Refactor commandScrubber to be a map

command.go

@@ -6,27 +6,27 @@ import (
 	"strings"
 )
 
-var commandFlags = map[string][]*regexp.Regexp{
+// Command scrubber for well-known (shell) commands.
+var Command = CommandScrubber{
 	"mysql":     {re(`-p(\s?\S+)`), re(`--password(?:[= ])(\S+)`)},
 	"mysqldump": {re(`-p(\s?\S+)`), re(`--password(?:[= ])(\S+)`)},
 }
 
-var CommandScrubber commandScrubber
+// CommandScrubber can scrub arguments for commands that contain password flags.
+type CommandScrubber map[string][]*regexp.Regexp
 
-type commandScrubber struct{}
-
-func (cs commandScrubber) Scrub(s string) string {
+func (cs CommandScrubber) Scrub(s string) string {
 	f := splitAfter(s, []rune(defaultWhitespace))
 	for i, p := range f {
 		base := filepath.Base(strings.TrimSpace(p))
-		if args, ok := commandFlags[base]; ok {
+		if args, ok := cs[base]; ok {
 			return strings.Join(f[:i+1], "") + cs.scrubArgs(strings.Join(f[i+1:], ""), args)
 		}
 	}
 	return s
 }
 
-func (cs commandScrubber) scrubArgs(s string, args []*regexp.Regexp) string {
+func (cs CommandScrubber) scrubArgs(s string, args []*regexp.Regexp) string {
 	for _, arg := range args {
 		matches := arg.FindStringSubmatch(s)
 		if len(matches) > 0 {

command_test.go

@@ -12,7 +12,7 @@ func TestCommandScrubber(t *testing.T) {
 		{"/opt/sap/bin/mysqldump -u john -p testing -h localhost", "/opt/sap/bin/mysqldump -u john -p*redacted* -h localhost"},
 	}
 	for _, test := range tests {
-		if v := CommandScrubber.Scrub(test.Test); v != test.Want {
+		if v := Command.Scrub(test.Test); v != test.Want {
 			t.Errorf("expected %q, got %q", test.Want, v)
 		}
 	}

scrub.go

@@ -41,7 +41,7 @@ func (scrubbers Scrubbers) Scrub(s string) string {
 
 // All registered scrubbers in safe evaluation order.
 var All = Scrubbers{
-	CommandScrubber,
+	Command,
 	CryptHash,
 	PEMDHParameters,
 	PEMPrivateKey,