diff --git a/swift/ql/src/change-notes/2024-02-07-unsafe-unpacking.md b/swift/ql/src/change-notes/2024-02-07-unsafe-unpacking.md
index e3c6f79bc48..1f8fc022ac5 100644
--- a/swift/ql/src/change-notes/2024-02-07-unsafe-unpacking.md
+++ b/swift/ql/src/change-notes/2024-02-07-unsafe-unpacking.md
@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* Added a new query, `swift/unsafe-unpacking`, that detects unpacking user controlled zips without validating the destination file path is within the destination directory.
\ No newline at end of file
+* Added a new experimental query, `swift/unsafe-unpacking`, that detects unpacking user controlled zips without validating the destination file path is within the destination directory.
diff --git a/swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.qhelp b/swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.qhelp
index 2f65296b9a8..6c53b3a789a 100644
--- a/swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.qhelp
+++ b/swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.qhelp
@@ -27,7 +27,7 @@ The following examples unpacks a remote zip using `Zip.unzipFile()` which is vul
 <p>
 The following examples unpacks a remote zip using `fileManager.unzipItem()` which is vulnerable to symlink path traversal.
 </p>
-<sample src="ZIPFoundationBad.swift" />
+<sample src="ZipFoundationBad.swift" />
 
 
 <p>Consider using a safer module, such as: <code>ZIPArchive</code></p>
diff --git a/swift/ql/src/experimental/Security/CWE-022/ZIPFoundationBad.swift b/swift/ql/src/experimental/Security/CWE-022/ZipFoundationBad.swift
similarity index 100%
rename from swift/ql/src/experimental/Security/CWE-022/ZIPFoundationBad.swift
rename to swift/ql/src/experimental/Security/CWE-022/ZipFoundationBad.swift
diff --git a/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.expected b/swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.expected
similarity index 100%
rename from swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.expected
rename to swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.expected
diff --git a/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.ql b/swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.ql
similarity index 100%
rename from swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.ql
rename to swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.ql
diff --git a/swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift b/swift/ql/test/query-tests/Security/CWE-022/PathInjection/testPathInjection.swift
similarity index 100%
rename from swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift
rename to swift/ql/test/query-tests/Security/CWE-022/PathInjection/testPathInjection.swift
diff --git a/swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.expected b/swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.expected
similarity index 87%
rename from swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.expected
rename to swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.expected
index 09fc20545b0..24a612d7788 100644
--- a/swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.expected
+++ b/swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.expected
@@ -1,7 +1,7 @@
 edges
-| UnsafeUnpack.swift:62:9:62:48 | call to Data.init(contentsOf:options:) | UnsafeUnpack.swift:62:60:62:60 | source |
-| UnsafeUnpack.swift:62:60:62:60 | source | UnsafeUnpack.swift:64:27:64:27 | source |
-| UnsafeUnpack.swift:62:60:62:60 | source | UnsafeUnpack.swift:67:39:67:39 | source |
+| UnsafeUnpack.swift:62:9:62:48 | call to Data.init(contentsOf:options:) | UnsafeUnpack.swift:62:60:62:60 | source | provenance |  |
+| UnsafeUnpack.swift:62:60:62:60 | source | UnsafeUnpack.swift:64:27:64:27 | source | provenance |  |
+| UnsafeUnpack.swift:62:60:62:60 | source | UnsafeUnpack.swift:67:39:67:39 | source | provenance |  |
 nodes
 | UnsafeUnpack.swift:62:9:62:48 | call to Data.init(contentsOf:options:) | semmle.label | call to Data.init(contentsOf:options:) |
 | UnsafeUnpack.swift:62:60:62:60 | source | semmle.label | source |
diff --git a/swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.qlref b/swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.qlref
similarity index 100%
rename from swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.qlref
rename to swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.qlref
diff --git a/swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.swift b/swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.swift
similarity index 100%
rename from swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.swift
rename to swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.swift