
-@app.route("/werkzeug_methods")
-def werkzeug_methods():
+@app.route("/flask_extend")
+def flask_extend():
     rfs_header = request.args["rfs_header"]
     response = Response()
-    headers = Headers()
-    headers.add(rfs_header, "HeaderValue") # BAD
-    headers.add_header(rfs_header, "HeaderValue") # BAD
-    headers.set(rfs_header, "HeaderValue") # BAD
-    headers.setdefault(rfs_header, "HeaderValue") # BAD
-    headers.__setitem__(rfs_header, "HeaderValue") # BAD
-    headers[rfs_header] = "HeaderValue" # BAD
     h1 = {rfs_header: "HeaderValue"}
-    headers.extend(h1) # BAD
+    response.headers.extend(h1) # BAD
     h2 = [(rfs_header, "HeaderValue")]
-    headers.extend(h2) # BAD
-    response.headers = headers 
-    h3 = {rfs_header: "HeaderValue"}
-    h4 = [(rfs_header, "HeaderValue")]
-    resp2 = make_response("hi", h3) # BAD
-    resp3 = make_response("hi", h4) # BAD
+    response.headers.extend(h2) # BAD
     return response
 
 # if __name__ == "__main__":
diff --git a/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/wsgiref_tests.py b/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/wsgiref_tests.py
index d2f7ef8db0a9..68fee2fd9299 100644
--- a/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/wsgiref_tests.py
+++ b/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/wsgiref_tests.py
@@ -9,24 +9,7 @@ def test_app(environ, start_response):
     start_response(status, headers) # BAD
     return [b"Hello"]
 
-def test_app2(environ, start_response):
-    status = "200 OK"
-    h_name = environ["source_n"]
-    h_val = environ["source_v"]
-    headers = Headers([(h_name, "val"), ("name", h_val)]) # BAD
-    headers.add_header(h_name, h_val) # BAD
-    headers.setdefault(h_name, h_val) # BAD
-    headers.__setitem__(h_name, h_val) # BAD
-    headers[h_name] = h_val # BAD
-    start_response(status, headers)
-    return [b"Hello"]
-
 def main1():
     with make_server('', 8000, test_app) as httpd:
-        print("Serving on port 8000...")
-        httpd.serve_forever()
-
-def main2():
-    with make_server('', 8000, test_app2) as httpd:
         print("Serving on port 8000...")
         httpd.serve_forever()
\ No newline at end of file
diff --git a/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests2/HeaderWriteTest.expected b/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests2/HeaderWriteTest.expected
index 6a4bf6d2e008..2d680f3f60fa 100644
--- a/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests2/HeaderWriteTest.expected
+++ b/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests2/HeaderWriteTest.expected
@@ -1,17 +1,8 @@
 source
 | wsgiref_tests.py:5:14:5:20 | ControlFlowNode for environ |
-| wsgiref_tests.py:13:15:13:21 | ControlFlowNode for environ |
 sink
 headerWrite
-| wsgiref_tests.py:10:5:10:35 | ControlFlowNode for start_response() | wsgiref_tests.py:9:17:9:22 | ControlFlowNode for h_name | wsgiref_tests.py:9:25:9:29 | ControlFlowNode for Str | false | false |
+| wsgiref_tests.py:10:5:10:35 | ControlFlowNode for start_response() | wsgiref_tests.py:9:17:9:22 | ControlFlowNode for h_name | wsgiref_tests.py:9:25:9:29 | ControlFlowNode for StringLiteral | false | false |
 | wsgiref_tests.py:10:5:10:35 | ControlFlowNode for start_response() | wsgiref_tests.py:9:17:9:22 | ControlFlowNode for h_name | wsgiref_tests.py:9:42:9:46 | ControlFlowNode for h_val | false | false |
-| wsgiref_tests.py:10:5:10:35 | ControlFlowNode for start_response() | wsgiref_tests.py:9:34:9:39 | ControlFlowNode for Str | wsgiref_tests.py:9:25:9:29 | ControlFlowNode for Str | false | false |
-| wsgiref_tests.py:10:5:10:35 | ControlFlowNode for start_response() | wsgiref_tests.py:9:34:9:39 | ControlFlowNode for Str | wsgiref_tests.py:9:42:9:46 | ControlFlowNode for h_val | false | false |
-| wsgiref_tests.py:17:15:17:57 | ControlFlowNode for Headers() | wsgiref_tests.py:17:25:17:30 | ControlFlowNode for h_name | wsgiref_tests.py:17:33:17:37 | ControlFlowNode for Str | false | false |
-| wsgiref_tests.py:17:15:17:57 | ControlFlowNode for Headers() | wsgiref_tests.py:17:25:17:30 | ControlFlowNode for h_name | wsgiref_tests.py:17:50:17:54 | ControlFlowNode for h_val | false | false |
-| wsgiref_tests.py:17:15:17:57 | ControlFlowNode for Headers() | wsgiref_tests.py:17:42:17:47 | ControlFlowNode for Str | wsgiref_tests.py:17:33:17:37 | ControlFlowNode for Str | false | false |
-| wsgiref_tests.py:17:15:17:57 | ControlFlowNode for Headers() | wsgiref_tests.py:17:42:17:47 | ControlFlowNode for Str | wsgiref_tests.py:17:50:17:54 | ControlFlowNode for h_val | false | false |
-| wsgiref_tests.py:18:5:18:37 | ControlFlowNode for Attribute() | wsgiref_tests.py:18:24:18:29 | ControlFlowNode for h_name | wsgiref_tests.py:18:32:18:36 | ControlFlowNode for h_val | false | false |
-| wsgiref_tests.py:19:5:19:37 | ControlFlowNode for Attribute() | wsgiref_tests.py:19:24:19:29 | ControlFlowNode for h_name | wsgiref_tests.py:19:32:19:36 | ControlFlowNode for h_val | false | false |
-| wsgiref_tests.py:20:5:20:38 | ControlFlowNode for Attribute() | wsgiref_tests.py:20:25:20:30 | ControlFlowNode for h_name | wsgiref_tests.py:20:33:20:37 | ControlFlowNode for h_val | false | false |
-| wsgiref_tests.py:21:5:21:19 | ControlFlowNode for Subscript | wsgiref_tests.py:21:13:21:18 | ControlFlowNode for h_name | wsgiref_tests.py:21:23:21:27 | ControlFlowNode for h_val | false | false |
+| wsgiref_tests.py:10:5:10:35 | ControlFlowNode for start_response() | wsgiref_tests.py:9:34:9:39 | ControlFlowNode for StringLiteral | wsgiref_tests.py:9:25:9:29 | ControlFlowNode for StringLiteral | false | false |
+| wsgiref_tests.py:10:5:10:35 | ControlFlowNode for start_response() | wsgiref_tests.py:9:34:9:39 | ControlFlowNode for StringLiteral | wsgiref_tests.py:9:42:9:46 | ControlFlowNode for h_val | false | false |
diff --git a/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests2/wsgiref_tests.py b/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests2/wsgiref_tests.py
index 7dbf3a024645..9eb2371974a5 100644
--- a/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests2/wsgiref_tests.py
+++ b/python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests2/wsgiref_tests.py
@@ -10,24 +10,7 @@ def test_app(environ, start_response):
     start_response(status, headers) # GOOD - the application is validated, so headers containing newlines will be rejected.
     return [b"Hello"]
 
-def test_app2(environ, start_response):
-    status = "200 OK"
-    h_name = environ["source_n"]
-    h_val = environ["source_v"]
-    headers = Headers([(h_name, "val"), ("name", h_val)]) # GOOD
-    headers.add_header(h_name, h_val) # GOOD
-    headers.setdefault(h_name, h_val) # GOOD
-    headers.__setitem__(h_name, h_val) # GOOD
-    headers[h_name] = h_val # GOOD
-    start_response(status, headers)
-    return [b"Hello"]
-
 def main1():
     with make_server('', 8000, validator(test_app)) as httpd:
-        print("Serving on port 8000...")
-        httpd.serve_forever()
-
-def main2():
-    with make_server('', 8000, validator(test_app2)) as httpd:
         print("Serving on port 8000...")
         httpd.serve_forever()
\ No newline at end of file