Strong parameters - strange behaviour when hash keys are composed only with numbers

I’m struggling with strong parameters and the result from the 1-many nested relation. Strange result is returned when hash key is composed of numbers (e.g. “1”, “123”). Have a look at the examples:

# "1" has content filterd and "2" is also on permitted list
irb(main):001:0> ActionController::Parameters.new({a: {b: { "1" => { label: "111" }, "2": { label: "222" } } } }).require(:a).permit(b: { "1" => [:label] })
=> #<ActionController::Parameters {"b"=>#<ActionController::Parameters {"1"=>#<ActionController::Parameters {} permitted: true>, "2"=>#<ActionController::Parameters {} permitted: true>} permitted: true>} permitted: true>

# "a" is filtered out but empty "2" is permitted
irb(main):006:0> ActionController::Parameters.new({a: {b: { "a" => { label: "111" }, "2": { label: "222" } } } }).require(:a).permit(b: { "1" => [:label] })
=> #<ActionController::Parameters {"b"=>#<ActionController::Parameters {"2"=>#<ActionController::Parameters {} permitted: true>} permitted: true>} permitted: true>

# "a" is filtered out "1" is permitted but empty
irb(main):026:0> ActionController::Parameters.new({a: {b: { "1" => { label: "111" }, "a": { label: "222" } } } }).require(:a).permit(b: { "1" => [:label] })
=> #<ActionController::Parameters {"b"=>#<ActionController::Parameters {"1"=>#<ActionController::Parameters {} permitted: true>} permitted: true>} permitted: true>

this result is different compared to the situation when keys are coposed of non-numbers (e,g “a”, “b”):

irb(main):029:0> ActionController::Parameters.new({a: {b: { "c" => { label: "111" }, "d": { label: "222" } } } }).require(:a).permit(b: { "c" => [:label] })
=> #<ActionController::Parameters {"b"=>#<ActionController::Parameters {"c"=>#<ActionController::Parameters {"label"=>"111"} permitted: true>} permitted: true>} permitted: true>

what is more this problem occurs only when keys composed of numbers are used on a deeper hash level. E.g. this examples work as expected:

irb(main):051:0> ActionController::Parameters.new({a: {b: { "1" => { label: "111" }, "2": { label: "222" } } } }).require(:a).require(:b).permit({ "1" => [:label] })
=> #<ActionController::Parameters {"1"=>#<ActionController::Parameters {"label"=>"111"} permitted: true>} permitted: true>

irb(main):055:0> ActionController::Parameters.new({ "1" => { label: "111" }, "2": { label: "222" } }).permit({ "1" => [:label] })
=> #<ActionController::Parameters {"1"=>#<ActionController::Parameters {"label"=>"111"} permitted: true>} permitted: true>

It looks like a bug for me (I was testing on Rails 6.0.3.1, 6.1.0.alpha) but maybe I’m doing something totally stupid - any advice?

After digging into strong parameters test suite I discovered that such keys have special treatment:

irb(main):001:0> ActionController::Parameters.new({a: {b: { "1" => { label: "111" }, "2": { label: "222" } } } }).require(:a).permit(b: :label)
=> #<ActionController::Parameters {"b"=>#<ActionController::Parameters {"1"=>#<ActionController::Parameters {"label"=>"111"} permitted: true>, "2"=>#<ActionController::Parameters {"label"=>"222"} permitted: true>} permitted: true>} permitted: true>

Another nice finding from the test suite it the multi-parameter attributes.