From f39606589e16c7f2f1dd5647964230a89e760f45 Mon Sep 17 00:00:00 2001
From: Alex <aleksandrosansan@gmail.com>
Date: Mon, 19 Sep 2022 23:31:58 +0200
Subject: [PATCH 1/2] build: harden ccpp.yml permissions Signed-off-by: Alex
 <aleksandrosansan@gmail.com>

---
 .github/workflows/ccpp.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml
index bf346dd63..00f923f05 100644
--- a/.github/workflows/ccpp.yml
+++ b/.github/workflows/ccpp.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ master ]
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   job:
     name: ${{ matrix.name }}-build-and-test

From 79c9c820260b86586dc26c547a9efc08b40f7ada Mon Sep 17 00:00:00 2001
From: Alex <aleksandrosansan@gmail.com>
Date: Mon, 19 Sep 2022 23:32:11 +0200
Subject: [PATCH 2/2] build: harden sanitizer.yml permissions Signed-off-by:
 Alex <aleksandrosansan@gmail.com>

---
 .github/workflows/sanitizer.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/sanitizer.yml b/.github/workflows/sanitizer.yml
index 750c17005..57d6e78f1 100644
--- a/.github/workflows/sanitizer.yml
+++ b/.github/workflows/sanitizer.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ master ]
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   job1:
     name: adress-sanitizer