Apply suggestions from code review

Co-authored-by: Rasmus Wriedt Larsen <[email protected]>

Author: yoff

python/change-notes/2021-02-23-port-insecure-default-protocol.md

@@ -1,2 +1,2 @@
 lgtm,codescanning
-* Changed the query that detects insecure SSL/TLS protocol creation from default values (`py/insecure-default-protocol`) to use the new API graphs. Python 3.2 introduced so-called contexts to create connections from. These come with new ways to specify protocol version (through modifying the `options` field), which means that using the default value _can_ be secure (and if the usage is not secure, this should be reported by the `py/insecure-protocol` query). This query now reports results only for the deprecated way of creating connections without a context.
+* Updated the query that detects insecure SSL/TLS protocol creation from default values (`py/insecure-default-protocol`) to use the new API graphs. Also changed this query to not alert on using default value for constructing `ssl.SSLContext`, since that _can_ still be secure, either through manipulation of the `options` field or the `minimum_version` field. If the usage is not secure, this should be reported by the `py/insecure-protocol` query.

python/ql/src/Security/CWE-327/InsecureDefaultProtocol.qhelp

@@ -4,7 +4,7 @@
 <qhelp>
      <overview>
           <p>
-          The <code>ssl</code> library defaults
+          The <code>ssl.wrap_socket</code> function defaults
           to an insecure version of SSL/TLS when no specific protocol version is
           specified. This may leave the connection vulnerable to attack.
           </p>