[gitlab-org/gitlab] Conan v2 package registry returns incorrect responses `200 OK` with a phantom revision

### ROOT CAUSE The issue stems from improper validation in the Conan v2 package registry endpoints. The `/latest` endpoint and the package listing endpoint fail to check the existence of the requested package or revision, leading to incorrect HTTP status codes (200 OK for non-existent packages and 404 for the listing endpoint). This likely occurs because the code does not include existence checks before processing the request. ### CODE FIX To fix this, update the code in the Conan v2 package registry endpoints to include existence checks: 1. **For the `/latest` endpoint:** - Add a check to verify if the package (by name, version, and user) and its revision exist. - If the package or revision does not exist, return a 404 status. 2. **For the package listing endpoint:** - Ensure the code returns the list of packages instead of returning 404. - Only return 404 if there is an error (e.g., unauthorized access). **Example code change (pseudocode):** ```python # In the Conan package controller def show_latest(package_name, version, user, revision): # Check if the package exists if not package_exists(package_name, version, user): return 404 # Validate the revision if not revision_exists(revision): return 404 # Proceed with the request if everything exists ``` ```python # In the package listing controller def index(): # Return the list of packages packages = get_all_packages() return packages, 200 ``` This fix ensures that non-existent packages and incorrect requests are properly handled with 404 responses, while valid requests return the expected data.