From 9d76502421650543c90d0a4d4e9a9eeed2d9a79b Mon Sep 17 00:00:00 2001
From: 2Shirt <2xShirt@gmail.com>
Date: Sat, 4 Feb 2023 17:22:00 -0800
Subject: [PATCH] Parse KVRT report to create human readable log

---
 scripts/wk/repairs/win.py | 45 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

diff --git a/scripts/wk/repairs/win.py b/scripts/wk/repairs/win.py
index a26257a6..58603895 100644
--- a/scripts/wk/repairs/win.py
+++ b/scripts/wk/repairs/win.py
@@ -10,6 +10,7 @@ import sys
 import time
 
 from subprocess       import CalledProcessError, DEVNULL
+from xml.dom.minidom  import parse as xml_parse
 
 from wk.cfg.main      import KIT_NAME_FULL, KIT_NAME_SHORT, WINDOWS_TIME_ZONE
 from wk.cfg.repairs   import (
@@ -992,6 +993,47 @@ def delete_registry_null_keys():
   run_tool('RegDelNull', 'RegDelNull', '-s', '-y', download=True)
 
 
+def log_kvrt_results(log_path, report_path):
+  """Parse KVRT report and log results in plain text."""
+  log_text = ''
+  report_file = None
+
+  # Get latest KVRT report
+  for item in reversed(sorted(report_path.iterdir())):
+    if item.name.startswith('report'):
+      report_file = item
+      break
+  if not report_file:
+    log_path.write_text('Failed to find KVRT report.', encoding='utf-8')
+    return
+
+  # Parse report
+  dom_document = xml_parse(str(report_file))
+  block_elements = dom_document.getElementsByTagName('Block0')
+  if not block_elements:
+    log_path.write_text('Failed to parse KVRT report.', encoding='utf-8')
+    return
+  attributes = block_elements[0].attributes
+  events = block_elements[0].getElementsByTagName('*')
+
+  # Log summary
+  for key, value in attributes.items():
+    log_text += f'{key+":":<14} {value}\n'
+
+  # Log quarantined items
+  quarantined_items = []
+  for event in events:
+    if not event.getAttribute('Action') == 'Quarantined':
+      continue
+    quarantined_items.append(event.getAttribute('Object'))
+  if quarantined_items:
+    log_text += '\nQuarantined Items:\n'
+  log_text += '\n'.join(quarantined_items)
+
+  # Done
+  log_path.write_text(log_text, encoding='utf-8')
+
+
 def run_adwcleaner():
   """Run AdwCleaner."""
   settings_path = get_tool_path('AdwCleaner', 'AdwCleaner', check=False)
@@ -1059,11 +1101,12 @@ def run_kvrt():
     run_program(cmd, check=False)
     sleep(1)
     wait_for_procs('KVRT.exe')
+    log_kvrt_results(log_path, report_path)
     return
 
   # Run in background
   proc = run_tool('KVRT', 'KVRT', *cmd_args, download=True)
-  log_path.write_text(proc.stdout, encoding='utf-8')
+  log_kvrt_results(log_path, report_path)
 
 
 def run_microsoft_defender(full=True):