diff --git a/python/ql/src/experimental/Security/CWE-079/test.ql b/python/ql/src/experimental/Security/CWE-079/test.ql
new file mode 100644
index 00000000000..e30d45c0c3f
--- /dev/null
+++ b/python/ql/src/experimental/Security/CWE-079/test.ql
@@ -0,0 +1,3 @@
+select "1"
+// void query to run and generate unit_tests.testproj database to test
+// until we decide the objective of the query
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/sendgrid_mail_helper_content_bad.py b/python/ql/src/experimental/Security/CWE-079/unit_tests/sendgrid_mail_helper_content_bad.py
similarity index 100%
rename from python/ql/test/experimental/query-tests/Security/CWE-079/sendgrid_mail_helper_content_bad.py
rename to python/ql/src/experimental/Security/CWE-079/unit_tests/sendgrid_mail_helper_content_bad.py
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/sendgrid_via_mail_send_post_request_body_bad.py b/python/ql/src/experimental/Security/CWE-079/unit_tests/sendgrid_via_mail_send_post_request_body_bad.py
similarity index 100%
rename from python/ql/test/experimental/query-tests/Security/CWE-079/sendgrid_via_mail_send_post_request_body_bad.py
rename to python/ql/src/experimental/Security/CWE-079/unit_tests/sendgrid_via_mail_send_post_request_body_bad.py
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/smtplib_bad_subparts.py b/python/ql/src/experimental/Security/CWE-079/unit_tests/smtplib_bad_subparts.py
similarity index 100%
rename from python/ql/test/experimental/query-tests/Security/CWE-079/smtplib_bad_subparts.py
rename to python/ql/src/experimental/Security/CWE-079/unit_tests/smtplib_bad_subparts.py
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/smtplib_bad_via_attach.py b/python/ql/src/experimental/Security/CWE-079/unit_tests/smtplib_bad_via_attach.py
similarity index 100%
rename from python/ql/test/experimental/query-tests/Security/CWE-079/smtplib_bad_via_attach.py
rename to python/ql/src/experimental/Security/CWE-079/unit_tests/smtplib_bad_via_attach.py
diff --git a/python/ql/src/experimental/Security/CWE-079/unit_tests/test.actual b/python/ql/src/experimental/Security/CWE-079/unit_tests/test.actual
new file mode 100644
index 00000000000..2a4f078a25f
--- /dev/null
+++ b/python/ql/src/experimental/Security/CWE-079/unit_tests/test.actual
@@ -0,0 +1 @@
+| 1 |
diff --git a/python/ql/src/experimental/Security/CWE-079/unit_tests/test.qlref b/python/ql/src/experimental/Security/CWE-079/unit_tests/test.qlref
new file mode 100644
index 00000000000..01c9dd06163
--- /dev/null
+++ b/python/ql/src/experimental/Security/CWE-079/unit_tests/test.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE-079/test.ql
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/.gitkeep b/python/ql/test/experimental/query-tests/Security/CWE-079/.gitkeep
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_1.py b/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_1.py
deleted file mode 100644
index 91ffcf8f0be..00000000000
--- a/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_1.py
+++ /dev/null
@@ -1,14 +0,0 @@
-# This tests that the user doesn't pass user-tainted data into the msg.html attribute.
-# source: https://pythonhosted.org/Flask-Mail/
-from flask_mail import Message
-
-@app.route("/")
-def index():
-
-    msg = Message("Hello",
-                  sender="from@example.com",
-                  recipients=["to@example.com"])
-
-    msg.html = "<b>testing</b>"
-
-    mail.send(msg)
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_2.py b/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_2.py
deleted file mode 100644
index 3f0a11a4e74..00000000000
--- a/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_2.py
+++ /dev/null
@@ -1,14 +0,0 @@
-# This tests that the user doesn't pass user-tainted data into the msg html initialized argument.
-# source: https://pythonhosted.org/Flask-Mail/
-
-from flask_mail import Message
-
-@app.route("/")
-def index():
-
-    msg = Message("Hello",
-                  sender="from@example.com",
-                  recipients=["to@example.com"],
-                  html="<b>testing</b>")
-
-    mail.send(msg)
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bulk_email_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bulk_email_bad.py
deleted file mode 100644
index b1747762848..00000000000
--- a/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bulk_email_bad.py
+++ /dev/null
@@ -1,16 +0,0 @@
-# This tests that the user can't send multiple vulnerable emails.
-# source: https://pythonhosted.org/Flask-Mail/
-
-from flask_mail import Message
-
-@app.route("/")
-def index():
-  with mail.connect() as conn:
-      for user in users:
-          message = '...'
-          subject = "hello, %s" % user.name
-          msg = Message(recipients=[user.email],
-                        html=message,
-                        subject=subject)
-
-          conn.send(msg)