better safe Flask example

Author: am0o0

python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/config3.py

@@ -1,7 +1,12 @@
 """Flask App configuration."""
+import os
 
 # General Config
 FLASK_DEBUG = True
-SECRET_KEY = "CHANGEME5"
-if SECRET_KEY == "CHANGEME5":
+# if we are loading SECRET_KEY from config files then
+# it is good to check default value always, maybe
+# the user responsible for setup the application make a mistake
+# and has not changed the default SECRET_KEY value
+SECRET_KEY = os.getenv('envKey')  # A_CONSTANT_SECRET
+if SECRET_KEY == "A_CONSTANT_SECRET":
     raise "not possible"