From a0315dfb01e813199982de9adfe2ee7742792df7 Mon Sep 17 00:00:00 2001
From: Berkeley Churchill <bchurchill@users.noreply.github.com>
Date: Mon, 9 Jan 2023 00:26:01 +0200
Subject: [PATCH] fix null reference

check that template.ApplicationPolicies is non-null
---
 Certify/Commands/Find.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Certify/Commands/Find.cs b/Certify/Commands/Find.cs
index f3011c2..ccd74a0 100644
--- a/Certify/Commands/Find.cs
+++ b/Certify/Commands/Find.cs
@@ -736,7 +736,7 @@ private bool IsCertificateTemplateVulnerable(CertificateTemplate template, List<
                 || !template.ExtendedKeyUsage.Any() // No EKUs == Any Purpose
                 || template.ExtendedKeyUsage.Contains(CommonOids.AnyPurpose)
                 || template.ExtendedKeyUsage.Contains(CommonOids.CertificateRequestAgent)
-                || template.ApplicationPolicies.Contains(CommonOids.CertificateRequestAgentPolicy);
+                || (template.ApplicationPolicies != null && template.ApplicationPolicies.Contains(CommonOids.CertificateRequestAgentPolicy));
 
             if (lowPrivilegedUsersCanEnroll && hasDangerousEku) return true;