diff --git a/python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces.qlref b/python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces.qlref
index f06cc3d869d..6396fd91863 100644
--- a/python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces.qlref
+++ b/python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces.qlref
@@ -1 +1,2 @@
-Security/CVE-2018-1281/BindToAllInterfaces.ql
\ No newline at end of file
+query: Security/CVE-2018-1281/BindToAllInterfaces.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
\ No newline at end of file
diff --git a/python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces_test.py b/python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces_test.py
index bbab44d8103..93ed0364a29 100644
--- a/python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces_test.py
+++ b/python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces_test.py
@@ -2,11 +2,11 @@ import socket
 
 # binds to all interfaces, insecure
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-s.bind(('0.0.0.0', 31137))
+s.bind(('0.0.0.0', 31137)) # $ Alert[py/bind-socket-all-network-interfaces]
 
 # binds to all interfaces, insecure
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-s.bind(('', 4040))
+s.bind(('', 4040)) # $ Alert[py/bind-socket-all-network-interfaces]
 
 # binds only to a dedicated interface, secure
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@@ -14,13 +14,13 @@ s.bind(('84.68.10.12', 8080))
 
 # binds to all interfaces, insecure
 ALL_LOCALS = "0.0.0.0"
-s.bind((ALL_LOCALS, 9090))
+s.bind((ALL_LOCALS, 9090)) # $ Alert[py/bind-socket-all-network-interfaces]
 
 # binds to all interfaces, insecure
 tup = (ALL_LOCALS, 8080)
-s.bind(tup)
+s.bind(tup) # $ Alert[py/bind-socket-all-network-interfaces]
 
 
 # IPv6
 s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
-s.bind(("::", 8080)) # NOT OK
+s.bind(("::", 8080)) # $ Alert[py/bind-socket-all-network-interfaces]