Check valid confidence and severity level when parsing

ee/lib/gitlab/ci/parsers/security/common.rb

@@ -58,8 +58,8 @@ module Gitlab
                 name: data['message'],
                 compare_key: data['cve'] || '',
                 location: create_location(data['location'] || {}),
-                severity: parse_level(data['severity']),
-                confidence: parse_level(data['confidence']),
+                severity: parse_severity_level(data['severity']&.downcase),
+                confidence: parse_confidence_level(data['confidence']&.downcase),
                 scanner: scanner,
                 identifiers: identifiers,
                 raw_metadata: data.to_json,
@@ -99,9 +99,16 @@ module Gitlab
             { 'id' => tool, 'name' => tool.capitalize } if tool
           end
 
-          def parse_level(input)
-            input = input&.downcase
-            input.blank? || input == 'undefined' ? 'unknown' : input
+          def parse_severity_level(input)
+            return input if ::Vulnerabilities::Occurrence::SEVERITY_LEVELS.key?(input)
+
+            'unknown'
+          end
+
+          def parse_confidence_level(input)
+            return input if ::Vulnerabilities::Occurrence::CONFIDENCE_LEVELS.key?(input)
+
+            'unknown'
           end
 
           def create_location(location_data)