diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.qlref b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.qlref
index 20c49dc2376..c6024387d34 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.qlref
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.qlref
@@ -1,2 +1,4 @@
 query: Security/CWE/CWE-497/ExposedSystemData.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+ - utils/test/PrettyPrintModels.ql
+ - utils/test/InlineExpectationsTestQuery.ql
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests2.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests2.cpp
index c22d74b7a75..4167f6903af 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests2.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests2.cpp
@@ -47,7 +47,7 @@ int val();
 
 // --- test cases ---
 
-const char *global1 = mysql_get_client_info();
+const char *global1 = mysql_get_client_info(); // $ Source
 const char *global2 = "abc";
 
 void test7()
@@ -55,15 +55,15 @@ void test7()
 	int sock = socket(val(), val(), val());
 
 	// tests for a strict implementation of CWE-497
-	std::cout << getenv("HOME"); // BAD: outputs HOME environment variable [NOT DETECTED]
-	std::cout << "PATH = " << getenv("PATH") << "."; // BAD: outputs PATH environment variable [NOT DETECTED]
+	std::cout << getenv("HOME");  // $ MISSING: Alert // outputs HOME environment variable
+	std::cout << "PATH = " << getenv("PATH") << "."; // $ MISSING: Alert // outputs PATH environment variable
 	std::cout << "PATHPATHPATH"; // GOOD: not system data
 
 	// tests for a more pragmatic implementation of CWE-497
-	send(sock, getenv("HOME"), val(), val()); // BAD
-	send(sock, getenv("PATH"), val(), val()); // BAD
-	send(sock, getenv("USERNAME"), val(), val()); // BAD
-	send(sock, getenv("APP_PASSWORD"), val(), val()); // BAD
+	send(sock, getenv("HOME"), val(), val()); // $ Alert
+	send(sock, getenv("PATH"), val(), val()); // $ Alert
+	send(sock, getenv("USERNAME"), val(), val()); // $ Alert
+	send(sock, getenv("APP_PASSWORD"), val(), val()); // $ Alert
 	send(sock, getenv("HARMLESS"), val(), val()); // GOOD: harmless information
 	send(sock, "HOME", val(), val()); // GOOD: not system data
 	send(sock, "PATH", val(), val()); // GOOD: not system data
@@ -75,11 +75,11 @@ void test7()
 	{
 		char buffer[256];
 
-		strcpy(buffer, mysql_get_client_info());
+		strcpy(buffer, mysql_get_client_info()); // $ Source
 
-		send(sock, mysql_get_client_info(), val(), val()); // BAD
-		send(sock, buffer, val(), val()); // BAD
-		send(sock, global1, val(), val()); // BAD
+		send(sock, mysql_get_client_info(), val(), val()); // $ Alert
+		send(sock, buffer, val(), val()); // $ Alert
+		send(sock, global1, val(), val()); // $ Alert
 		send(sock, global2, val(), val()); // GOOD: not system data
 	}
 
@@ -88,9 +88,9 @@ void test7()
 		const char *str1 = "123456";
 		const char *str2 = "abcdef";
 
-		mysql_real_connect(sock, val(), val(), str1, val(), val(), val(), val());
+		mysql_real_connect(sock, val(), val(), str1, val(), val(), val(), val()); // $ Source
 
-		send(sock, str1, val(), val()); // BAD
+		send(sock, str1, val(), val()); // $ Alert
 		send(sock, str2, val(), val()); // GOOD: not system data
 	}
 
@@ -98,17 +98,17 @@ void test7()
 	{
 		passwd *pw;
 
-		pw = getpwuid(val());
-		send(sock, pw->pw_passwd, val(), val()); // BAD
+		pw = getpwuid(val()); // $ Source
+		send(sock, pw->pw_passwd, val(), val()); // $ Alert
 	}
 
 	// tests for containers
 	{
 		container c1, c2;
 
-		c1.ptr = getenv("MY_SECRET_TOKEN");
+		c1.ptr = getenv("MY_SECRET_TOKEN"); // $ Source
 		c2.ptr = "";
-		send(sock, c1.ptr, val(), val()); // BAD
+		send(sock, c1.ptr, val(), val()); // $ Alert
 		send(sock, c2.ptr, val(), val()); // GOOD: not system data
 	}
 }
@@ -131,20 +131,20 @@ void test_zmq(void *remoteSocket)
 	size_t message_len;
 
 	// prepare data
-	message_data = getenv("HOME");
+	message_data = getenv("HOME"); // $ Source
 	message_len = strlen(message_data) + 1;
 
 	// send as data
-	if (zmq_send(socket, message_data, message_len, 0) >= 0) { // BAD: outputs HOME environment variable
+	if (zmq_send(socket, message_data, message_len, 0) >= 0) { // $ Alert: outputs HOME environment variable
 		// ...
 	}
 
 	// send as message
 	if (zmq_msg_init_data(&message, message_data, message_len, 0, 0)) {
-		if (zmq_sendmsg(remoteSocket, &message, message_len)) { // BAD: outputs HOME environment variable
+		if (zmq_sendmsg(remoteSocket, &message, message_len)) { // $ Alert: outputs HOME environment variable
 			// ...
 		}
-		if (zmq_msg_send(&message, remoteSocket, message_len)) { // BAD: outputs HOME environment variable
+		if (zmq_msg_send(&message, remoteSocket, message_len)) { // $ Alert: outputs HOME environment variable
 			// ...
 		}
 	}
@@ -152,10 +152,10 @@ void test_zmq(void *remoteSocket)
 	// send as message (alternative path)
 	if (zmq_msg_init_size(&message, message_len) == 0) {
 		memcpy(zmq_msg_data(&message), message_data, message_len);
-		if (zmq_sendmsg(remoteSocket,&message, message_len)) { // BAD: outputs HOME environment variable
+		if (zmq_sendmsg(remoteSocket,&message, message_len)) { // $ Alert: outputs HOME environment variable
 			// ...
 		}
-		if (zmq_msg_send(&message, remoteSocket, message_len)) { // BAD: outputs HOME environment variable
+		if (zmq_msg_send(&message, remoteSocket, message_len)) { // $ Alert: outputs HOME environment variable
 			// ...
 		}
 	}
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests_sockets.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests_sockets.cpp
index e7e8d9fe89f..f5c47f1a9e6 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests_sockets.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests_sockets.cpp
@@ -23,7 +23,7 @@ void test_sockets1()
 	int sockfd;
 	sockaddr addr_remote;
 	char *msg = "Hello, world!";
-	char *path = getenv("PATH");
+	char *path = getenv("PATH"); // $ Source
 
 	// create socket
 	sockfd = socket(AF_INET, SOCK_STREAM, 0);
@@ -36,11 +36,11 @@ void test_sockets1()
 
 	// send something using 'send'
 	if (send(sockfd, msg, strlen(msg) + 1, 0) < 0) return; // GOOD
-	if (send(sockfd, path, strlen(path) + 1, 0) < 0) return; // BAD
-	
+	if (send(sockfd, path, strlen(path) + 1, 0) < 0) return; // $ Alert
+
 	// send something using 'write'
 	if (write(sockfd, msg, strlen(msg) + 1) < 0) return; // GOOD
-	if (write(sockfd, path, strlen(path) + 1) < 0) return; // BAD
+	if (write(sockfd, path, strlen(path) + 1) < 0) return; // $ Alert
 
 	// clean up
 	// ...
@@ -49,9 +49,9 @@ void test_sockets1()
 int mksocket()
 {
 	int fd;
-	
+
 	fd = socket(AF_INET, SOCK_STREAM, 0);
-	
+
 	return fd;
 }
 
@@ -60,7 +60,7 @@ void test_sockets2()
 	int sockfd;
 	sockaddr addr_remote;
 	char *msg = "Hello, world!";
-	char *path = getenv("PATH");
+	char *path = getenv("PATH"); // $ Source
 
 	// create socket
 	sockfd = mksocket();
@@ -73,11 +73,11 @@ void test_sockets2()
 
 	// send something using 'send'
 	if (send(sockfd, msg, strlen(msg) + 1, 0) < 0) return; // GOOD
-	if (send(sockfd, path, strlen(path) + 1, 0) < 0) return; // BAD
-	
+	if (send(sockfd, path, strlen(path) + 1, 0) < 0) return; // $ Alert
+
 	// send something using 'write'
 	if (write(sockfd, msg, strlen(msg) + 1) < 0) return; // GOOD
-	if (write(sockfd, path, strlen(path) + 1) < 0) return; // BAD
+	if (write(sockfd, path, strlen(path) + 1) < 0) return; // $ Alert
 
 	// clean up
 	// ...
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests_sysconf.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests_sysconf.cpp
index 0c0cbcc68d3..e0b4e7dc291 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests_sysconf.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests_sysconf.cpp
@@ -21,7 +21,7 @@ void test_sc_1()
 	int value = sysconf(_SC_CHILD_MAX);
 
 	printf("_SC_CHILD_MAX = %i\n", _SC_CHILD_MAX); // GOOD
-	printf("_SC_CHILD_MAX = %i\n", value); // BAD [NOT DETECTED]
+	printf("_SC_CHILD_MAX = %i\n", value); // $ MISSING: Alert
 }
 
 void test_sc_2()
@@ -33,9 +33,9 @@ void test_sc_2()
 	pathbuf = (char *)malloc(n);
 	if (pathbuf != NULL)
 	{
-		confstr(_CS_PATH, pathbuf, n);
+		confstr(_CS_PATH, pathbuf, n); // $ Source
 
-		printf("path: %s", pathbuf); // BAD [NOT DETECTED]
-		write(get_fd(), pathbuf, strlen(pathbuf)); // BAD
+		printf("path: %s", pathbuf); // $ MISSING: Alert
+		write(get_fd(), pathbuf, strlen(pathbuf)); // $ Alert
 	}
 }