diff --git a/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.expected b/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.expected
new file mode 100644
index 00000000000..29ecd398a0a
--- /dev/null
+++ b/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.expected
@@ -0,0 +1,6 @@
+edges
+nodes
+| InsecureRandomness.py:5:12:5:26 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+subpaths
+#select
+| InsecureRandomness.py:5:12:5:26 | ControlFlowNode for Attribute() | InsecureRandomness.py:5:12:5:26 | ControlFlowNode for Attribute() | InsecureRandomness.py:5:12:5:26 | ControlFlowNode for Attribute() | Cryptographically insecure $@ in a security context. | InsecureRandomness.py:5:12:5:26 | ControlFlowNode for Attribute() | random value |
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.py b/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.py
new file mode 100644
index 00000000000..9f043954967
--- /dev/null
+++ b/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.py
@@ -0,0 +1,5 @@
+import random
+
+def generatePassword():
+    # BAD: the random is not cryptographically secure
+    return random.random()
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.qlref b/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.qlref
new file mode 100644
index 00000000000..447fc2cf6b2
--- /dev/null
+++ b/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE-338/InsecureRandomness.ql
\ No newline at end of file