fix(cli): Ensure scrubber checks all fields recursively for sensitive…

… tags (#3589)

* Fix ScrubSensitiveData to scrub recursively
* Extend test with additional cases

internal/scrubber/scrub_sensitive.go

@@ -26,6 +26,23 @@ func ScrubSensitiveData(v reflect.Value) reflect.Value {
 					res.Field(i).SetString(strings.Repeat("*", fv.Len()))
 				}
 			} else if sf.IsExported() {
+				switch fv.Kind() {
+				case reflect.Pointer:
+					if !fv.IsNil() {
+						fv = ScrubSensitiveData(fv.Elem()).Addr()
+					}
+
+				case reflect.Struct:
+					fv = ScrubSensitiveData(fv)
+
+				case reflect.Interface:
+					if !fv.IsNil() {
+						fv = ScrubSensitiveData(fv.Elem())
+					}
+
+				default: // Set the field as-is.
+				}
+
 				res.Field(i).Set(fv)
 			}
 		}

internal/scrubber/scrub_sensitive_test.go

@@ -12,7 +12,11 @@ import (
 type S struct {
 	SomePassword1 string `kopia:"sensitive"`
 	NonPassword   string
-	Inner         *Q
+	InnerPtr      *Q
+	InnerIf       interface{}
+	InnerStruct   Q
+	NilPtr        *Q
+	NilIf         interface{}
 }
 
 type Q struct {
@@ -24,19 +28,39 @@ func TestScrubber(t *testing.T) {
 	input := &S{
 		SomePassword1: "foo",
 		NonPassword:   "bar",
-		Inner: &Q{
+		InnerPtr: &Q{
 			SomePassword1: "foo",
 			NonPassword:   "bar",
 		},
+		InnerStruct: Q{
+			SomePassword1: "foo",
+			NonPassword:   "bar",
+		},
+		InnerIf: Q{
+			SomePassword1: "foo",
+			NonPassword:   "bar",
+		},
+		NilPtr: nil,
+		NilIf:  nil,
 	}
 
 	want := &S{
 		SomePassword1: "***",
 		NonPassword:   "bar",
-		Inner: &Q{
-			SomePassword1: "foo",
+		InnerPtr: &Q{
+			SomePassword1: "***",
+			NonPassword:   "bar",
+		},
+		InnerStruct: Q{
+			SomePassword1: "***",
+			NonPassword:   "bar",
+		},
+		InnerIf: Q{
+			SomePassword1: "***",
 			NonPassword:   "bar",
 		},
+		NilPtr: nil,
+		NilIf:  nil,
 	}
 
 	output := scrubber.ScrubSensitiveData(reflect.ValueOf(input)).Interface()