diff --git a/ql/test/experimental/CWE-918/SSRF.expected b/ql/test/experimental/CWE-918/SSRF.expected
index 2d3f19c8e5e..f63b492fa27 100644
--- a/ql/test/experimental/CWE-918/SSRF.expected
+++ b/ql/test/experimental/CWE-918/SSRF.expected
@@ -1,9 +1,9 @@
 edges
 | builtin.go:19:12:19:34 | call to FormValue : string | builtin.go:22:21:22:62 | ...+... |
-| builtin.go:86:21:86:31 | call to Referer : string | builtin.go:91:27:91:40 | untrustedInput |
-| builtin.go:100:21:100:31 | call to Referer : string | builtin.go:104:36:104:49 | untrustedInput |
-| builtin.go:118:21:118:31 | call to Referer : string | builtin.go:121:15:121:28 | untrustedInput |
-| builtin.go:136:21:136:31 | call to Referer : string | builtin.go:139:38:139:51 | untrustedInput |
+| builtin.go:83:21:83:31 | call to Referer : string | builtin.go:88:27:88:40 | untrustedInput |
+| builtin.go:97:21:97:31 | call to Referer : string | builtin.go:101:36:101:49 | untrustedInput |
+| builtin.go:111:21:111:31 | call to Referer : string | builtin.go:114:15:114:28 | untrustedInput |
+| builtin.go:129:21:129:31 | call to Referer : string | builtin.go:132:38:132:51 | untrustedInput |
 | new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:31:11:31:57 | call to Sprintf |
 | new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:32:11:32:57 | call to Sprintf |
 | new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:35:12:35:58 | call to Sprintf |
@@ -24,14 +24,14 @@ edges
 nodes
 | builtin.go:19:12:19:34 | call to FormValue : string | semmle.label | call to FormValue : string |
 | builtin.go:22:21:22:62 | ...+... | semmle.label | ...+... |
-| builtin.go:86:21:86:31 | call to Referer : string | semmle.label | call to Referer : string |
-| builtin.go:91:27:91:40 | untrustedInput | semmle.label | untrustedInput |
-| builtin.go:100:21:100:31 | call to Referer : string | semmle.label | call to Referer : string |
-| builtin.go:104:36:104:49 | untrustedInput | semmle.label | untrustedInput |
-| builtin.go:118:21:118:31 | call to Referer : string | semmle.label | call to Referer : string |
-| builtin.go:121:15:121:28 | untrustedInput | semmle.label | untrustedInput |
-| builtin.go:136:21:136:31 | call to Referer : string | semmle.label | call to Referer : string |
-| builtin.go:139:38:139:51 | untrustedInput | semmle.label | untrustedInput |
+| builtin.go:83:21:83:31 | call to Referer : string | semmle.label | call to Referer : string |
+| builtin.go:88:27:88:40 | untrustedInput | semmle.label | untrustedInput |
+| builtin.go:97:21:97:31 | call to Referer : string | semmle.label | call to Referer : string |
+| builtin.go:101:36:101:49 | untrustedInput | semmle.label | untrustedInput |
+| builtin.go:111:21:111:31 | call to Referer : string | semmle.label | call to Referer : string |
+| builtin.go:114:15:114:28 | untrustedInput | semmle.label | untrustedInput |
+| builtin.go:129:21:129:31 | call to Referer : string | semmle.label | call to Referer : string |
+| builtin.go:132:38:132:51 | untrustedInput | semmle.label | untrustedInput |
 | new-tests.go:26:26:26:30 | &... : pointer type | semmle.label | &... : pointer type |
 | new-tests.go:31:11:31:57 | call to Sprintf | semmle.label | call to Sprintf |
 | new-tests.go:32:11:32:57 | call to Sprintf | semmle.label | call to Sprintf |
@@ -55,10 +55,10 @@ nodes
 | new-tests.go:96:11:96:46 | ...+... | semmle.label | ...+... |
 #select
 | builtin.go:22:12:22:63 | call to Get | builtin.go:19:12:19:34 | call to FormValue : string | builtin.go:22:21:22:62 | ...+... | The URL of this request depends on a user-provided value |
-| builtin.go:91:12:91:53 | call to Dial | builtin.go:86:21:86:31 | call to Referer : string | builtin.go:91:27:91:40 | untrustedInput | The URL of this request depends on a user-provided value |
-| builtin.go:105:13:105:40 | call to DialConfig | builtin.go:100:21:100:31 | call to Referer : string | builtin.go:104:36:104:49 | untrustedInput | The URL of this request depends on a user-provided value |
-| builtin.go:121:3:121:39 | call to Dial | builtin.go:118:21:118:31 | call to Referer : string | builtin.go:121:15:121:28 | untrustedInput | The URL of this request depends on a user-provided value |
-| builtin.go:139:3:139:62 | call to DialContext | builtin.go:136:21:136:31 | call to Referer : string | builtin.go:139:38:139:51 | untrustedInput | The URL of this request depends on a user-provided value |
+| builtin.go:88:12:88:53 | call to Dial | builtin.go:83:21:83:31 | call to Referer : string | builtin.go:88:27:88:40 | untrustedInput | The URL of this request depends on a user-provided value |
+| builtin.go:102:13:102:40 | call to DialConfig | builtin.go:97:21:97:31 | call to Referer : string | builtin.go:101:36:101:49 | untrustedInput | The URL of this request depends on a user-provided value |
+| builtin.go:114:3:114:39 | call to Dial | builtin.go:111:21:111:31 | call to Referer : string | builtin.go:114:15:114:28 | untrustedInput | The URL of this request depends on a user-provided value |
+| builtin.go:132:3:132:62 | call to DialContext | builtin.go:129:21:129:31 | call to Referer : string | builtin.go:132:38:132:51 | untrustedInput | The URL of this request depends on a user-provided value |
 | new-tests.go:31:2:31:58 | call to Get | new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:31:11:31:57 | call to Sprintf | The URL of this request depends on a user-provided value |
 | new-tests.go:32:2:32:58 | call to Get | new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:32:11:32:57 | call to Sprintf | The URL of this request depends on a user-provided value |
 | new-tests.go:35:3:35:59 | call to Get | new-tests.go:26:26:26:30 | &... : pointer type | new-tests.go:35:12:35:58 | call to Sprintf | The URL of this request depends on a user-provided value |
diff --git a/ql/test/experimental/CWE-918/SSRF.qlref b/ql/test/experimental/CWE-918/SSRF.qlref
index d2993ad9d9d..8674b782ef5 100644
--- a/ql/test/experimental/CWE-918/SSRF.qlref
+++ b/ql/test/experimental/CWE-918/SSRF.qlref
@@ -1 +1 @@
-CWE-918/SSRF.ql
+experimental/CWE-918/SSRF.ql