Update model validation

shared/mad/codeql/mad/ModelValidation.qll

@@ -28,13 +28,13 @@ module KindValidation<KindValidationConfigSig Config> {
           // shared
           "code-injection", "command-injection", "environment-injection", "file-content-store",
           "html-injection", "js-injection", "ldap-injection", "log-injection", "path-injection",
-          "request-forgery", "sql-injection", "url-redirection",
+          "request-forgery", "sql-injection", "url-redirection", "xpath-injection",
           // Java-only currently, but may be shared in the future
           "bean-validation", "fragment-injection", "groovy-injection", "hostname-verification",
           "information-leak", "intent-redirection", "jexl-injection", "jndi-injection",
           "mvel-injection", "notification", "ognl-injection", "pending-intents",
           "response-splitting", "trust-boundary-violation", "template-injection", "url-forward",
-          "xpath-injection", "xslt-injection",
+          "xslt-injection",
           // JavaScript-only currently, but may be shared in the future
           "mongodb.sink", "nosql-injection", "unsafe-deserialization",
           // Swift-only currently, but may be shared in the future
@@ -48,13 +48,11 @@ module KindValidation<KindValidationConfigSig Config> {
       or
       this.matches([
           // shared
-          "credentials-%", "encryption-%", "qltest%", "test-%",
-          // Java-only currently, but may be shared in the future
-          "regex-use%",
+          "credentials-%", "encryption-%", "qltest%", "test-%", "regex-use%",
           // Swift-only currently, but may be shared in the future
           "%string-%length", "weak-hash-input-%",
           // Go-only currently, but may be shared in the future
-          "request-forgery%"
+          "request-forgery[%]", "url-redirection[%]"
         ])
     }
   }