diff --git a/codeql-jedis/README.org b/codeql-jedis/README.org
index 38f16b3..b93a636 100644
--- a/codeql-jedis/README.org
+++ b/codeql-jedis/README.org
@@ -183,10 +183,7 @@
   =sqlite-jdbc-3.36.0.1.jar=, so we can use it to illustrate modeling on a smaller
   example.
   
-* Modeling jedis as dependency
-  Running the model editor a jedis db models jedis dependencies; we need jedis
-  /as/ dependency to model it.
-
+* TODO Modeling jedis as dependency
   Using the
   - model as depedency option
   the query run by model editor is
@@ -337,10 +334,12 @@
 
    These files indicate active use of injection-related taint tracking in the C++ suite as well.
 
-
 * TODO for java, the sqltainted query will find the sink, not the source yet.
-
-* TODO vulnerable sample
+* TODO vulnerable sample, jedis
+  Running the model editor a jedis db models jedis dependencies; we need jedis
+  /as/ dependency to model it.
+  
+* TODO vulnerable sample, sqlite
   For .eval() to show in a query, it has to be used in an application.  So we
   modify src-sqlite/AddUser.java for jedis.