diff --git a/java/test/TestUtilities/PrettyPrintModels.ql b/java/test/TestUtilities/PrettyPrintModels.ql
new file mode 100644
index 00000000..6d692235
--- /dev/null
+++ b/java/test/TestUtilities/PrettyPrintModels.ql
@@ -0,0 +1,11 @@
+/**
+ * @kind test-postprocess
+ */
+
+import semmle.code.java.dataflow.ExternalFlow
+import codeql.dataflow.test.ProvenancePathGraph
+import codeql.dataflow.test.ProvenancePathGraph::TestPostProcessing::TranslateProvenanceResults<interpretModelForTest/2>
+
+from string relation, int row, int column, string data
+where results(relation, row, column, data)
+select relation, row, column, data
diff --git a/java/test/security/CWE-078/CommandInjectionRuntimeExec.expected b/java/test/security/CWE-078/CommandInjectionRuntimeExec.expected
index 914087b1..e6a1912e 100644
--- a/java/test/security/CWE-078/CommandInjectionRuntimeExec.expected
+++ b/java/test/security/CWE-078/CommandInjectionRuntimeExec.expected
@@ -1,3 +1,7 @@
+#select
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
 edges
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:62:21:68 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:71:21:77 | ...[...] : String | provenance |  |
@@ -8,24 +12,28 @@ edges
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:48:36:54 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:66:36:72 | ...[...] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:62:21:68 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:71:21:77 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:80:21:86 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:32:27:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:32:28:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:32:29:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | provenance | MaD:44347 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance |  Sink:MaD:42664 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:44282 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | provenance | MaD:43716 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance | MaD:4 Sink:MaD:1 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:3 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | provenance | MaD:2 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:48:36:54 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:66:36:72 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
+models
+| 1 | Sink: java.lang; Runtime; true; exec; (String[]); ; Argument[0]; command-injection; ai-manual |
+| 2 | Summary: java.util; Arrays; false; stream; ; ; Argument[0].ArrayElement; ReturnValue.Element; value; manual |
+| 3 | Summary: java.util.stream; Stream; true; concat; (Stream,Stream); ; Argument[0..1].Element; ReturnValue.Element; value; manual |
+| 4 | Summary: java.util.stream; Stream; true; toArray; ; ; Argument[this].Element; ReturnValue.ArrayElement; value; manual |
 nodes
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | semmle.label | args : String[] |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | semmle.label | {...} : String[] [[]] : String |
@@ -42,7 +50,6 @@ nodes
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | semmle.label | commandArray2 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | semmle.label | concat(...) : Stream [<element>] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | semmle.label | toArray(...) |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | semmle.label | toArray(...) : String[] [[]] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | semmle.label | stream(...) : Stream [<element>] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | semmle.label | new String[] : String[] [[]] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | semmle.label | {...} : String[] [[]] : String |
@@ -50,7 +57,3 @@ nodes
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | semmle.label | ...[...] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:66:36:72 | ...[...] : String | semmle.label | ...[...] : String |
 subpaths
-#select
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
diff --git a/java/test/security/CWE-078/CommandInjectionRuntimeExec.qlref b/java/test/security/CWE-078/CommandInjectionRuntimeExec.qlref
index 08ec9e23..b9330540 100644
--- a/java/test/security/CWE-078/CommandInjectionRuntimeExec.qlref
+++ b/java/test/security/CWE-078/CommandInjectionRuntimeExec.qlref
@@ -1 +1,2 @@
-security/CWE-078/CommandInjectionRuntimeExecTest.ql
+query: security/CWE-078/CommandInjectionRuntimeExecTest.ql
+postprocess: TestUtilities/PrettyPrintModels.ql
diff --git a/java/test/security/CWE-078/CommandInjectionRuntimeExecPath.expected b/java/test/security/CWE-078/CommandInjectionRuntimeExecPath.expected
index 914087b1..e6a1912e 100644
--- a/java/test/security/CWE-078/CommandInjectionRuntimeExecPath.expected
+++ b/java/test/security/CWE-078/CommandInjectionRuntimeExecPath.expected
@@ -1,3 +1,7 @@
+#select
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
 edges
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:62:21:68 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:71:21:77 | ...[...] : String | provenance |  |
@@ -8,24 +12,28 @@ edges
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:48:36:54 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:66:36:72 | ...[...] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:62:21:68 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:71:21:77 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:80:21:86 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:32:27:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:27:13:27:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:32:28:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:28:13:28:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance |  Sink:MaD:42664 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | provenance | Sink:MaD:1 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:32:29:38 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:29:13:29:25 | commandArray2 [post update] : String[] [[]] : String | provenance |  |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | provenance | MaD:44347 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance |  Sink:MaD:42664 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:44282 |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | provenance | MaD:43716 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | provenance | MaD:4 Sink:MaD:1 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | provenance | MaD:3 |
+| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | provenance | MaD:2 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:48:36:54 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:66:36:72 | ...[...] : String | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | provenance |  |
+models
+| 1 | Sink: java.lang; Runtime; true; exec; (String[]); ; Argument[0]; command-injection; ai-manual |
+| 2 | Summary: java.util; Arrays; false; stream; ; ; Argument[0].ArrayElement; ReturnValue.Element; value; manual |
+| 3 | Summary: java.util.stream; Stream; true; concat; (Stream,Stream); ; Argument[0..1].Element; ReturnValue.Element; value; manual |
+| 4 | Summary: java.util.stream; Stream; true; toArray; ; ; Argument[this].Element; ReturnValue.ArrayElement; value; manual |
 nodes
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | semmle.label | args : String[] |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:21:38:21:87 | {...} : String[] [[]] : String | semmle.label | {...} : String[] [[]] : String |
@@ -42,7 +50,6 @@ nodes
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | semmle.label | commandArray2 |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:17 | concat(...) : Stream [<element>] : String | semmle.label | concat(...) : Stream [<element>] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | semmle.label | toArray(...) |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) : String[] [[]] : String | semmle.label | toArray(...) : String[] [[]] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:21:36:74 | stream(...) : Stream [<element>] : String | semmle.label | stream(...) : Stream [<element>] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | new String[] : String[] [[]] : String | semmle.label | new String[] : String[] [[]] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:35:36:73 | {...} : String[] [[]] : String | semmle.label | {...} : String[] [[]] : String |
@@ -50,7 +57,3 @@ nodes
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:57:36:63 | ...[...] : String | semmle.label | ...[...] : String |
 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:36:66:36:72 | ...[...] : String | semmle.label | ...[...] : String |
 subpaths
-#select
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:22:39:22:51 | commandArray1 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:30:39:30:51 | commandArray2 | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
-| src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:34:17:37:40 | toArray(...) | Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@' | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] | src/main/java/com/github/githubsecuritylab/command_injection_test/Main.java:16:29:16:41 | args : String[] | args : String[] |
diff --git a/java/test/security/CWE-078/CommandInjectionRuntimeExecPath.qlref b/java/test/security/CWE-078/CommandInjectionRuntimeExecPath.qlref
index c5184df4..32b5f633 100644
--- a/java/test/security/CWE-078/CommandInjectionRuntimeExecPath.qlref
+++ b/java/test/security/CWE-078/CommandInjectionRuntimeExecPath.qlref
@@ -1 +1,2 @@
-security/CWE-078/CommandInjectionRuntimeExecTestPath.ql
+query: security/CWE-078/CommandInjectionRuntimeExecTestPath.ql
+postprocess: TestUtilities/PrettyPrintModels.ql
diff --git a/java/test/security/CWE-326/Base64Encryption.expected b/java/test/security/CWE-326/Base64Encryption.expected
index 20cf98b6..94486efd 100644
--- a/java/test/security/CWE-326/Base64Encryption.expected
+++ b/java/test/security/CWE-326/Base64Encryption.expected
@@ -1,8 +1,13 @@
+#select
+| Base64Encryption.java:18:31:18:81 | encodeToString(...) | Base64Encryption.java:17:31:17:62 | getAttribute(...) : Object | Base64Encryption.java:18:31:18:81 | encodeToString(...) | Sensitive data is being 'encrypted' with Base64 Encoding: $@ | Base64Encryption.java:17:31:17:62 | getAttribute(...) | user-provided value |
 edges
 | Base64Encryption.java:17:23:17:62 | (...)... : String | Base64Encryption.java:18:66:18:69 | attr : String | provenance |  |
 | Base64Encryption.java:17:31:17:62 | getAttribute(...) : Object | Base64Encryption.java:17:23:17:62 | (...)... : String | provenance |  |
-| Base64Encryption.java:18:66:18:69 | attr : String | Base64Encryption.java:18:66:18:80 | getBytes(...) : byte[] | provenance | MaD:42737 |
-| Base64Encryption.java:18:66:18:80 | getBytes(...) : byte[] | Base64Encryption.java:18:31:18:81 | encodeToString(...) | provenance | MaD:43723 |
+| Base64Encryption.java:18:66:18:69 | attr : String | Base64Encryption.java:18:66:18:80 | getBytes(...) : byte[] | provenance | MaD:1 |
+| Base64Encryption.java:18:66:18:80 | getBytes(...) : byte[] | Base64Encryption.java:18:31:18:81 | encodeToString(...) | provenance | MaD:2 |
+models
+| 1 | Summary: java.lang; String; false; getBytes; ; ; Argument[this]; ReturnValue; taint; manual |
+| 2 | Summary: java.util; Base64$Encoder; false; encodeToString; (byte[]); ; Argument[0]; ReturnValue; taint; manual |
 nodes
 | Base64Encryption.java:17:23:17:62 | (...)... : String | semmle.label | (...)... : String |
 | Base64Encryption.java:17:31:17:62 | getAttribute(...) : Object | semmle.label | getAttribute(...) : Object |
@@ -10,5 +15,3 @@ nodes
 | Base64Encryption.java:18:66:18:69 | attr : String | semmle.label | attr : String |
 | Base64Encryption.java:18:66:18:80 | getBytes(...) : byte[] | semmle.label | getBytes(...) : byte[] |
 subpaths
-#select
-| Base64Encryption.java:18:31:18:81 | encodeToString(...) | Base64Encryption.java:17:31:17:62 | getAttribute(...) : Object | Base64Encryption.java:18:31:18:81 | encodeToString(...) | Sensitive data is being 'encrypted' with Base64 Encoding: $@ | Base64Encryption.java:17:31:17:62 | getAttribute(...) | user-provided value |
diff --git a/java/test/security/CWE-326/Base64Encryption.qlref b/java/test/security/CWE-326/Base64Encryption.qlref
index f256b504..39fbd214 100644
--- a/java/test/security/CWE-326/Base64Encryption.qlref
+++ b/java/test/security/CWE-326/Base64Encryption.qlref
@@ -1 +1,2 @@
-security/CWE-326/Base64Encryption.ql
+query: security/CWE-326/Base64Encryption.ql
+postprocess: TestUtilities/PrettyPrintModels.ql
diff --git a/java/test/security/CWE-532/SensitiveInformation.expected b/java/test/security/CWE-532/SensitiveInformation.expected
index 5c5ff98d..7648f37e 100644
--- a/java/test/security/CWE-532/SensitiveInformation.expected
+++ b/java/test/security/CWE-532/SensitiveInformation.expected
@@ -1,11 +1,21 @@
+#select
+| SensitiveInformation.java:18:26:18:55 | ... + ... | SensitiveInformation.java:17:31:17:62 | getAttribute(...) : Object | SensitiveInformation.java:18:26:18:55 | ... + ... | Sensative data is being logged $@. | SensitiveInformation.java:17:31:17:62 | getAttribute(...) | user-provided value |
+| SensitiveInformation.java:19:28:19:31 | attr | SensitiveInformation.java:17:31:17:62 | getAttribute(...) : Object | SensitiveInformation.java:19:28:19:31 | attr | Sensative data is being logged $@. | SensitiveInformation.java:17:31:17:62 | getAttribute(...) | user-provided value |
+| SensitiveInformation.java:26:19:26:30 | responseBody | SensitiveInformation.java:17:31:17:62 | getAttribute(...) : Object | SensitiveInformation.java:26:19:26:30 | responseBody | Sensative data is being logged $@. | SensitiveInformation.java:17:31:17:62 | getAttribute(...) | user-provided value |
 edges
-| SensitiveInformation.java:17:23:17:62 | (...)... : String | SensitiveInformation.java:18:26:18:55 | ... + ... | provenance |  Sink:MaD:42553 |
-| SensitiveInformation.java:17:23:17:62 | (...)... : String | SensitiveInformation.java:19:28:19:31 | attr | provenance |  Sink:MaD:42556 |
+| SensitiveInformation.java:17:23:17:62 | (...)... : String | SensitiveInformation.java:18:26:18:55 | ... + ... | provenance | Sink:MaD:1 |
+| SensitiveInformation.java:17:23:17:62 | (...)... : String | SensitiveInformation.java:19:28:19:31 | attr | provenance | Sink:MaD:2 |
 | SensitiveInformation.java:17:23:17:62 | (...)... : String | SensitiveInformation.java:20:66:20:69 | attr : String | provenance |  |
 | SensitiveInformation.java:17:31:17:62 | getAttribute(...) : Object | SensitiveInformation.java:17:23:17:62 | (...)... : String | provenance |  |
-| SensitiveInformation.java:20:31:20:81 | encodeToString(...) : String | SensitiveInformation.java:26:19:26:30 | responseBody | provenance |  Sink:MaD:42567 |
-| SensitiveInformation.java:20:66:20:69 | attr : String | SensitiveInformation.java:20:66:20:80 | getBytes(...) : byte[] | provenance | MaD:42737 |
-| SensitiveInformation.java:20:66:20:80 | getBytes(...) : byte[] | SensitiveInformation.java:20:31:20:81 | encodeToString(...) : String | provenance | MaD:43723 |
+| SensitiveInformation.java:20:31:20:81 | encodeToString(...) : String | SensitiveInformation.java:26:19:26:30 | responseBody | provenance | Sink:MaD:3 |
+| SensitiveInformation.java:20:66:20:69 | attr : String | SensitiveInformation.java:20:66:20:80 | getBytes(...) : byte[] | provenance | MaD:4 |
+| SensitiveInformation.java:20:66:20:80 | getBytes(...) : byte[] | SensitiveInformation.java:20:31:20:81 | encodeToString(...) : String | provenance | MaD:5 |
+models
+| 1 | Sink: java.io; PrintStream; true; print; ; ; Argument[0]; file-content-store; manual |
+| 2 | Sink: java.io; PrintStream; true; println; ; ; Argument[0]; file-content-store; manual |
+| 3 | Sink: java.io; PrintWriter; false; print; ; ; Argument[0]; file-content-store; manual |
+| 4 | Summary: java.lang; String; false; getBytes; ; ; Argument[this]; ReturnValue; taint; manual |
+| 5 | Summary: java.util; Base64$Encoder; false; encodeToString; (byte[]); ; Argument[0]; ReturnValue; taint; manual |
 nodes
 | SensitiveInformation.java:17:23:17:62 | (...)... : String | semmle.label | (...)... : String |
 | SensitiveInformation.java:17:31:17:62 | getAttribute(...) : Object | semmle.label | getAttribute(...) : Object |
@@ -16,7 +26,3 @@ nodes
 | SensitiveInformation.java:20:66:20:80 | getBytes(...) : byte[] | semmle.label | getBytes(...) : byte[] |
 | SensitiveInformation.java:26:19:26:30 | responseBody | semmle.label | responseBody |
 subpaths
-#select
-| SensitiveInformation.java:18:26:18:55 | ... + ... | SensitiveInformation.java:17:31:17:62 | getAttribute(...) : Object | SensitiveInformation.java:18:26:18:55 | ... + ... | Sensative data is being logged $@. | SensitiveInformation.java:17:31:17:62 | getAttribute(...) | user-provided value |
-| SensitiveInformation.java:19:28:19:31 | attr | SensitiveInformation.java:17:31:17:62 | getAttribute(...) : Object | SensitiveInformation.java:19:28:19:31 | attr | Sensative data is being logged $@. | SensitiveInformation.java:17:31:17:62 | getAttribute(...) | user-provided value |
-| SensitiveInformation.java:26:19:26:30 | responseBody | SensitiveInformation.java:17:31:17:62 | getAttribute(...) : Object | SensitiveInformation.java:26:19:26:30 | responseBody | Sensative data is being logged $@. | SensitiveInformation.java:17:31:17:62 | getAttribute(...) | user-provided value |
diff --git a/java/test/security/CWE-532/SensitiveInformation.qlref b/java/test/security/CWE-532/SensitiveInformation.qlref
index 4aa4fb02..3997d736 100644
--- a/java/test/security/CWE-532/SensitiveInformation.qlref
+++ b/java/test/security/CWE-532/SensitiveInformation.qlref
@@ -1 +1,2 @@
-security/CWE-532/SensitiveInformation.ql
+query: security/CWE-532/SensitiveInformation.ql
+postprocess: TestUtilities/PrettyPrintModels.ql
diff --git a/java/test/security/CWE-611/XXELocal.expected b/java/test/security/CWE-611/XXELocal.expected
index 71c2d513..9fcd978c 100644
--- a/java/test/security/CWE-611/XXELocal.expected
+++ b/java/test/security/CWE-611/XXELocal.expected
@@ -1,12 +1,15 @@
+#select
+| XXELocal.java:24:25:24:35 | inputSource | XXELocal.java:15:39:15:63 | new FileInputStream(...) : FileInputStream | XXELocal.java:24:25:24:35 | inputSource | Unsafe parsing of XML file from $@. | XXELocal.java:15:39:15:63 | new FileInputStream(...) | user input |
 edges
-| XXELocal.java:15:39:15:63 | new FileInputStream(...) : FileInputStream | XXELocal.java:16:51:16:61 | inputStream : FileInputStream | provenance | Src:MaD:42645  |
+| XXELocal.java:15:39:15:63 | new FileInputStream(...) : FileInputStream | XXELocal.java:16:51:16:61 | inputStream : FileInputStream | provenance | Src:MaD:1  |
 | XXELocal.java:16:35:16:62 | new InputSource(...) : InputSource | XXELocal.java:24:25:24:35 | inputSource | provenance |  |
-| XXELocal.java:16:51:16:61 | inputStream : FileInputStream | XXELocal.java:16:35:16:62 | new InputSource(...) : InputSource | provenance | MaD:49768 |
+| XXELocal.java:16:51:16:61 | inputStream : FileInputStream | XXELocal.java:16:35:16:62 | new InputSource(...) : InputSource | provenance | MaD:2 |
+models
+| 1 | Source: java.io; FileInputStream; true; FileInputStream; ; ; Argument[this]; file; manual |
+| 2 | Summary: org.xml.sax; InputSource; false; InputSource; ; ; Argument[0]; Argument[this]; taint; manual |
 nodes
 | XXELocal.java:15:39:15:63 | new FileInputStream(...) : FileInputStream | semmle.label | new FileInputStream(...) : FileInputStream |
 | XXELocal.java:16:35:16:62 | new InputSource(...) : InputSource | semmle.label | new InputSource(...) : InputSource |
 | XXELocal.java:16:51:16:61 | inputStream : FileInputStream | semmle.label | inputStream : FileInputStream |
 | XXELocal.java:24:25:24:35 | inputSource | semmle.label | inputSource |
 subpaths
-#select
-| XXELocal.java:24:25:24:35 | inputSource | XXELocal.java:15:39:15:63 | new FileInputStream(...) : FileInputStream | XXELocal.java:24:25:24:35 | inputSource | Unsafe parsing of XML file from $@. | XXELocal.java:15:39:15:63 | new FileInputStream(...) | user input |
diff --git a/java/test/security/CWE-611/XXELocal.qlref b/java/test/security/CWE-611/XXELocal.qlref
index f6d786d8..a043b20d 100644
--- a/java/test/security/CWE-611/XXELocal.qlref
+++ b/java/test/security/CWE-611/XXELocal.qlref
@@ -1 +1,2 @@
-security/CWE-611/XXELocal.ql
+query: security/CWE-611/XXELocal.ql
+postprocess: TestUtilities/PrettyPrintModels.ql