Disallow 'SELECT *' statements in scala code (#8867)

MichaelBuessemeyer · web-flow · commit eac9685303c7 · 2025-08-25T10:49:43.000+02:00
### URL of deployed dev instance (used for testing): - https://___.webknossos.xyz ### Steps to test: - Nothing CI should be enough - See run with `SELECT *` in the code https://github.com/scalableminds/webknossos/actions/runs/17131927788/job/48598210705 - See run without `SELECT *` in the code https://github.com/scalableminds/webknossos/actions/runs/17131985178/job/48598399466 ### Issues: - fixes [#8820](#8820) ------ (Please delete unneeded items, merge only when none are left open) - [x] Added changelog entry (create a `$PR_NUMBER.md` file in `unreleased_changes` or use `./tools/create-changelog-entry.py`)
diff --git a/.github/workflows/build_test_deploy.yml b/.github/workflows/build_test_deploy.yml
@@ -99,6 +99,9 @@ jobs:
         run: tools/postgres/dbtool.js check-evolutions-schema
       - name: Assert that all migrations are mentioned in one migration guide and that they have a reversion counterpart.
         run: tools/assert-complete-migrations.sh
+      - name: Assert no 'SELECT *'  are present in scala files
+        run: tools/assert-no-select-asterisk-present.sh
+
 
       - name: Lint backend code and check formatting
         run: sbt ";scapegoat; scalafmtCheck; util/scalafmtCheck; webknossosTracingstore/scalafmtCheck; webknossosDatastore/scalafmtCheck"
diff --git a/app/models/organization/CreditTransaction.scala b/app/models/organization/CreditTransaction.scala
@@ -264,8 +264,8 @@ class CreditTransactionDAO @Inject()(conf: WkConf,
 
   private def revokeExpiredCreditsForOrganizationQuery(organizationId: ObjectId): DBIO[List[CreditTransaction]] =
     for {
-      transactionsWithExpiredCredits <- q"""SELECT *
-            FROM webknossos.credit_transactions
+      transactionsWithExpiredCredits <- q"""SELECT $columns
+            FROM $existingCollectionName
             WHERE _organization = $organizationId
               AND expiration_date <= NOW()
               AND credit_state = ${CreditState.Pending}
diff --git a/tools/assert-no-select-asterisk-present.sh b/tools/assert-no-select-asterisk-present.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Start directory, default to current
+START_DIR="${1:-.}"
+
+# Search recursively for *.scala and detect "SELECT *"
+echo "🔍 Checking for forbidden 'SELECT *' in Scala files under $START_DIR..."
+
+violations=$(grep -ri --include="*.scala" --exclude-dir="test" "select[[:space:]]*\*" "$START_DIR" || true)
+
+if [[ -n "$violations" ]]; then
+  echo "❌  Found forbidden 'SELECT *' usage:"
+  echo "$violations"
+  exit 1
+else
+  echo "✅ No 'SELECT *' found."
+fi
diff --git a/unreleased_changes/8867.md b/unreleased_changes/8867.md
@@ -0,0 +1,2 @@
+### Changed
+- Remove left over occurrence of `SELECT *` statement in backend. Added assertions to CI to ensure that the `SELECT *` statement is not used in the backend.

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+### Changed`
	`2`	+- Remove left over occurrence of `SELECT ` statement in backend. Added assertions to CI to ensure that the `SELECT ` statement is not used in the backend.